YSK: Your Lemmy activities (e.g. downvotes) are far from private

Edit: obligatory explanation (thanks mods for squaring me away)…

What you see via the UI isn’t “all that exists”. Unlike Reddit, where everything is a black box, there are a lot more eyeballs who can see “under the hood”. Any instance admin, proper or rogue, gets a ton of information that users won’t normally see. The attached example demonstrates that while users will only see upvote/downvote tallies, admins can see who actually performed those actions.

Edit: To clarify, not just YOUR instance admin gets this info. This is ANY instance admin across the Fediverse.

Wander,
@Wander@yiffit.net avatar

To anyone surprised at this: welcome to the fediverse, please treat everyhing you do or say as public.

The way to achieve privacy around here is by following the long forgotten arts of the old internet before Facebook was a thing: use a Nick name and don’t tell strangers on the internet your real identity.

Your home instance will act as a proxy and only they have access to your email and IP address. That does stay private.

So, as long as you trust your home instance to not leak or disclose your connection or sign up data (which would be illegal in EU countries), just sign up with an alias.

A very positive aspects of this is that it should allow us to detect voting manipulation by correlating the activity of certain potentially malicious actors. If Lemmy instances take vote manipulation seriously and do their best to block bots this has the chance to make Lemmy / Kbin much more transparent and credible than Reddit ever was.

confetti_8tVST5,

Heck some of them dont even require the use of email to make an account

TerraNova,

What about post views? Are those also stored?

Yaxoi,

The thing is, there is really no way to know is trustworthy as a home instance…?

IntentionallyAnon,

That is why I am as my username states: intentionally anonymous

DogMuffins,

I whole heartedly agree with this perspective.

Additionally, and this is an unpopular opinion, but trying to maintain a Nick or online identity over many years is folly. You end up with a huge repository of personal information, increasing the risk that it can be connected to you personally.

NorwegianBlues,

This has come up as part of those requests to migrate accounts between instances. “I want a persona that stays with me for years”… Is that actually a good idea though!?

kaba0,

No, an alias will only give you pseudo-anonymity. Even trivial analysis like counting which words occur together frequently in your writings can reveal with very good accuracy any other alt of you, so the available information of you is basically everything you have shared online with enough accompanying self-written text.

deweydecibel,

Also, it’s not just about privacy, it’s about retaliation. It will be the easiest thing in the world for people to put together bots that will track the downvotes on every post they make and automate adding those people to block lists. Suddenly a whole fleet of alts is invisible to the people that would disagree with them.

BitOneZero,

Your home instance will act as a proxy and only they have access to your email and IP address.

Your home image typically doesn’t proxy image loading, those are hotlinked to the Lemmy server that the image was uploaded to. So your IP address and browser string are going to other Lemmy servers.

azuth,

The posts just contain a URL which doesn’t include the uploader’s ip address or their browser string.

BitOneZero,

When the browser loads that URL, hotlinked image, that server has to have your IP address to return the results. Just browsing posts those images are being loaded.

azuth,

Of course. They dont get any info to associate your IP with your lemmy account. You could even not have a lemmy account at all.

abbadon420,

Lol. kids these days would post their bank info online if the banks didn’t prevent them from doing so.

cats,

so would my grandpa

Dave,
@Dave@lemmy.nz avatar

Wasn’t there a twitter account that retweeted people posting photos of their credit cards?

Wander,
@Wander@yiffit.net avatar

I don’t want to shame anyone, but I’ve had people sign up give me their full DoB and offering to show me their ID. I know of people who disclose their id to get access to nsfw discord communities.

RivenRise,

DUDE MY GIRLFRIEND FUCKING DID THAT AND I JUST LOOKED AT HER AND ASKED HER IF SHE THOUGHT THAT WAS A GOOD IDEA. In hindsight no, thankfully she’s gonna be moving soonish. This was from before we were together, otherwise I would have warned her not to do that. It was the same discord she got a cyberstalker from, thankfully the stalker wasn’t a friend of the owner because otherwise he totally could have gotten her address and irl info.

T156,

You say that like A/S/L wasn’t a thing back in the day.

fleabomber,

I got a virus.

Randy_Bobandy,

https://lemmy.ml/pictrs/image/78667500-ad92-42a0-a917-d5da951512be.webm

Trainguyrom,

Flagrant System Error

Computer Over.

Virus = Very Yes

mookulator,

Lol yeah but we were 12 back then and we still understood the internet better than anyone else 🙃

time_lord,

Even back then we were told never to reveal that sort of stuff online. How many of us do you think were telling the truth?

gravitas_deficiency,

You think someone would do that?

Just go on the internet and tell lies?

GBU_28,

19/f/Cali was the only acceptable response

Kolanaki,
@Kolanaki@yiffit.net avatar

666/D/Hell

Ringmasterincestuous,

I think we cybered

assembly,

As I put on my robe and wizard hat…

GBU_28,

Depends, could I have talked some vanilla WoW gold out of you?

edwardbear,

puts on wizard’s hat

sauerkraus,

Yall remember those “your stripper name is the street you grew up on and your pet’s name” challenges? Literally phishing for password recovery keys.

