LCARS:Digital Safety

From LCARS

Recommended tools:

  • LibreOffice: An open source office suite.
  • Krita: An open source graphics program.
  • GIMP: An open source graphics program.
  • Inkscape: An open source vector art program.
  • Nextcloud: An open source federated file hosting platform.
  • 1Password: A paid subscription password management service.
  • Bitwarden: A password management service with both free and paid tiers of service.
  • Aegis: A two-factor authenticator app.

Read on for more information about them and what they're replacing.

AI

AI or LLM is a generative tool for text and other data sets that strings data together based on probability that they're "correct", or at least correctly shaped for the prompt. These often do not include guidelines to ensure that the "answer" they're returning is accurate. It is technology that large companies and rich people are trying to leverage to replace human workers, it is not very good at many of the jobs it's being applied to, and it is often trained on datasets that are stolen data — data that is either scraped without permission from public websites, or that was "sold" by large companies that do not give their users reasonable warning and make it "opt out" instead of "opt in". As it is applied today by most companies, it is unethical. This is without taking into account the large amounts of environmental damage these companies cause when building large data centers to run these power hungry services.

As more and more "free"[1] services push AI on us, we need to be vigilant to avoid their slop polluting our game. We have a no AI content rule because the point of The Emperor is to have fun writing with our friends. Letting a text generation algorithm "write" for us defeats the purpose. Using tools to "correct" our writing takes what makes it distinct out of our story telling. Using a program to make pictures of our characters for us uses stolen data to create something that's hollow.

The obvious things to avoid are the AI chat services such as ChatGPT and Grok[2]. But AI is slipping into more and more programs and platforms day by day: it is now baked into Adobe Creative Suite, Gmail and Google Drive/Docs, and Microsoft Word and Windows. Some of these can't be turned off, unfortunately, and others you have to dig into the settings to disable them. There are alternatives out there which do not have AI baked in.

Consider using open source alternatives where you can. For document editing, LibreOffice is a fantastic word processor with writing, spreadsheet, presentation, and other capabilities similar to Microsoft Word, including being able to open and save as native Microsoft filetypes. Graphics programs such as Krita, GIMP, and Inkscape can do many of the same things that Adobe Creative Suite can. Gmail can have its AI tools turned off, and after you've been in the game long enough to make veteran player status we do offer you an email address on the RP's domain which does not have AI "services". Likewise, Google Drive/Docs can be replaced with Nextcloud, which you also can have an account on the game's instance once you reach veteran player status, and you can host your own instance that can talk to others to share files and collaborate.

Replacing Windows is a bigger project, and there are a number of tutorials out there to assist in disabling the AI baked into the OS as well. Both of those topics are well beyond the scope of this document, but if you ask on our Discord server, Amy will be happy to help you find the resources on both.

Cloud Computing

Cloud Computing is marketing speak for remotely using someone else's computer. Be it for hosting websites, backing up your data, data crunching, what have you. There's is nothing inherently wrong with doing this, it's the backbone of the modern web in fact. The challenge is ensuring you trust the company that's hosting your data. To some degree, if you're paying for it, they have certain obligations to render the service they promised you in exchange for your money, but if you're getting the service for free, you're subject to the whims of your host on what you can and can't do with their service, and they may not respect the privacy of your data. If the service is free, it is best to assume they are looking through your data, though most likely in an automated manner with AI tools and the like.

To that end, always make sure that you keep a copy of your cloud data somewhere fully in your control as well. Yes, that online backup is intended to cover you if something happens to your physical device, but that goes the other way too. If something happens to your cloud provider, the copy of your data on your physical device is your backup. Also consider having a second physical backup such as an external drive or burned media, and check it regularly to ensure that the data is still readable. We're starting to learn that solid state drives can fail if they're not powered on regularly, and burned media (CDs and DVDs) will start to degrade over time just from the nature of the materials they're made of.

It's also important to know that what you're storing in the cloud may be subject to being inspected by your host. Google has been found to be deleting documents in peoples' Drive that they have deemed adult in nature—and some people have claimed they've deleted things that are not adult content while claiming it is—so you have to assume that anything you put into the cloud will be looked at by others even if it claims to be secured, especially if it's a free service, but sometimes even if you're paying. Avoid saving sensitive data on cloud services if you can help it, and if you must use a cloud service for sensitive data, such as a password manager or a chat platform, take the time to look into what they do to ensure your privacy. Look for services that use end to end encryption, that make their code publicly auditable, and use a warrant canary to indicate if they've been subject to government search orders. If you're not comfortable doing this research yourself, you can find people you trust who can recommend services.

Password Managers

It seems like every website these days wants you to create an account, and make it difficult to use the site without one. Sometimes you can work around this, but a lot of the time you can't and end up with a lot of passwords to keep track of. The typical human brain can only remember so many things, and the password reset process on many of these sites are annoyingly complicated or frustrating to navigate. Some people just use the same password across multiple sites to get around this, but as more and more sites have data leaks, people have accounts on multiple websites compromised just from one leak and it's bad for everyone involved.

The recommended solution is to get a password manager service. This way you can have one master password used to access your vault, and all your various site credentials can be saved within. The password manager can even generate passwords that are harder for programs to guess by being truly random.

While you can use the one offered in your web browser, this can become challenging to sync across multiple devices. If you're using the same browser on your phone, tablet, and personal computers, there will usually be a service that will sync between them (such as your Google account with Chrome, or Firefox Sync with Firefox), but they still often lack the extra features and peace of mind that a service that's dedicated to only providing password management services can provide.

Using a provider such as 1Password (requires paid subscription) or Bitwarden (both free and paid subscription options) comes with the ability to share specific logins or whole vaults with other people (coworkers, friends, family, etc), and keep notes for easy access.

Two-factor Authentication

It's also recommended you turn on two-factor authentication (2fa for short) for accounts that offer it. This makes it harder for people to access your accounts without your permission because they'll need more than just your username and password to login. While many sites will default to using text message or email for this, it's recommended you use a dedicated authenticator app, as email or text message can potentially be taken over or accessed by a third party[3]. There are a number of these available in your phone's app store, going with any of the top rated ones is usually fine, but if using the Google one, consider turning off the sync/backup services since Google has shown itself to have no qualms with looking through peoples' personal data as shown with their deleting Google Drive/Docs files, and they do not give you an option to save it anywhere else. I personally use Aegis, which allows me to save a backup file where I wish for easy moving to a new device or recovery if something happens to my old devices.

If you use email and text message for 2fa, consider adjusting your phone to not show the content of your texts and emails on your lock screen, so that your phone will need to be unlocked to access the 2fa code. Also make sure that you save the backup codes somewhere only you can access, but you won't lose them, when you set up the 2fa app. This way if something happens and you lose the device your authenticator app is on, you can still access your accounts.

  1. While the user may not pay money for these services, they're usually paid for with ad views, data collection, and other methods that effectively make the free users the "product" that is sold to third parties.
  2. Especially avoid Grok as it is the pet project of fascist techbro Elon Musk and as such pushes right wing propaganda and bigotry.
  3. this is uncommon, but it has happened
Retrieved from "https://lcars.sfintel.space/index.php?title=LCARS:Digital_Safety&oldid=1116"