YSK: Your Lemmy activities (e.g. downvotes) are far from private

IHangBananas, 11 months ago

I have actually been really surprised by the amount of anti free speech and anti privacy attitudes that I have seen since joining Lemmy. It seems that a lot of the people that made Reddit the shit hole that it was, are the ones who have been early adopters of Lemmy.

God I miss Voat, that was true free speech with a heavy emphasis on privacy.

imPastaSyndrome, 11 months ago

Who has the ‘anti-privacy attitudes’?

I miss voat

With an even larger emphasis on being a piece of shit.

IHangBananas, 11 months ago

Right, calling me a piece of shit because I miss Voat.

You are EXACTLY the type of person I am referring to.

Izzy, 11 months ago

Does anybody know if your subscriptions can be seen by admins of other instances? It doesn’t seem like that information would need to be shared, but maybe it is anyway.

dukk, 11 months ago

Couldn’t we just use a hash for the usernames instead?

Nothing too over the top, but just a simple hash and match that instead?

Also, there’s way too much trust in instances. Like, one person could easily make a post on lemmy.world, go on their personal instance, and just give themselves, say, 2000 upvotes.

Instances should have their own settings on what instances are allowed to keep a local copy. (Default behavior should be to get the post itself from the instance “hosting” it).

grimsolem, 11 months ago

Couldn’t we just use a hash for the usernames instead?

The hash function would still need to be public to share data between instances.

dukk, 11 months ago

That’s the point of a hash function. You have a public hash function, say SHA-256. It’s easy to check a username against it’s hash, but virtually impossible to reverse the hash back to the username.

Edit: Instead of storing, say, eddie, we’d store 3b9d8298f1b5086d012618feebb2da1a394357c1dab7523443c9f6a743c4c84d. Then when the instance gets a Like from eddie, it hashes his username to get 3b9d8298f1b5086d012618feebb2da1a394357c1dab7523443c9f6a743c4c84d, realizes there’s a match, and doesn’t update the count.

Note that when given 3b9d8298f1b5086d012618feebb2da1a394357c1dab7523443c9f6a743c4c84d, it would take millions of CPU years to compute the original username from it. Therefore, we can check for duplicates without actually checking the name itself (a similar method is used for checking passwords; Lemmy is open source, we know the hashing algorithm, but we can’t unhash user passwords, only check them).

chris, 11 months ago

If that is a solution you’d need to change the ActivityPub specification. You are more than welcome to submit your idea.

Also, there’s way too much trust in instances. Like, one person could easily make a post on lemmy.world, go on their personal instance, and just give themselves, say, 2000 upvotes.

I’d first have to create 2000 users, then I’d have to send 2000 upvotes. And then I’d get blocked by all instances.

Instances should have their own settings on what instances are allowed to keep a local copy.

This is also not compatible with the ActivityPub spec but even if it were you’d win nothing because as soon as you fetch the post it is still on the server.

lalo, 11 months ago

Hey, just curious: how would all the instances discover this type of fraud?

randint, 11 months ago

That’s cool

MiddleWeigh, 11 months ago

Shortly after joining I realized I was being a bit too honest on here lol. Can’t help it. Haven’t been on SM in a few days, in hiding from people, now back to my ditch to die. Love you!

Send_me_nude_girls, 11 months ago

I’m already questioning the whole system behind it, not just votes.

Say you have critical information that you want to delete but other instances can just ignore this deletion request, than I could technically write a plugin that uses an extra instance, to always display all deleted comments to me, despite me being a regular user.

For other sites you’d need a crawler, catching this information and all this in a rapid fashion to be usable, with a lot of programming extra work.

At this point we can as well remove the option to delete or edit a comment as everyone can host their own, which wouldn’t be possible with proprietary tools.

If someone can simply see votes the same way, we can as well add a mouse hover function that will display the username of whoever upvoted.

amki, 11 months ago

Say you have critical information that you want to delete

Then you shouldn’t have uploaded it publicly.

other instances can just ignore this deletion request, than I could technically write a plugin that uses an extra instance, to always display all deleted comments to me

The same was always possible with Reddit and was even implemented. Why is this a problem now?

For other sites you’d need a crawler

Only if they don’t have an API.