TimewornTraveler,

Edit: Obligatory RIP my inbox.

Can we leave this kinda stuff behind? It is NOT obligatory.

menemen,
@menemen@lemmy.world avatar

Besides that. A “disable inbox notification” option is not available yet, is it?

gsa32,

Redditisms are cringe and always have been. Yes I agree we should leave them behind.

sachasage,

I think nit picking each others speech is the true cringe redditism

Chriszz,

Yes all the bad Reddit jokes and unoriginal lame attempts at garnering upvotes eg making a stupid joke out of a typo (generally unfunny, rare exceptions), I also choose this guy’s wife, take my upvote you bastard, anything along the lines of wow I hate you for making a pun, I’m not crying you are, I feel personally attacked and god knows the list goes on and on

Hopefully these things aren’t just replaced but one can hope

Onionizer,

c/angryupvote

JesusTheCarpenter,

Well, I disagree. Redditsms, or whatever you call them, among other things helped to make reddit as popular as it is (was) right now.

I get you don’t like it personally, but your personal opinion about them being cringe, while respectable, is not a fact.

Bene7rddso,

I agree with both of you. We should leave redditisms behind and create lemmyisms. And yes, they get cringe if overused

Bozicus,

Possibly relatedly, is this a good place to mention beans? I have not figured out where that meme actually came from, but apparently it’s a thing the cool kids are saying.

NotMatt,

I’m going to start throwing “edit: thanks for the gold kind stranger!” on the end of my comments just to induce some nostalgic cringe.

NoTime,

edit: my most upvoted comment is about beans.

teruma,

You are a gentleman and a scholar. /s

Tum,

That’s a pretty common turn-of-phrase in Ireland, I remember hearing it in the early 90s!, and it’s still common to hear it from older generations too. I wouldn’t equate it with reddit slang/culture at all. I wonder when it made its way to reddit?

Cheems,
@Cheems@lemmy.world avatar

This.

EDIT: Thanks for the awards kind stranger!

EDIT 2: Rip my inbox

This is all examples of reddit shit that is really dumb. We don’t need to bring it over here

dukk,

Couldn’t we just use a hash for the usernames instead?

Nothing too over the top, but just a simple hash and match that instead?

Also, there’s way too much trust in instances. Like, one person could easily make a post on lemmy.world, go on their personal instance, and just give themselves, say, 2000 upvotes.

Instances should have their own settings on what instances are allowed to keep a local copy. (Default behavior should be to get the post itself from the instance “hosting” it).

grimsolem,

Couldn’t we just use a hash for the usernames instead?

The hash function would still need to be public to share data between instances.

dukk,

That’s the point of a hash function. You have a public hash function, say SHA-256. It’s easy to check a username against it’s hash, but virtually impossible to reverse the hash back to the username.

Edit: Instead of storing, say, eddie, we’d store 3b9d8298f1b5086d012618feebb2da1a394357c1dab7523443c9f6a743c4c84d. Then when the instance gets a Like from eddie, it hashes his username to get 3b9d8298f1b5086d012618feebb2da1a394357c1dab7523443c9f6a743c4c84d, realizes there’s a match, and doesn’t update the count.

Note that when given 3b9d8298f1b5086d012618feebb2da1a394357c1dab7523443c9f6a743c4c84d, it would take millions of CPU years to compute the original username from it. Therefore, we can check for duplicates without actually checking the name itself (a similar method is used for checking passwords; Lemmy is open source, we know the hashing algorithm, but we can’t unhash user passwords, only check them).

chris,
@chris@l.roofo.cc avatar

If that is a solution you’d need to change the ActivityPub specification. You are more than welcome to submit your idea.

Also, there’s way too much trust in instances. Like, one person could easily make a post on lemmy.world, go on their personal instance, and just give themselves, say, 2000 upvotes.

I’d first have to create 2000 users, then I’d have to send 2000 upvotes. And then I’d get blocked by all instances.

Instances should have their own settings on what instances are allowed to keep a local copy.

This is also not compatible with the ActivityPub spec but even if it were you’d win nothing because as soon as you fetch the post it is still on the server.

lalo,

Hey, just curious: how would all the instances discover this type of fraud?

intensely_human,

I’ll just use my short username then

booty_flexx, (edited )

To illustrate op’s point I’m going to spin up an instance, federate with everyone, and not tell anyone what that instance is.

Then I’m going to feed all that data into my new website, called Open Lemmy Stats, where anyone can query the user data ive accumulated. The homepage will be ripe with insights, leaderboards and all kinds of data on prolific users.

Additionally, I’ll display a snapshot/profile of a random user by feeding that users data to GPT4 to make inferences about the user’s political affiliations and display the results.

Worst of all, I’m not going to out my instance for everyone to know it as the one to defederate. In fact I’m spinning up a few instances that will host innocuous communities that I plan to mod and support to give my instances cover for their true purpose: redundant fediverse datastreams for my site, Open Lemmy Stats.

