I find your suggestions on better questions to get more achievable types of evidence very useful. @Manuel_Allgaier and me will ask them or similar ones on the EA Berlin Slack, a German EA Telegram channel and in the FB group you mentioned.
[...] a strong prior in favor of valuing extra marginal security more than the convenience weโd lose in order to achieve that.
Yes, that is a good way to rephrase my position.
Google may be more vulnerable to breaches, but it seems much less likely than a small private server to lose data because someone makes a technical error or loses a key password.
This is probably a central crux for some. If you came to believe that the risk of data loss through admin error on a self-hosted system were lower than the breach-risk at Google, would that change your view on the convenience-security trade-off?
If you came to believe that the risk of data loss through admin error on a self-hosted system were lower than the breach-risk at Google, would that change your view on the convenience-security trade-off?
I donโt think itโs about total likelihood of an event, but expected impact of said event. And because I have very weak priors about the likelihood of either event, getting any new information would probably change my view about the trade-off in some way.
But changing my view on the trade-off looks more like โI now think EA funders should be open to spending $X per year on this rather than $Yโ or โI now think groups with risk profile X should now be willing to switch even if their activity drops 10%โ, rather than coming to believe something more sweeping and conclusive about the entire topic.
Thank you Aaron for the thoughtful reply.
I find your suggestions on better questions to get more achievable types of evidence very useful. @Manuel_Allgaier and me will ask them or similar ones on the EA Berlin Slack, a German EA Telegram channel and in the FB group you mentioned.
Yes, that is a good way to rephrase my position.
This is probably a central crux for some. If you came to believe that the risk of data loss through admin error on a self-hosted system were lower than the breach-risk at Google, would that change your view on the convenience-security trade-off?
I donโt think itโs about total likelihood of an event, but expected impact of said event. And because I have very weak priors about the likelihood of either event, getting any new information would probably change my view about the trade-off in some way.
But changing my view on the trade-off looks more like โI now think EA funders should be open to spending $X per year on this rather than $Yโ or โI now think groups with risk profile X should now be willing to switch even if their activity drops 10%โ, rather than coming to believe something more sweeping and conclusive about the entire topic.