Send_me_nude_girls, 11 months ago

People can accidentally reveal there identity or post something, notice this is too private edit or delete it. The chance for someone to have seen it in 1 second is low. The chance for a bit to have crawled that thread, with that comment, is higher but still low as it requires infrastructure, that costs money and a little skill to setup. Something someone for a simple plugin won’t do.

If anyone can host a Lemmy instance and you just need to filter that one line of code that’s for forwarding delete or edit requests, you can just push that info into a separate view. You now just need a plugin that will poll from the instance that’s not complying to delete requests and display them to the user. Hell that’s something even I could do quickly if I ever feel bored.

amki, 11 months ago

Hosting (or simply just using) a crawler takes less resources and skill than hosting Lemmy let alone modify it the way you intend.

Send_me_nude_girls, 11 months ago

Yes, I know, every CS student can program a crawler. I explained in another comment why it’s still a huge difference.

Maybe if hosting a Lemmy instance is that hard, it’s enough? I don’t know.

muddybulldog, 11 months ago

I found hosting a Lemmy instance pretty easy but I admit I have the experience to readily recognize how fucked the Lemmy docker-compose example is.

No clue whatsoever how to write a crawler.

yooman, 11 months ago

While I agree with others that it is perfectly fine for everything to be irrevocable like email is (there’s no real way the system could work otherwise), I do think the Lemmy web UI and popular Lemmy native clients could do a better job making sure users are aware of that. Maybe when writing a comment there could be a little info bar that says “Content posted to Lemmy cannot be permanently deleted. (Learn more)”. And then when you click Delete on something, it could have a similar explanation, adding something like “Deleting this comment will remove it from the feed/thread, but it can still be retrieved from the federated database by any instance administrator. (Learn more)”

I think it is still useful to have a Delete function, or maybe rename it to “Remove” or something, because maybe you realize what you wrote isn’t contributing to the discussion or for some other reason isn’t useful for most people to have in their feed. There’s a difference between deleting data and removing content from the canonical “discussion”, and just because we can’t have the former doesn’t mean there’s no value in the latter. Also, the delete function does have meaningful effects like making it impossible for people to reply to the deleted comment, which can still help with harassment. 99.9% of users will never see that comment again.

Bozicus, 11 months ago

I agree that it’s good to have some kind of deletion, even if it’s not really getting rid of the content. Nothing is ever really gone on the internet, but there is value in communicating to others that you meant to retract a comment.

stappern, 11 months ago

im ok with it.

Guilvareux, 11 months ago

Obviously, this isn’t ideal. But this isn’t as damning as some of the other commenters believe.

The way reddit operates, is that they are “trusted” with all our data. They can (and do), sell any data they like, to whomever they like. They store much more information than simply who upvoted what. They can’t simply allow upvotes with no claimant, they’d have no way of stopping or identifying bots or illegitimate upvotes.

This system is not ideal, but it’s also not necessarily worse. We’re still operating under that system, the only real difference is, we get to choose who that trusted party is. We get to move instances if the hosters interests become misaligned with our own.

Ultimately, there needs to be a smart solution to this problem to ensure it’s not abused. We can’t completely remove collection of the data, otherwise upvotes will be meaningless and hijacked by agendas. We can’t simply encrypt the data, if there’s a genuine use for it (which we’ve discussed), who SHOULD be allowed to decrypt it?

I completely understand the concern, and I share it. But this isn’t an issue so much with Lemmy, it’s an issue with upvotes on distributed social media.

Edit: Okay, ANY instance admin is where the issue lies. That much I agree with.

ScaNtuRd, 11 months ago

There’s a huge difference between Reddit keeping our data “locked away” on their private server vs. a system that puts it all out in public view. You can bet your behind that Big Tech and governments are harvesting ALL of it as we speak. This is MUCH worse than Reddit just selling some data to a few third party actors.

Guilvareux, 11 months ago

I completely agree that sharing it with other instances is a problem.

You can bet your behind that Big Tech and governments are harvesting ALL of it as we speak.

This is super nitpicky, but assuming it exposed even a minute amount of the data that Reddit freely ships to whoever buys it (including governments), I actually think it’s far less likely to be seen. Social media companies are well-known to freely give access to anything law enforcement, governments or advertisers would like. Most if not all, have exposed APIs which allow law enforcement at least to collect almost any data at their leisure. This data is packaged up by the orgs who have the data.