I’ll also have a store where anyone can buy my collected fediverse data for a handsome sum.

Just kidding I’m not doing any of this. But someone absolutely will or already is.

cousinofjah,

@booty_flexx @muddybulldog do we ever see these fediverse products employing a plugin system where such a bot could be added easily by instances that wanted to?

EurekaStockade,

Honestly, why not? The data is already being recorded. At least this way it’s public and the rest of us get to interact with it. It might even scare a few people into paying attention to the information that they disclose about themselves and increase their digital hygiene.

okamiueru,

If I’m reading it correctly, and please help me out if not: recorded data by the nature of being stored somewhere, should be made public?

That doesn’t make all that much sense. Data retention and access levels should always be tied to a use case that require it. And, there is no “if anything is stored, it should all be public”

EurekaStockade,

recorded data by the nature of being stored somewhere, should be made public?

The difference is that this data can already be surfaced by anyone, all they need to do is spin up a federated instance, so someone could do all the stuff outlined in the parent comment, but keep the results for themselves, or monetise it, build advertising profiles, doxx people, etc.

The data already exists, and it can already be extracted and made public (or used privately). I’m not saying throw open every database to the world, I am saying the world can already access this database, so pretending that it’s not available doesn’t stop bad actors from using it. Might as well make a public tool (that actually sounds kinda cool?) and bring awareness to it.

okamiueru,

Ah, gotcha. I don’t think anyone was saying that the solution was to try to make the problem less visible.

kolorafa,

Red*it can do that too (if not doing it already) but they also have your personal details linked especially when paying for premium :)

deegeese,

Can your instance secretly run a fork that doesn’t respect deletes?

SendMePhotos,

That was pretty interesting. I want to see graphs.

Reliant1087,

I think your comment clearly illustrates what might go wrong with it. If they need this data for sorting or something else absolutely, then I would be happy if they just hashed the usernames/instances or used some other form of UID.

Hard_to_deside,

Jesus Fucking Christ !

deweydecibel, (edited )

And just think how much data you can gather by sending out puppet accounts on various instances, accounts that will serve only to publicly state an opinion, such as “I support this candidate”, so the data on the people who upvote it can be harvested and categorized more easily. There is so much data harvesting potential here with a little imagination, and with a little more, a lot of ways to use that data to influence the way average users engage with the fediverse.

That site would also be a great advertisement for Lemmy. Come here to our decentralized platform, where you can vote…but you better not, lest you end up on the site. What social network wouldn’t grow when users are peer pressured into not using one of it’s basic underlying mechanics that makes the whole thing work?

Smk,

They will know the user but not the person in real life. Even if you know that my user is more conservative on some points or more liberal on others, how can you use that for nefarious action ? Unless you know where I live and who I am, the data is useless.

People need to be aware that sharing your personal information on the internet is never a good idea.

GenderNeutralBro,

It’s very difficult to both A) have meaningful conversations in a public space, and B) conceal your identity from a dedicated adversary. Once a person has a long post history, it’s likely that an observer could narrow down their identity to a very small group, if not a single person. Every post you make reveals something.

Even if you don’t ever explicitly state it, your age range and gender can likely be guessed with high probability by your writing style and/or little tidbits of info you leak without thinking about it. Same for political leanings. You might casually mention the brand of car you drive, or your favorite foods, or just reference something you experienced as a child that is not universal. All of these things leak information, and while each one seems insignificant, in aggregate they can tell a detailed story. Just knowing that you’re a Canadian who speaks both French and English eliminates about 99.8% of the world’s population as possibilities.

Back on Reddit I used to create fresh accounts all the time, but then I’d go and join the same subs, post with the same writing style, and generally express the same worldview. If anybody cared, had a good grasp of statistics, bothered to collect the data, and put in a stupid amount of time to it, they could likely match all of my accounts together. I was never too worried about this because…well I just didn’t care. But I did have a cyberstalker at one point and it made me think.

I wouldn’t be shocked if someone could match me to one or more of my Reddit accounts just from this one comment, tbh. I’m leaking information here like a sieve! Not many people have the skills to do that, and the few who do are unlikely to give a rat’s ass about me. HOWEVER, as AI becomes more advanced, anyone with computer literacy will be able to do analysis in minutes that might currently take an expert days or weeks.

Smk,

I get what you’re saying. I’m not sure if it’s something that is fixable giving that we participate in a public forum. Maybe the federation isn’t a great idea after all, or maybe we overthink it. I don’t know.

pfr, (edited )

I’m almost willing to bet that big tech companies are already doing this. They got the motive and the means. No doubt Meta or Google have dedicated some of their servers to mining our Lemmy data in this way.

Zackyist,

With only around 100k users and most people using anonymous usernames that cannot be connected to their identity it would hardly be worth the effort, time or money.

