Why to save LFGSS and what it looks like (the legal way)

It occurs to me this morning that even assuming the community is held together via the life raft of Discord, that there are reasons to save this technology and to keep using it.

Namely:

• This website does not track you, snitch on you, leak your data.
  
• It is privacy conscious, to the extreme of scrubbing outbound links to prevent tracking.
  
• It is privacy conscious, to the extreme of only embedding things (like YouTube) in a no cookie / non-tracking way.
  
• It has the best UX/UI of any forum or community website, in large part due to simplicity, font choice, size of fonts... and just keeping things so simple and plain that the web browser you choose gives you control over how it appears.
  
  

So... even assuming the community stays together, even looking at Discord as the best of the bunch... this technology is pretty good.

This post and thread then... a recipe for how to do this the legal way.

For this recipe, you will need (at least):

• 1 x Company Director, establish a CIC, and this person takes the standard responsibilities of a company director, as well as being the "officer" for the Online Safety Act... you take all the liability and risk... it's your job to make sure papers are filed, and truly your job is to reduce your risk.
  
• 1 x Secretary / Treasurer, you need a place to receive donations, reimburse bills, which is likely Open Collective, and you need to ensure that the company paperwork is in order including AGM and meeting notes, records of decisions, etc.
  
• 1 x Tech people, this is essentially the person who reboots servers, manages the infra, tweaks code if needed
  
• 2 x Moderators, you need two to ensure you can respond in a timely way when the other is not available, you may need three or more
  
  

That is the list of critical roles that you absolutely must fill.

Additionally, nice-to-haves:

• 1 x Programmer, because you will need to build some new moderation tools and no-one else is coming to do it... if there can be 3-4 of these people you stand a better chance at getting it done.
  
  

That's what I've been doing, all of that... though I gave up on running a CIC when the donations were so low that it was just an overhead expense and the liability didn't scare me as the risk was so low... the risk is not low now, and the liability greater... so yes you'd want a CIC.

I'd still be tempted, if I were you, to move the hosting to Germany, as it's slightly cheaper and because the object storage (attachments, files, etc) are located there it would actually make the site more performant.

I'd also still be tempted, if I were you, to complete the work I started on rewriting the frontend in Go... it would reduce your operational costs further, and make it really trivial to deploy the site anywhere and to update it in future... and more to the point, you're going to need to build moderation tools and the old Django is going to make this very hard, but having all the code in Go will make it significantly easier.

Then you finally need to access the braintank of legal support on here (it's pro-bono, forumengers who are very talented and qualified, but no-one can give indemnity or underwrite legal advice given pro-bono) to help with the OSA risk assessment, compliance docs.

After the risk assessment is done, it will tell you what you need to do to mitigate risk, we are likely "Medium risk" and "Multi-risk", all forums are, so we will be obliged to implement technical solutions to social problems, such as scanning of DMs, URLs, and file uploads, and providing a better reporting button and things like "hide the post automatically if not moderated within n hours"... those tools also need defences, don't underestimate the likelihood of an automated "report every comment" triggering the hiding of all comments on the whole site, so you need to detect bad actors in the moderation process too, and you probably need more queries / reports to find stalkers / harassers, i.e. "find the top people who replied to person A" so that if person A reports being stalked / harassed online that you can quickly verify with data whether that appears to be the case... to mitigate risk requires some tech work.

This is the legal way :) It can be done, in this scenario I'd help as an advisor only, may touch code and servers when needed, but would no longer do the Director, Treasurer, Moderator roles... and only at the very most I'd be a faceless techie to help in the worst incidents based on my experience, nothing more, likely less.