Scraping Lemmy for this information would require their own solutions, and backends to handle all the data. Here in the UK, our tecnically-inept government famously broke their multi-billion COVID test-and-trace system because the excel spreadsheet they used as a database, ran out of lines…

Even assuming it’s true that all of these groups have bothered to make their own solutions and bought server space to store the data themselves for a relatively tiny (certainly until very recently), the only data they get is who liked what post/comment.

That is a small snowflake compared to the iceberg that other social media organizations collect, package and sell. Facebook for example collect enough data that they earn more per user than Netflix.

Certainly, as Lemmy and ActivityPub gain more traction, this is a privacy hole which deserves some consideration, and should be immediately plugged. But I just don’t think it’s in the same solar system as exposing data to any social media site.

Grimpen, 11 months ago

I think that the best solution is probably “best practices” and defederatiom used to enforce some sort of minimal Code of Conduct wrt the actual mechanics of running an instance.

Otherwise, the only other way I could see to address this is to lump some data at the instance level. I.e. each instance simply reports a total of upvotes and downvotes from it’s instance, and you just have to trust the instances to behave. There might be some checks to make sure the vote totals are plausible.

FreeFacts, 11 months ago

I think that the best solution is probably “best practices” and defederatiom used to enforce some sort of minimal Code of Conduct wrt the actual mechanics of running an instance.

In reality, this will be the end of small instances. Only feasible way to enforce this is federation whitelists, and it will be very hard to get whitelisted. Not necessarily a bad thing in the big scheme of things when we weight the positives and negatives, but still sucks for anyone “self hosting” an instance.

Grimpen, 11 months ago

True. Any random unverified instance could be set up just to harvest data from the Fediverse.

i_Cal, 11 months ago

I’m torn on this personally, I like the transparency and accountability aspect, but this could be used in a harmful way

ScaNtuRd, 11 months ago

Not to sound harsh or anything, but those of you saying that it’s okay that all this data is public are insane. This completely goes against the entire philosophy of the Fediverse and FOSS in general. The reason we all are fleeing from Big Tech is because they collect so much data on us. At least, they keep it hidden from public view. This is a major issue in my opinion, and needs to be addressed ASAP before we can claim to have superior platforms on the Fediverse. Why can’t this data at least be encrypted?

JesusTheCarpenter, 11 months ago

You call us insane but you don’t want to be harsh? I wonder what would you call people that are not panicking at even a possibility that anything personal becomes public if you were trying to be harsh.

On a more serious note, I am happy that people like you exist that care about privacy as it benefits everyone overall I guess. But you have to remember that some people, like me, don’t have issues with having their opinions and even some personal data public as long as we are aware that this is the case (which is how I treat all the social media).

For instance, durning my Reddit 7-year tenure I always wrote my comments in a way that if suddenly my employers or friend brought it up, I would not be ashamed of what I wrote.

I am not saying it’s not good to think and discuss about things like that but I would appreciate if you didn’t call people insane that have a very different attitude to you if it comes to internet privacy.

Some people freak out about internet privacy, GMO, sweeteners causing cancer, etc. There are others that don’t.

lippiece, 11 months ago

I think you make a valid point about Lemmy, but “hidden from public”? Big tech literally sells your data for profit.

sab, 11 months ago

This completely goes against the entire philosophy of the Fediverse

Care to elaborate on that? As far as I know this is built in to all the ActivityPub applications.

17000HerbsAndSpices, 11 months ago

What information is stored/publicly accessible for our accounts?

I don’t see it being a problem that your votes are public so long as there’s no way to tie the account to you irl. Like, so long as the instance (? I’m very new here I don’t really understand the data structure) doesn’t store your IP address or anything does it matter?

Like yeah you can see that u/randomdickhead (again, not familiar with naming conventions) upvote some weird shit but so long as that’s where the bill ends that user could just make another account aaaaaaaaaaand… No issue?

If I have the wrong idea please let me know I’m genuinely confused about this

OverdueSandwich, 11 months ago

I agree as in “we need to assure anonymity” although I find complete transperency better than corporate overlords deciding what happens with your data

now atleast you know that everyone that does want to know the information is going to get it [so you can behave yourself ;) ]

orangeboats, 11 months ago

I don’t think it’s possible to encrypt the data.

Say we have a rogue user that sends to the server multiple upvote requests for the same comment, how can the server reject the subsequent requests? After all, we can’t let a user upvote a post or comment multiple times.