Quinnel,

You’re looking at this from the wrong point of view. The fediverse is not just lemmy: Threads, Tumblr, even BlueSky (albeit with their own protocol, but anyone could just modify their fediverse enabled app to convert their data to be applicable to BlueSky’s protocol) are quickly setting the stage for a new norm. The more websites integrate the fediverse into their stack, the more data outside the immediate sphere of influence of these major corporations can be harvested. To what ends they’ll use it, I don’t know – but I don’t trust them with it.

stevedidWHAT,
@stevedidWHAT@lemmy.world avatar

Lmao the internet finally realizing what companies and the govt have been doing for decades on the internet

agoramachina, (edited )

You know, I came in here with the mindset that the topic of discussion here isn’t a bad thing; I’m largely pro information-should-be-open-and-available. But you’ve argued a very solid point, and I’ve changed my mind on the issue. I appreciate you sharing this perspective!

stevedidWHAT,
@stevedidWHAT@lemmy.world avatar

With all due respect, figuring out who you are based off what you say in a public setting is already what people do irl

Ubermeisters,

How often are we going to see this postage? I think this is the third time I’ve seen it at least

muddybulldog,

You’re following up to a post made almost 3 months ago so it’s not surprising you’ve seen similar since.

Ubermeisters,

what? oh wow, that is so weird. I’m sorry. I was browsing by Top 6 hour, guess there was a glitch.

muddybulldog,

No worries. The sorting and filtering algorithms definitely need some love.

Bill,

I downvoted the beans and I don’t care who knows about it. I’d do it again.

This is useful to know though, thanks. I guess assume everything is public short of your password (unless your admin is particularly nefarious and has altered the code to store passwords in plaintext for some reason).

vynlwombat,

Probably safer to assume your password is public to

Distributed,

Its not, all passwords are salted and hashed

Bill,

Nah because if you type in your password it will show as stars.

******* see?

theUnlikely,

hunter2

theUnlikely,

Doesn’t look like stars to me.

newIdentity,

That’s because it’s your password. It looks like ******* to me

Bill,

https://lemm.ee/pictrs/image/a1708260-bb19-4048-b8e0-d8d3747be8e6.webp

It worked! It might not look like stars to you because it’s your password.

theUnlikely,

That’s neat. I didn’t know IRC…err… Lemmy did that.

ScaNtuRd,

Not to sound harsh or anything, but those of you saying that it’s okay that all this data is public are insane. This completely goes against the entire philosophy of the Fediverse and FOSS in general. The reason we all are fleeing from Big Tech is because they collect so much data on us. At least, they keep it hidden from public view. This is a major issue in my opinion, and needs to be addressed ASAP before we can claim to have superior platforms on the Fediverse. Why can’t this data at least be encrypted?

JesusTheCarpenter,

You call us insane but you don’t want to be harsh? I wonder what would you call people that are not panicking at even a possibility that anything personal becomes public if you were trying to be harsh.

On a more serious note, I am happy that people like you exist that care about privacy as it benefits everyone overall I guess. But you have to remember that some people, like me, don’t have issues with having their opinions and even some personal data public as long as we are aware that this is the case (which is how I treat all the social media).

For instance, durning my Reddit 7-year tenure I always wrote my comments in a way that if suddenly my employers or friend brought it up, I would not be ashamed of what I wrote.

I am not saying it’s not good to think and discuss about things like that but I would appreciate if you didn’t call people insane that have a very different attitude to you if it comes to internet privacy.

Some people freak out about internet privacy, GMO, sweeteners causing cancer, etc. There are others that don’t.

lippiece,

I think you make a valid point about Lemmy, but “hidden from public”? Big tech literally sells your data for profit.

sab,

This completely goes against the entire philosophy of the Fediverse

Care to elaborate on that? As far as I know this is built in to all the ActivityPub applications.

17000HerbsAndSpices,

What information is stored/publicly accessible for our accounts?

I don’t see it being a problem that your votes are public so long as there’s no way to tie the account to you irl. Like, so long as the instance (? I’m very new here I don’t really understand the data structure) doesn’t store your IP address or anything does it matter?

Like yeah you can see that u/randomdickhead (again, not familiar with naming conventions) upvote some weird shit but so long as that’s where the bill ends that user could just make another account aaaaaaaaaaand… No issue?

If I have the wrong idea please let me know I’m genuinely confused about this

OverdueSandwich,

I agree as in “we need to assure anonymity” although I find complete transperency better than corporate overlords deciding what happens with your data

now atleast you know that everyone that does want to know the information is going to get it [so you can behave yourself ;) ]

orangeboats,

I don’t think it’s possible to encrypt the data.

Say we have a rogue user that sends to the server multiple upvote requests for the same comment, how can the server reject the subsequent requests? After all, we can’t let a user upvote a post or comment multiple times.

If that data is encrypted, the server cannot tell whether the user has upvoted a comment before.

Viking_Hippie, (edited )

Surely the server should be able to identity users “under the hood” without having to publicly announce everything to everyone? I’m not a programmer myself so correct me if I’m wrong, but isn’t preventing unauthorized or otherwise unwelcome actions while permitting intended ones without having to announce it most of what the programming controlling a server DOES?

