The Future of Oppaitime

I want Oppaitime to have a future, but I don't want that future to include me.

This whole post is going to be somewhat rambling and uncertain. I have some thoughts and guiding directions that I want to share with the community, but I have not yet solidified them into any sort of plan. It's my hope that most people won't need to care about this at all, but for those that do I want to make sure you aren't in the dark.

I intend to fully wind down my involvement in OT, over a period of time that I have not yet determined (probably a few months?). This is hard, because I am the last remaining involved staff member, and the site is not currently able to manage without fairly frequent maintenance. My first thought was to find someone else to take over the site, but the more I think about it the less I feel it's an option. Many people joined this site because they trusted the staff who ran it at the time. I cannot in good conscience hand the personal information of those people over to a new owner without their explicit consent, and there is no way to reliably acquire such consent. There are too many users who will never read this news post but exist nonetheless. I briefly considered setting up a grace period where users who don't mind can give their consent for a change of ownership, and at the end of the period anyone who didn't consent would have their account wiped - but looking at some numbers I expect the participation to be too low for the end result not to be devastating. It's not like I have a successor in mind anyway.

So the other option, which is what we're gonna try, is to get OT into a state where it can run without a human operator. This has always been a sort of toy-goal anyway, and a few decisions were made with this potential future in mind, but not enough and not reliably. Over the next few months, I intend to address all the issues I'm aware of that make the site require human intervention. Loosely, these are:
Re-enable requests. These require manual approval, even though I apply the exact same criteria to all of them that could easily be carried out by a computer
Downtime. Currently OT goes down fairly frequently and needs a human to reboot the server. This appears to stem from a problem with our host, and they have let us know how they think we can work around it, but it involves rebuilding the server, which I just haven't gotten around to doing.
Security and privacy. We have quite a few security and privacy features that in some way depend on human involvement. The biggest ones are our partial database encryption and personal information expunge requests. In order to provide a baseline of security regardless of the hosting platform, we add a layer of encryption to personal information such as IP history, email history, private messages, etc. This is encrypted with a key that only ever exists in-memory, and that key must be manually entered by a site operator whenever the server is rebooted. For many of the same reasons that I don't want to pass the site to a new owner without the consent of every user, I also don't want to downgrade the security of existing user information without consent. After a lot of thought, I think the best way to solve this is to just not store most of this information. The site will continue working fine without storing email or IP history, though we will need to remove some functionality that depends on them. There will no longer be a reason for expunge requests, as there will be nothing to expunge. We will need to turn off location verification at login, because the site will no longer know where to expect you to login from (I have gotten reports that this is often too aggressive anyway, so some will see it as a welcome removal). Much of the site's anti-abuse systems will need to be disabled, but those systems have caught pretty much no abuse ever anyway. Once all this gone, I will transition the in-memory key to be an on-disk key for backwards-compatibility, but pretty much the only thing it will be encrypting anymore is PMs. Our host uses full-disk-encryption already, so there will be little to no additional security provided by the partial database encryption going forward.
Moderation. There are currently a few users who are manually granted abilities that other users don't have (editing, recruiting, etc). If there are no site operators and these users eventually leave as well, there will be nobody left to perform those functions, and no way for anyone to gain those abilities. I have not worked out exactly how each permission should work, but I think I'll probably just make them dependent on user rank, and trust that users who have invested so much into the site won't abuse their power to make things hard on others. As I typed that, I realized that I will probably need to revisit that assumption later.

I have already been minimizing my involvement with the site over the last couple of years, which is why there have been no new features added to OT and existing problems haven't been properly fixed. The above represents what I think is necessary to get my involvement to effectively zero. There will continue to be no new feature work, but I will try to resolve the existing issues without causing new ones.

Thanks for sticking with us over the last 11 years, and hopefully you can stick around for many more. On your own.

s***