If that data is encrypted, the server cannot tell whether the user has upvoted a comment before.

Viking_Hippie, 11 months ago (edited 11 months ago)

Surely the server should be able to identity users “under the hood” without having to publicly announce everything to everyone? I’m not a programmer myself so correct me if I’m wrong, but isn’t preventing unauthorized or otherwise unwelcome actions while permitting intended ones without having to announce it most of what the programming controlling a server DOES?

Surely it should be possible to write code to tell whether someone has already upvoted something and then blocking further upvote requests for that specific thing without letting all the admins of lemmygrad and lemmynsfw, for example, snoop on all users?

PS: my apologies for calling you Shirley twice, u/orangeboats. I’m sure your name is just Shirley, not Shirley Shirley.

ScaNtuRd, 11 months ago

Yeah exactly. And I am not an expert in this field either, but of course there’s a solution, one way or another. The purpose of my above comment was simply just to call out the mindset of a lot of the people on here, whom obviously have no clue about FOSS and privacy, but simply just came over from Reddit. We are at war against Big Tech these days. Our privacy is at risk and our data is being used for population control. It is vital that we have projects like the Fediverse that can counter this, but we will only be successful and win this war if we can implement some true privacy.

Irv, 11 months ago

There might be possible technical solutions to this using hashing. Hashing is like encryption in that the original cannot be extracted, but the hashed result is unique.

For example, a solution would be to have a VOTES table with an indexed column that is a hash of a combination of the user ID, post ID, (and perhaps another “salt”, not sure). When a vote is made, the VOTES table is checked that the record (vote) does not already exist, gets an insert, and then a COUNTER is triggered for the actual vote count. (COUNTER is a db command that simply updates a counter). The hash would prevent multiple votes from the same user (as the salted hash is unique), and it would also prevent identifying who the user is from the table.

orangeboats, 11 months ago

Yeah, I admit that sounds reasonable.

Although that still leaves the question of “is it scalable/performant?” on the table… Lemmy already suffers a lot from server overloading, adding the overhead of cryptographic hashing (anything less than that is not going to ensure uniqueness/true anonymity) to each act of voting surely isn’t going to help.

Edgelord_Of_Tomorrow, 9 months ago

Hashing is a normal part of the web, it’s easily scalable.

Irv, 11 months ago

I really don’t even think the votes table would need to itself be federated; it could just be on the user’s instance. Upvote/downvote would be a call, but it should really only require the post or comment ID and voter instance. If an instance spams votes, those upvotes/downvotes could be deleted and the instance defederated

quintium, 11 months ago

Still you can easily and quickly check if a user has voted on a particular post. While your method makes the tracking process quite a bit slower, it doesn’t make it unrealistic. There just aren’t that many users and posts as is the case with passwords. Still 100% better than the current approach, I hope this gets implemented.

ScaNtuRd, 11 months ago

Well, I am not a developer in this field, so I don’t know what’s possible, and what’s not. All I know is that this needs to be fixed one way or another, or this whole platform will fail. If our information is all available publicly, we will be better off just using Facebook/Reddit/Twitter - at least these platforms don’t leave our data out in public view. We need to stop saying what’s not possible, and instead talk about what is possible.

chris, 11 months ago

Maybe there is a way to keep you votes hidden but there sure is no way to keep your posts hidden. The whole point of federation is to distribute your post to the other instances. You want eat your cake and have it too. You want to post publicly but stay in control of the message. You are not better off using BigTech because there someone can scrape your data as well. And you don’t even know to how many parties your data is sent without your knowledge. There is no privacy in social media.

ScaNtuRd, 11 months ago

I am not talking about the posts. Of course those are public, as they should. There’s a big difference between data I willingly put out vs. metadata and the likes.

SuRiYa, 11 months ago

deleted_by_author

ScaNtuRd, 11 months ago

So you think this is just my problem? No, this is the entire community’s problem. Sticking your head in the sand and pretending like everything is okay is the mindset that has caused so many great freedom-oriented software projects to fail. If you are not on board with creating a better system for the future internet, then why are you even here?

Fangslash, 11 months ago

I don’t think you’re been harsh lol, the right to secrete ballot is literally in the universal declaration of human rights.

Open ballot is a well known method for intimidating and blackmailing participants, it’s absolutely crazy that Fedivese operates this way. But even worse, seeing so many people here supports it.