Surely it should be possible to write code to tell whether someone has already upvoted something and then blocking further upvote requests for that specific thing without letting all the admins of lemmygrad and lemmynsfw, for example, snoop on all users?

PS: my apologies for calling you Shirley twice, u/orangeboats. I’m sure your name is just Shirley, not Shirley Shirley.

ScaNtuRd,

Yeah exactly. And I am not an expert in this field either, but of course there’s a solution, one way or another. The purpose of my above comment was simply just to call out the mindset of a lot of the people on here, whom obviously have no clue about FOSS and privacy, but simply just came over from Reddit. We are at war against Big Tech these days. Our privacy is at risk and our data is being used for population control. It is vital that we have projects like the Fediverse that can counter this, but we will only be successful and win this war if we can implement some true privacy.

Irv,

There might be possible technical solutions to this using hashing. Hashing is like encryption in that the original cannot be extracted, but the hashed result is unique.

For example, a solution would be to have a VOTES table with an indexed column that is a hash of a combination of the user ID, post ID, (and perhaps another “salt”, not sure). When a vote is made, the VOTES table is checked that the record (vote) does not already exist, gets an insert, and then a COUNTER is triggered for the actual vote count. (COUNTER is a db command that simply updates a counter). The hash would prevent multiple votes from the same user (as the salted hash is unique), and it would also prevent identifying who the user is from the table.

orangeboats,

Yeah, I admit that sounds reasonable.

Although that still leaves the question of “is it scalable/performant?” on the table… Lemmy already suffers a lot from server overloading, adding the overhead of cryptographic hashing (anything less than that is not going to ensure uniqueness/true anonymity) to each act of voting surely isn’t going to help.

Edgelord_Of_Tomorrow,

Hashing is a normal part of the web, it’s easily scalable.

Irv,

I really don’t even think the votes table would need to itself be federated; it could just be on the user’s instance. Upvote/downvote would be a call, but it should really only require the post or comment ID and voter instance. If an instance spams votes, those upvotes/downvotes could be deleted and the instance defederated

quintium,

Still you can easily and quickly check if a user has voted on a particular post. While your method makes the tracking process quite a bit slower, it doesn’t make it unrealistic. There just aren’t that many users and posts as is the case with passwords. Still 100% better than the current approach, I hope this gets implemented.

ScaNtuRd,

Well, I am not a developer in this field, so I don’t know what’s possible, and what’s not. All I know is that this needs to be fixed one way or another, or this whole platform will fail. If our information is all available publicly, we will be better off just using Facebook/Reddit/Twitter - at least these platforms don’t leave our data out in public view. We need to stop saying what’s not possible, and instead talk about what is possible.

chris,
@chris@l.roofo.cc avatar

Maybe there is a way to keep you votes hidden but there sure is no way to keep your posts hidden. The whole point of federation is to distribute your post to the other instances. You want eat your cake and have it too. You want to post publicly but stay in control of the message. You are not better off using BigTech because there someone can scrape your data as well. And you don’t even know to how many parties your data is sent without your knowledge. There is no privacy in social media.

ScaNtuRd,

I am not talking about the posts. Of course those are public, as they should. There’s a big difference between data I willingly put out vs. metadata and the likes.

SuRiYa,

deleted_by_author

    •
    ScaNtuRd,

    So you think this is just my problem? No, this is the entire community’s problem. Sticking your head in the sand and pretending like everything is okay is the mindset that has caused so many great freedom-oriented software projects to fail. If you are not on board with creating a better system for the future internet, then why are you even here?

    Fangslash,

    I don’t think you’re been harsh lol, the right to secrete ballot is literally in the universal declaration of human rights.

    Open ballot is a well known method for intimidating and blackmailing participants, it’s absolutely crazy that Fedivese operates this way. But even worse, seeing so many people here supports it.

    OmniGlitcher,

    Agreed, I am incredibly confused by what seems to be the majority reaction to this.

    I’ve never been particularly involved with the FOSS community, though I do use a few FOSS apps and generally appreciate their view on what FOSS means. I also strongly appreciate data privacy, and it was my observation that the FOSS community was (generally) relatively the same way. So to see this reaction is very surprising. It’s quite literally the same terrible argument of “Why fear it if you have nothing to hide” used against multiple data privacy concerns throughout the years.

    I think the worst are the bad faith “But Reddit…!” arguments. For one, we’re not on Reddit anymore, this is about Lemmy’s issues that can be corrected. And for two, whilst Reddit potentially outsourcing that data to the highest bidder is far from ideal, at the very least the data wasn’t outright PUBLIC to anyone who wishes to set up a simple server.

