How good is security for LessWrong and the Alignment Forum?

post by Quintin Pope (quintin-pope) · 2021-10-04T22:27:24.604Z · LW · GW · 1 comment

This is a question post.

Contents

  Answers
    39 jimrandomh
    21 habryka
None
1 comment

As far as I can tell, LessWrong/Alignment Forum haven’t been noticeably attacked or disrupted. However, I’m concerned that could change because:

So my questions are:

Thank you very much to Lightcone Infrastructure and the LessWrong team for your work. I’d be glad for any insight they (or anyone else) can share.

Answers

answer by jimrandomh · 2021-10-05T00:18:22.156Z · LW(p) · GW(p)
  • Does Lightcone contract with any external security experts or penetration testers?
  • Are the any plans to implement two factor authentication for LW/AF?

No to both. I believe our software architecture is pretty good from a security perspective, but it's never had an outside audit and I expect a thorough search by an expert would turn up something. Private messages sent through LW/AF are probably more secure than an average phpBB, but I wouldn't recommend using them for serious secrets; the PM system is there to make pseudonymous authors contactable, not to be a serious competitor to email.

  • Are there any planned responses if automated trolling/astroturfing attacks become much more common/advanced, as seems plausible with the rise of strong language models?

Every user goes into a moderation queue when they make their first post or comment, or votes more than a certain number of times. The current configuration is that when a user is in the moderation queue, their posts are hidden and their comments are visible, but we can also hide comments from unreviewed users on short notice if we need to. 

We generally don't approve users if their writing isn't better than GPT-3, even if they turn out to be human. If we got so much language-model spam such that we could no longer reasonably process the moderation queue, this would effectively mean that only established accounts could post/comment, until we came up with some other solution for sorting through the submissions. We also use ReCaptcha and Akismet, which filter out the stuff that's obvious-enough spam that it isn't worth putting in the moderation queue.

LessWrong has a significant advantage over most of the rest of the web, in that our commenting standards are high enough that there's no overlap between the comments that spambots are able to generate, and the comments that users we want around generate.

  • Are there plans for secondary hosting providers, in case Amazon/the US become hostile?

We haven't arranged with any specific hosting providers, but back when Parler got kicked off AWS, we looked into this and concluded that Parler only had trouble because they had made some remarkably poor technical choices, and we would without much difficulty be able to migrate to any one of hundreds of commodity hosting services, in less time than the amount of notice Parler got.

  • Is there some way we can download and backup all public conversations hosted on LW/AF?

These are already being collected by GreaterWrong, by archive.org, and by anyone subscribing to the main RSS feeds. If you want your own private mirror of LessWrong/AF, the GreaterWrong software may be what you're looking for.

  • Relatedly, how are backups handled for LW/AF?

The database is snapshotted nightly and stored in Amazon's infrastructure.

comment by habryka (habryka4) · 2021-10-05T02:54:51.890Z · LW(p) · GW(p)

Ah, didn't see this before I wrote my comment. This all seems correct to me, my comment has a bit of additional flavor but basically says the same thing.

answer by habryka · 2021-10-05T02:52:28.242Z · LW(p) · GW(p)

Here is my current take on security for the site: 

  • We pay enough attention to security that I think it's unlikely we will accidentally dump our whole database to the internet.
  • I think any sophisticated attacker who is willing to spend something like 50-100 hours on trying to get into our system, can probably find some way to get access to most things in our database.
  • We do obvious things like encrypt passwords and salt hashes, so I don't think there is any way I know of for an attacker to reverse-engineer secure user passwords (though having access to the hash is still often useful).
  • The javascript ecosystem in general, and the way we have been using it, has a lot of attack surface, and I expect that there are probably some vulnerabilities in libraries we are using on the backend, that allow some kind of code execution, though I do think it would require a good amount of work to find them.
  • I think it's reasonable to assume that if any nation state or sophisticated group of attackers wants access to your PMs, votes and drafts, they can probably get it somehow, either by attacking the client, infecting an admin or moderator, or just directly hacking our server somehow.
  • This overall puts somewhat of an upper bound on how useful additional focus on security would be, since I currently think it would be very hard to harden our system against sophisticated attackers. I currently would not treat LW or the AI Alignment Forum as particularly secure, and if you want to have conversations with individuals that will not be accessible by potential sophisticated attackers, I would use something like Signal. In general, there isn't a lot of private information on LessWrong (outside of PMs and votes, and maybe drafts), so I don't tend to think of security as a top priority for the site (though I still think a good amount about security, and am also not treating it as super low priority, but it isn't one of the things the whole site was architected around).
  • I am not currently very worried about astroturfing or trolling, mostly because we are currently still capable of reviewing all content posted to the site, and can individually review each, and I think that's a pretty high barrier for language models to overcome. If even I can't tell the difference between a bot and a person anymore, then yeah, I am not super sure what to do. We could do some kind of identity verification with passports and stuff, but I would prefer to avoid that.
  • We run some basic statistics on vote patterns and would notice if suddenly some new set of accounts were starting to vote a lot and influence site content a lot. I would also likely notice myself that something is off with that kinds of things are getting upvoted and downvoted and would likely investigate.
  • The internet archive tends to have backups of all publicly available pages.
  • We handle our own backups on AWS, and I tend to download one every few months to some hard drive somewhere.
  • Changing hosting providers would be annoying, but not super hard. My guess is it would take us less than three days to be back up and running if AWS no longer likes us.

1 comment

Comments sorted by top scores.

comment by Gunnar_Zarncke · 2021-10-05T20:58:35.194Z · LW(p) · GW(p)

As the content is public, I'm not worried about the site functioning so much. My biggest worry is a disruption of the community. The AI safety sub-community, in particular, seems important though it probably doesn't depend on LW to function. I don't know how much influx it causes but it seems relevant. As jimrandomh writes, trolling is probably not a problem but there are quite a few events that could trouble - and tech may be a factor in scaling them. It would interesting to monitor health stats like average sentiment or look for controversial patterns (Sort By Controversial).