OmniGlitcher, 11 months ago

Agreed, I am incredibly confused by what seems to be the majority reaction to this.

I’ve never been particularly involved with the FOSS community, though I do use a few FOSS apps and generally appreciate their view on what FOSS means. I also strongly appreciate data privacy, and it was my observation that the FOSS community was (generally) relatively the same way. So to see this reaction is very surprising. It’s quite literally the same terrible argument of “Why fear it if you have nothing to hide” used against multiple data privacy concerns throughout the years.

I think the worst are the bad faith “But Reddit…!” arguments. For one, we’re not on Reddit anymore, this is about Lemmy’s issues that can be corrected. And for two, whilst Reddit potentially outsourcing that data to the highest bidder is far from ideal, at the very least the data wasn’t outright PUBLIC to anyone who wishes to set up a simple server.

ScaNtuRd, 11 months ago

Exactly. When data like that is public, I can guarantee you 10000% that Big Tech and governments are harvesting ALL of it as we speak. If this issue is not resolved and TRUE privacy is not implemented sooner rather than later, Lemmy will not succeed in the Fediverse, period.

chris, 11 months ago

If you want privacy you need to use an encrypted chat. You can’t have privacy in a public space. That is like stand in the middle of a market place, screaming out your thoughts and then being upset that someone writes them down. It sure would be nice if our data wasn’t harvested, but that is not the world we live in. So if you want to say something in private you need to choose a private platform. Otherwise assume that Big Tech and World Governments are listening.

ScaNtuRd, 11 months ago

There’s a huge difference between what I choose to put out in public vs. data that’s being collected on me just by browsing the site. Saying “it’s just the world we live in” is just an excuse to ignore the real issues. It is more crucial now than ever that we create a system that’s by and for the people, not Big Tech and governments.

Smk, 11 months ago

It seems that what you would like is something like 4chan, where the post will get deleted if it’s not popular. But even that, there is no way to prevent data harvesting. If it’s public, then it is public. There is nothing you can do about it. Encryption wouldn’t solve anything either because you want this data to be read by everyone so you cannot really encrypt it.

The fediverse is kind of the same as a public room where anyone can come in and just listen, take note, see who is talking and respond in the same way.

This is the point of social media. If you don’t want to participate in it because of privacy, then don’t and just lurk (or listen) like most people do.

By definition, if it’s on the internet, it’s pretty much there forever. People need to be careful on what they share on the public space, in the same way you would when talking to a big crowd. You are not talking with your friends here, you are talking to the world. If you are any privacy, you just cannot have it here. That’s impossible.

chris, 11 months ago

You say these issues can be corrected but I am not sure they can. ActivityPub is a protocol managed by the W3C. So to have different behavior You’d have to change the specification there. That is possible but it will take some time. Still you’d need a way to make votes not bound to a user and still hard to spoof. That sounds hard. Apart from that upvotes and downvotes are not really the most interesting datapoints you can gather. You can still collect posts. These can’t be obfuscated. There is simply no way to have an open network where you can share data between servers where you can make sure that no one harvests the data. It is simply not possible. As soon as it is public it is public. This has nothing to do with FOSS. If you have a solution you can implement it. That is what it means. If you have one then go ahead.

OmniGlitcher, 11 months ago

You’d have to change the specification there. That is possible but it will take some time.

Then they should do so, these issues need to be fixed ASAP.

Still you’d need a way to make votes not bound to a user and still hard to spoof.

Obfuscating user IDs via a hash or something would seem like the way to make it work. I’m not a professional programmer, I only know a little bit of python, so I have no idea if I’m talking nonsense on that front. And whilst still not an ideal solution, but sharing non-private votes with your own instance admin and have them share only the total vote count with other instances is another solution. That way you need only trust your instance admin, which is choosable and can also be yourself.

That is what it means. If you have one then go ahead.

Putting the onus on me is a shitty thing to do. I’m not the one running this site in any capacity, but this is an issue that many users are unhappy with. If the issue with the site won’t or even can’t be fixed, then I will simply not use the site. I don’t know how many people feel the same on that front, but I’d imagine there’s quite a few.

Serinus, 11 months ago

then I will simply not use the site

Maybe that’s what you should do. But don’t do it as a protest. Do it because you don’t want to share that data publicly.

The entire point of social media is sharing things publicly. If you’re worried about people collecting that data, then you shouldn’t have put it in public.