    ScaNtuRd,

    Exactly. When data like that is public, I can guarantee you 10000% that Big Tech and governments are harvesting ALL of it as we speak. If this issue is not resolved and TRUE privacy is not implemented sooner rather than later, Lemmy will not succeed in the Fediverse, period.

    chris,
    @chris@l.roofo.cc avatar

    If you want privacy you need to use an encrypted chat. You can’t have privacy in a public space. That is like stand in the middle of a market place, screaming out your thoughts and then being upset that someone writes them down. It sure would be nice if our data wasn’t harvested, but that is not the world we live in. So if you want to say something in private you need to choose a private platform. Otherwise assume that Big Tech and World Governments are listening.

    ScaNtuRd,

    There’s a huge difference between what I choose to put out in public vs. data that’s being collected on me just by browsing the site. Saying “it’s just the world we live in” is just an excuse to ignore the real issues. It is more crucial now than ever that we create a system that’s by and for the people, not Big Tech and governments.

    Smk,

    It seems that what you would like is something like 4chan, where the post will get deleted if it’s not popular. But even that, there is no way to prevent data harvesting. If it’s public, then it is public. There is nothing you can do about it. Encryption wouldn’t solve anything either because you want this data to be read by everyone so you cannot really encrypt it.

    The fediverse is kind of the same as a public room where anyone can come in and just listen, take note, see who is talking and respond in the same way.

    This is the point of social media. If you don’t want to participate in it because of privacy, then don’t and just lurk (or listen) like most people do.

    By definition, if it’s on the internet, it’s pretty much there forever. People need to be careful on what they share on the public space, in the same way you would when talking to a big crowd. You are not talking with your friends here, you are talking to the world. If you are any privacy, you just cannot have it here. That’s impossible.

    chris,
    @chris@l.roofo.cc avatar

    You say these issues can be corrected but I am not sure they can. ActivityPub is a protocol managed by the W3C. So to have different behavior You’d have to change the specification there. That is possible but it will take some time. Still you’d need a way to make votes not bound to a user and still hard to spoof. That sounds hard. Apart from that upvotes and downvotes are not really the most interesting datapoints you can gather. You can still collect posts. These can’t be obfuscated. There is simply no way to have an open network where you can share data between servers where you can make sure that no one harvests the data. It is simply not possible. As soon as it is public it is public. This has nothing to do with FOSS. If you have a solution you can implement it. That is what it means. If you have one then go ahead.

    OmniGlitcher,

    You’d have to change the specification there. That is possible but it will take some time.

    Then they should do so, these issues need to be fixed ASAP.

    Still you’d need a way to make votes not bound to a user and still hard to spoof.

    Obfuscating user IDs via a hash or something would seem like the way to make it work. I’m not a professional programmer, I only know a little bit of python, so I have no idea if I’m talking nonsense on that front. And whilst still not an ideal solution, but sharing non-private votes with your own instance admin and have them share only the total vote count with other instances is another solution. That way you need only trust your instance admin, which is choosable and can also be yourself.

    That is what it means. If you have one then go ahead.

    Putting the onus on me is a shitty thing to do. I’m not the one running this site in any capacity, but this is an issue that many users are unhappy with. If the issue with the site won’t or even can’t be fixed, then I will simply not use the site. I don’t know how many people feel the same on that front, but I’d imagine there’s quite a few.

    Serinus,

    then I will simply not use the site

    Maybe that’s what you should do. But don’t do it as a protest. Do it because you don’t want to share that data publicly.

    The entire point of social media is sharing things publicly. If you’re worried about people collecting that data, then you shouldn’t have put it in public.

    There aren’t good ways to keep a public secret. That’s inherent to how information works and not a failing of ActivityPub. It’s the same reason media will never stop being pirated. If I can see/hear it, I can repeat it.

    OmniGlitcher,

    But don’t do it as a protest. Do it because you don’t want to share that data publicly.

    I mean yeah, that’s what I’d do it for. It’s a suggestion for the site and it’s a sentiment that seems to be shared by several people here, but it ultimately falls down to me to decide whether or not I want to continue using it, much the same as with my usage of Reddit.

    If you’re worried about people collecting that data, then you shouldn’t have put it in public.

    Voting is a core functionality of the site. It’s something I don’t think should be public as it puts more emphasis on what content I interact with in what is now apparently a public manner. If you want to debate that a mere vote is something I shouldn’t put in public, then fine, you do you. But for me, it defeats half the point of me even having an account here. What one comments on are often an incredibly small portion of what one actually votes on simply by ease of voting.

    And I know I said “But Reddit…!” is a bad argument earlier, but even so, I’d like to say that even Reddit’s voting is not publicly accessible (as in not accessible by other users, even if Reddit almost certainly collects and sells such data), so clearly there should be ways to do it. If ActivityPub requires public voting and the people who have the ability to change it are unwilling or even unable to do so, then fair enough. But equally, I will refrain from contributing to such a site, which seems like a bit of a shame when it seems close to ideal otherwise.

    Serinus,

    clearly there should be ways to do it

    Your votes on Reddit are public to Reddit admins. On Lemmy anyone can be an admin.

    Giving vote totals without names makes the system ripe for fraud and abuse. In real life votes the decision to make votes public or private is a major one. In a system like Lemmy, the problems with private votes are exaggerated, and the problems with public votes are much smaller. Your Lemmy name shouldn’t be tied to your real name. It’s unlikely anyone is going to coerce your vote like they might coerce your political vote.