There aren’t good ways to keep a public secret. That’s inherent to how information works and not a failing of ActivityPub. It’s the same reason media will never stop being pirated. If I can see/hear it, I can repeat it.

OmniGlitcher, 11 months ago

But don’t do it as a protest. Do it because you don’t want to share that data publicly.

I mean yeah, that’s what I’d do it for. It’s a suggestion for the site and it’s a sentiment that seems to be shared by several people here, but it ultimately falls down to me to decide whether or not I want to continue using it, much the same as with my usage of Reddit.

If you’re worried about people collecting that data, then you shouldn’t have put it in public.

Voting is a core functionality of the site. It’s something I don’t think should be public as it puts more emphasis on what content I interact with in what is now apparently a public manner. If you want to debate that a mere vote is something I shouldn’t put in public, then fine, you do you. But for me, it defeats half the point of me even having an account here. What one comments on are often an incredibly small portion of what one actually votes on simply by ease of voting.

And I know I said “But Reddit…!” is a bad argument earlier, but even so, I’d like to say that even Reddit’s voting is not publicly accessible (as in not accessible by other users, even if Reddit almost certainly collects and sells such data), so clearly there should be ways to do it. If ActivityPub requires public voting and the people who have the ability to change it are unwilling or even unable to do so, then fair enough. But equally, I will refrain from contributing to such a site, which seems like a bit of a shame when it seems close to ideal otherwise.

Serinus, 11 months ago

clearly there should be ways to do it

Your votes on Reddit are public to Reddit admins. On Lemmy anyone can be an admin.

Giving vote totals without names makes the system ripe for fraud and abuse. In real life votes the decision to make votes public or private is a major one. In a system like Lemmy, the problems with private votes are exaggerated, and the problems with public votes are much smaller. Your Lemmy name shouldn’t be tied to your real name. It’s unlikely anyone is going to coerce your vote like they might coerce your political vote.

If you’re concerned about anonymity, maybe use more than one name or a different name so that your account isn’t so easily tied back to you.

The purpose behind having votes be more public is to have some kind of reputation behind those votes. It’s still possible to shill, but it requires more depth and and effort, and the shills may still be discovered if there are too many.

chris, 11 months ago

Putting the onus on me is a shitty thing to do

You are the person who has a problem with that and you mentioned FOSS. It is easy to complain. FOSS gives you the tools to change things. But you have to put in the work. You are the one putting the burden the change something to your liking on others instead of doing to yourself.

Obfuscating user IDs via a hash or something would seem like the way to make it work. I’m not a coder, so I have no idea if I’m talking nonsense on that front. And whilst still not an ideal solution, but sharing non-private votes with your own instance admin and have them share only the total vote count with other instances is another solution. That way you need only trust your instance admin, which is choosable and can also be yourself.

Both of your ideas are not compatible with ActivityPub as far is I can see. So you first need to change the specification and then make everyone adopt the specification. Before that any change would make your software incompatible with the rest of fediverse which is counter the idea.

And all of that because people could be mad about a downvote. I am an instance admin. I was downvoted before. I never even thought about looking up who downvoted me. I know people are different but to be honest if someone looks it up and harasses you then you block them. And I really can’t imagine that your vote on a post with a pseudonym is really a very useful datapoint for anyone.

I agree that these things have to be communicated better but I don’t even know how we would make people aware of this. No one reads disclaimers.

sab, 11 months ago

For transparency, this is what a Like payload looks like. The first part is just context for the activitiypub protocol and is pretty much the same for each message. The second part contains the actual data of the message, and the most personal detail in it is the url of your own profile, and the url of the post/comment you like:

<pre style="background-color:#ffffff;">
<span style="color:#323232;">{
</span><span style="color:#323232;">	</span><span style="font-weight:bold;color:#183691;">"@context"</span><span style="color:#323232;">: ["https://www.w3.org/ns/activitystreams", "https://w3id.org/security/v1",
</span><span style="color:#323232;">	{
</span><span style="color:#323232;">		</span><span style="font-weight:bold;color:#183691;">"lemmy"</span><span style="color:#323232;">: "https://join-lemmy.org/ns#",
</span><span style="color:#323232;">		</span><span style="font-weight:bold;color:#183691;">"litepub"</span><span style="color:#323232;">: "http://litepub.social/ns#",
</span><span style="color:#323232;">		</span><span style="font-weight:bold;color:#183691;">"pt"</span><span style="color:#323232;">: "https://joinpeertube.org/ns#",
</span><span style="color:#323232;">		</span><span style="font-weight:bold;color:#183691;">"sc"</span><span style="color:#323232;">: "http://schema.org/",
</span><span style="color:#323232;">		</span><span style="font-weight:bold;color:#183691;">"ChatMessage"</span><span style="color:#323232;">: "litepub:ChatMessage",
</span><span style="color:#323232;">		</span><span style="font-weight:bold;color:#183691;">"commentsEnabled"</span><span style="color:#323232;">: "pt:commentsEnabled",
</span><span style="color:#323232;">		</span><span style="font-weight:bold;color:#183691;">"sensitive"</span><span style="color:#323232;">: "as:sensitive",
</span><span style="color:#323232;">		</span><span style="font-weight:bold;color:#183691;">"matrixUserId"</span><span style="color:#323232;">: "lemmy:matrixUserId",
</span><span style="color:#323232;">		</span><span style="font-weight:bold;color:#183691;">"postingRestrictedToMods"</span><span style="color:#323232;">: "lemmy:postingRestrictedToMods",
</span><span style="color:#323232;">		</span><span style="font-weight:bold;color:#183691;">"removeData"</span><span style="color:#323232;">: "lemmy:removeData",
</span><span style="color:#323232;">		</span><span style="font-weight:bold;color:#183691;">"stickied"</span><span style="color:#323232;">: "lemmy:stickied",
</span><span style="color:#323232;">		</span><span style="font-weight:bold;color:#183691;">"moderators"</span><span style="color:#323232;">:
</span><span style="color:#323232;">		{
</span><span style="color:#323232;">			</span><span style="font-weight:bold;color:#183691;">"@type"</span><span style="color:#323232;">: "@id",
</span><span style="color:#323232;">			</span><span style="font-weight:bold;color:#183691;">"@id"</span><span style="color:#323232;">: "lemmy:moderators"
</span><span style="color:#323232;">		},
</span><span style="color:#323232;">		</span><span style="font-weight:bold;color:#183691;">"expires"</span><span style="color:#323232;">: "as:endTime",
</span><span style="color:#323232;">		</span><span style="font-weight:bold;color:#183691;">"distinguished"</span><span style="color:#323232;">: "lemmy:distinguished",
</span><span style="color:#323232;">		</span><span style="font-weight:bold;color:#183691;">"language"</span><span style="color:#323232;">: "sc:inLanguage",
</span><span style="color:#323232;">		</span><span style="font-weight:bold;color:#183691;">"identifier"</span><span style="color:#323232;">: "sc:identifier"
</span><span style="color:#323232;">	}],
</span><span style="color:#323232;">	</span><span style="font-weight:bold;color:#183691;">"actor"</span><span style="color:#323232;">: "--URL OF THE USER PROFILE--",
</span><span style="color:#323232;">	</span><span style="font-weight:bold;color:#183691;">"object"</span><span style="color:#323232;">: "--URL OF THE POST OR COMMENT--",
</span><span style="color:#323232;">	</span><span style="font-weight:bold;color:#183691;">"type"</span><span style="color:#323232;">: "Like",
</span><span style="color:#323232;">	</span><span style="font-weight:bold;color:#183691;">"id"</span><span style="color:#323232;">: "-- URL TO THE INSTANCE THAT PASSED THE MESSAGE--",
</span><span style="color:#323232;">	</span><span style="font-weight:bold;color:#183691;">"audience"</span><span style="color:#323232;">: "-- URL TO THE COMMUNITY THE POST IS PART OF--"
</span><span style="color:#323232;">}
</span>

muddybulldog, 11 months ago

Good stuff. That’s my entire motivator, transparency. KBin makes it obvious that up/down isn’t anonymous, Lemmy doesn’t. Much like Reddit, Lemmy also doesn’t delete posts, they just get tagged as deleted and not shown via the interface.

When literally anybody in the world can be an admin with no vetting process and no “internal controls” that you would expect from a commercial platform, having a clear view of how things work is critical so that people can make informed decisions on how (or even if) they use the platform.

Zoldyck, 11 months ago

It shouldn’t be like that. I hope it gets changed.

Dran_Arcana, 11 months ago

Transparency is the only way auditing and validation can be done. People should own their actions.