    If you’re concerned about anonymity, maybe use more than one name or a different name so that your account isn’t so easily tied back to you.

    The purpose behind having votes be more public is to have some kind of reputation behind those votes. It’s still possible to shill, but it requires more depth and and effort, and the shills may still be discovered if there are too many.

    chris,
    @chris@l.roofo.cc avatar

    Putting the onus on me is a shitty thing to do

    You are the person who has a problem with that and you mentioned FOSS. It is easy to complain. FOSS gives you the tools to change things. But you have to put in the work. You are the one putting the burden the change something to your liking on others instead of doing to yourself.

    Obfuscating user IDs via a hash or something would seem like the way to make it work. I’m not a coder, so I have no idea if I’m talking nonsense on that front. And whilst still not an ideal solution, but sharing non-private votes with your own instance admin and have them share only the total vote count with other instances is another solution. That way you need only trust your instance admin, which is choosable and can also be yourself.

    Both of your ideas are not compatible with ActivityPub as far is I can see. So you first need to change the specification and then make everyone adopt the specification. Before that any change would make your software incompatible with the rest of fediverse which is counter the idea.

    And all of that because people could be mad about a downvote. I am an instance admin. I was downvoted before. I never even thought about looking up who downvoted me. I know people are different but to be honest if someone looks it up and harasses you then you block them. And I really can’t imagine that your vote on a post with a pseudonym is really a very useful datapoint for anyone.

    I agree that these things have to be communicated better but I don’t even know how we would make people aware of this. No one reads disclaimers.

    gravitas_deficiency,

    Woah woah woah. Hold the phone. You’re telling me that things that I post… on the internet… are… PUBLIC???

    u202307011927,

    Here’s something I didn’t know until I was in my thirties!!

    sproketboy,

    Here’s an upvote to add to the database.

    eierkuchen,

    I like how you two think

    two_wheel2,

    Now I only upvote in comments so they’re super public.

    !UPVOTE

    AncientMariner,

    Not post, upvote. I find it interesting that you like Asian Babes (obviously you don’t, it’s just some information you wouldn’t expect to be public or shared).

    trachemys,

    All the more reason to keep a different alt for each area of interest.

    fuckyou_m8,

    OK so let’s tell the regular user “hey come to lemmy, but don’t forget to keep multiple accounts because here everyone can spy on you”

    That’s not a good message

    OmniGlitcher,

    Ah yes, because the practical option is to be constantly switching accounts and instances based on what you want to look at for 5 minutes each.

    Bozicus,

    I find it’s possible to be logged into two instances on the same browser, so it doesn’t need to be more difficult than switching tabs. (That may change, I don’t know whether it’s technically desirable, but if it’s relevant to someone’s interests…)

    deweydecibel, (edited )

    deleted_by_author

    •
    InternetTubes,

    This isn’t reddit, you can just move on to another server. Reddit did have bots doing things like that, banning people that say participated in the prolife sub. If it happens here, people can notice and begin criticizing the Nazi, which will make his actions al the more evident.

    Darkassassin07,
    @Darkassassin07@lemmy.ca avatar

    While I agree this shouldn’t be so publicly accessible, I’m curious about the possible benefits of limited sharing between instances to give spam/bot detection tool’s more power.

    Users on A vote on a post on B. The admins from A and B can see the fine details of who did what, but the admins of C (and all of the general users regardless of instance) just see totals of up/down votes.

    QuadratureSurfer,
    @QuadratureSurfer@lemmy.world avatar

    Ideally, detecting bots should be up to the Admins. They should have access to the vote information, and they can share the tools with other admins to detect it. But the average user should not have unrestricted access to this data.

    sauerkraus,

    The average user can run their own instance as an admin.

    QuadratureSurfer,
    @QuadratureSurfer@lemmy.world avatar

    Let me be a little more clear, the Admins of your account’s particular instance should be the only ones that have access to your votes.

    Now the question remains about when your account posts/comments into a different instance, who should have access to those votes? Perhaps your instance has a way of obfuscating the votes of any user coming from your instance, or else only the admins of the community that you’re posting into will have access to your votes?

    The problem really comes down to how we avoid the problem with duplicating votes. Currently this is easy as each vote is public so every instance can verify the correct vote count. But implementing either of the solutions above will need a way to verify the correct number of votes.

    To top it off you would also need a way to detect if a malicious instance had come along and started lying about how many votes had been cast.

    One thing we can look at under the hood would be how cryptocurrency works as they have solved both the problem of duplicate values as well as the ability to trust those values being sent. All of the code is free and open source so we can pick out the parts that we need and reuse it. (And no, I’m not telling people to go out and buy crypto).

    Z Cash would be a particularly good one to look at as it ensures a “zero knowledge” (or “zero trust”) method of sending the values across “nodes” (or in our case “instances”). Using this, who is voting on what would be hidden, but we could ensure that the values are correct.