UnbeatenDeployGoofy, 11 months ago

Everyone can be an admin then everyone sees everything

stevedidWHAT, 11 months ago

We’re posting on a public forum bro…

There is nothing new or concerning about people extrapolating potentially false or truthful things about you based off of what you’ve said in the past.

If you guys are seriously going to paranoid about upvote and downvote visibility, you should check out the Snowden documents and see all the surveillance that the govt already does and has been doing on you, your data, and your social contacts.

Everyone is being critical about the new internet site which is fine but it feels like paranoia

Veltoss, 11 months ago

Same. I understand why it’s like that, all instances need to be able to see the information. But there must be a way to do this without the instances understanding exactly which users are doing what. Something like zkproofs or hashes or whatever (I’m not a programmer, clearly), there is surely some way to do it while maintaining some privacy.

It gives a lot of data on users to see exactly what they upvote and downvote. Especially with AI being able to go through that data very quickly. It wouldn’t be hard to find out a user’s political leanings, general IRL location, age, gender, so many personal details they don’t want to share that could be used against them through advertising or worse.

Bozicus, 11 months ago

I think I personally give out more information in what I say than how I vote, and I think that’s going to be true for a lot of people here. I want to share, and that requires me to sacrifice some privacy.

No shade intended, but if you’re concerned about what your voting history will say about you, you might consider not interacting with posts at all, and if you’re really concerned, don’t curate a news feed, either. It’s totally fine to browse logged out if you really want to be safe. I think any level of concern about privacy is valid, but it’s useful to think about the whole picture when you evaluate your risk tolerance.

Veltoss, 11 months ago

Unless you don’t vote on much, I think you underestimate how much information can be attained from the pure data of up/down votes.

There is also the fact that people traditionally vote on stuff they wouldn’t comment on because they see it as more private.

Bozicus, 11 months ago

I agree that a lot of information can be inferred from vote history, that’s not what I meant. I’m sorry if I came across as trying to minimize the risk there.

What I meant is that exponentially more information of the type you describe can be inferred from post history, particularly for those of us who use this space to connect with other members of marginalized groups we belong to. Voting history is a minor risk to me when just the fact that I have replied with “I have also had this experience” to a certain post or posted a meme in a certain group could cause serious trouble for me in my offline life. I don’t understand the use case where someone would become concerned about privacy because they found out their vote history could be accessed by unknown parties if they weren’t already concerned about privacy because their posts and comments are visible to anyone and everyone.

I guess the tl;dr is that I just don’t understand how the hyper focus on the risks associated with voting history is consistent with an assessment of personal risk in a broader sense. I am conscious of taking a huge risk by being on the fediverse, and I decided it was worth it. The stakes were high enough to begin with that I just assumed that the only source of privacy I had would come from anonymity, not the technology, which might be why I am confused by some of the responses I am seeing.

y5d, 11 months ago (edited 11 months ago)

I’d be really shocked if they recorded IP addresses as well.

muddybulldog, 11 months ago

The application doesn’t, which is a very good thing, in my opinion. Instance admins will still have that data but that’s limited to your local administrator. It’s not federated.

InternetTubes, 11 months ago

Good point, it’s really easy to categorize different users by their voting habits alone. There’s actually a platform that does this called meneane.net, and it isn’t like it has burned down completely. It is more data available for marketing or worse in regards to Big Data, but when available to the users, it does allow you to see who’s going on downvoting sprees and see from what bubble they are coming from. In Meneame, some people have resorted to using separate accounts just to downvote from.

Besides that, it’s not that bad, just imagine yourself making a comment that says “I’m downvoting you”, and honestly, everyone should try being able to view that information.

Imgonnatrythis, 11 months ago

I’m downvoting you. You point out a good example of why it really is that bad and then go on to say it’s not that bad. I disagree and think it’s pretty bad.

InternetTubes, 11 months ago (edited 11 months ago)

Except it isn’t that bad, you have a literal example of it working which I doubt you have checked out or will check out, and you clearly don’t seem to mind telling people you are downvoting them anyway. There’s a very huge gap between what people will argue for just because it’s the way it has always been for them and the actual reality.

agoramachina, 11 months ago

Does it only log usernames, or does it record ip addresses as well? I am much more okay with one than the other.

lieuwex, 11 months ago

Only your instance admin can see your IP.