    Additionally you could probably throw out the second hashing algorithm altogether and just keep the Blake2b hashing algorithm as this one is far more efficient and quick to compute (and that second algorithm was mostly thrown in to prevent people with specialized hardware from being able to come in and beat anyone else running on just a GPU/CPU). github.com/zcash/zcash

    However, using this particular method would make it so that not even the instance admins would be able to view the details of anyone’s votes (which may be a good thing after all if we decide that any random instance admin is not to be trusted).

    sauerkraus,

    There’s no need to complicate things by bringing crypto buzzwords into it. It’s already been solved faster, better, and easier just like everything else cryptobros invent a problem for.

    QuadratureSurfer,
    @QuadratureSurfer@lemmy.world avatar

    The crypto example was only a suggestion because they have simply solved the exact same problem we are looking at: duplicate votes (transactions) and verifying the results while being able to hide it.

    I would love to hear any other suggestions that people may have that solve these problems. Copying open source code from crypto isn’t the only option. So let’s look for solutions instead of dismissals (unless you’re arguing for keeping votes public of course).

    Bozicus,

    I agree with you about harassment issues, and the importance of controlling the transfer of admin-level data between instances, but for your last scenario, doesn’t blocking only apply to users who are logged in? Assuming your hypothetical tankies and Nazis were actually posting as well as blocking, it would be easy to find them just by logging out, and there are a lot of ways to get them banned or otherwise counteract their activities that don’t require someone to interact directly with them while logged in. The case you’re describing is not the kind of situation where the most important action is to argue with them. Arguing with extremists usually just validates their delusions, and encourages them to keep doing what they’re doing.

    DurianLongan,

    I could say something about how great Nazis are right now, and have a bot programmed to read every single person that downvoted me, add those names to a shared blocklist, and viola, I’ve made myself and all my alts invisible to the people that would challenge me on a massive scale.

    Damn

    Zeus,

    alternatively, if votes were private, you could spin up a bot network to mass upvote your comment; making it far more influential as most people are more inclined to believe statements they think others also feel. thankfully, votes are open, so you can’t

    as long as there is a system, people will try to game the system; and when there is a new system, people will come up with new games

    CoolSouthpaw,

    Oh no, so my upvotes on c/spacedicks aren’t private?

    /s

    icedcoffee,

    Just commenting so this stays one of the most commented posts. Feel free to keep scrolling

    Weirdbeardgame,
    @Weirdbeardgame@lemmy.ml avatar

    Yes … That’s how social networking works. ANY site you go to will have this much info if not more since most “social networks” want YOU. Your personal info etc. Lemmy is just a username attached to posts and comments. So in a way it’s actually less than other networks like meta for instance

    Darkassassin07,
    @Darkassassin07@lemmy.ca avatar

    The difference is on Reddit/Twitter/FB/etc the only people with that kind of access are employees hired by those platforms. It’s out of your hands, but not public data.

    With lemmy, any random person can spin up an instance, federate it, and view that data. It’s openly available to the public, just with a few extra steps.

    A lurker on reddit leaves no public info, just a username and an account age while still being able to up/down vote.

    That same lurker here would leave a trail of up/down votes that can be viewed by anyone who knows where to look.

    Arfman,

    Wait, is there a granular way to give access to my information? Like say I don’t mind people seeing my comment history but would like to hide what posts and comments I upvote and downvote.

    muddybulldog,

    Not really. It’s a side effect of federation. The information is propagated much further than one might initially think. Even if your instance doesn’t display upvotes, it doesn’t stop any other instance in the federation from doing so.

    lightrush,
    @lightrush@lemmy.ca avatar

    More like a side effect of sending data to third parties. Whether it’s email or messages, you can’t control what happens with that data on the other end unless you control both ends. But then you’re talking to yourself.

    athlon,

    For as much as I love Lemmy, its obvious that it is an early software. Mark my words, that’s not the last privacy threat it will experience.

    JesusTheCarpenter,

    What privacy threat? How is your privacy suddenly exposed by your like or dislike on the post as opposed to this comment?

    bug,

    Essentially you’re giving away a lot more info about yourself than you might realise. If someone who takes an unfriendly interest in you wants to, they can probably find out a lot more info about your habits, likes, dislikes, interests, political views, waking hours, etc than just what you’ve publicly commented!

  • All
  • Subscribed
  • Moderated
  • Favorites
  • youshouldknow@lemmy.world
  • DreamBathrooms
  • everett
  • osvaldo12
  • magazineikmin
  • thenastyranch
  • rosin
  • normalnudes
  • Youngstown
  • Durango
  • slotface
  • ngwrru68w68
  • kavyap
  • mdbf
  • InstantRegret
  • JUstTest
  • ethstaker
  • GTA5RPClips
  • tacticalgear
  • provamag3
  • Leos
  • modclub
  • khanakhh
  • cubers
  • cisconetworking
  • megavids
  • anitta
  • tester
  • lostlight
  • All magazines
    •