YSK: Your Lemmy activities (e.g. downvotes) are far from private

madsen, 11 months ago (edited 11 months ago)

Good find, albeit a bit horrifying.

I wonder what the GDPR implications of this is. As far as I understand, even free, privately run services are required to abide by GDPR and offer data insight and deletion. They’re also required to state clearly what happens to user data.

Edit: Apparently people have varying takes and feelings on what the GDPR does and does not say, so I urge you to please read the summary of GDPR data privacy here: gdpr.eu/data-privacy/ as well as the summary of what constitutes personal data here: gdpr.eu/eu-gdpr-personal-data/ It’s easier to have a good and fruitful discussion if we talk about what the GDPR actually says.

kat, 11 months ago

I wonder how deletion of user data is supposed to work in that regard. Since everything is synced to all federated instances, I guess one would have to file a request for deletion with every instance separately (?)

slowcurrent, 11 months ago

I have extensive experience with complying with GDPR and I feel like they wouldn’t care that it is decentralized. They’d go after Lemmy as a whole and anyone involved. Having to request your data wiped from each instance is not something they are going to accept.

obinice, 11 months ago

I’ve been wondering exactly this, Lemmy will have to be shut down in the EU if it doesn’t comply with GDPR, and considering that means each individual instance and the individual/group/company running it…

I just don’t see how this is ever going to be secure enough to fully comply with GDPR. Not when huge security holes like this exist, where anybody with a tiny bit of knowledge and a few hours can access so much data on people anywhere…

cwagner, 11 months ago

deleted_by_author

madsen, 11 months ago (edited 11 months ago)

if you want data deleted, you can do that, but you’ll have to send that request to every server you (or your instance on your behalf) sent it to.

According to the GDPR an “organization” has to specify exactly who processes the user’s data (i.e. every instance in a federation — past and present), and everyone that processes that data must make it easy to make data/deletion requests, to that’s hopefully baked into Lemmy from the get-go because otherwise someone is going to find themselves in the middle of a GDPR nightmare sooner rather than later. It’s not enough to say in the privacy policy that “user data spreads to federated instances” or something to that effect.

And given that usernames are connected to the votes, I’m pretty sure that it does not comply with the GDPR to just say that it “will place this interaction in the user’s outbox and immediately deliver it on the user’s behalf to all”.

Edit: Added link.

cwagner, 11 months ago

deleted_by_author

madsen, 11 months ago

I don’t think email is a good example because you’re in complete control of who you send an email to. However, I’m not in control of who Lemmy sends my voting data to (because I don’t control who a given instance is federated with), but GDPR grants me the right to know that.

cwagner, 11 months ago

deleted_by_author

madsen, 11 months ago

Still not a good example because I’m still in control of what I choose to send and whether or not I choose to send it at all. I can’t choose whether or not Lemmy broadcasts my username in conjunction with my votes to whoever may be listening, but I can choose not to send an email to a mailing list stating who I am and how I vote on Lemmy posts.

Organizations handling EU citizens’ data are required to abide by the GDPR and I can assure you that Gmail and others do that, they were among the first scrutinized when the GDPR went into effect. Just because I can send any data via email, doesn’t mean that email providers can do whatever they want with the data. If an email provider processes the contents of your email in order to do targeted advertising, then they have to very clearly state that in their privacy policy.

This isn’t specifically aimed at you, @cwagner, but more of a general observation. Lots of people in this thread appear to be unfamiliar with the GDPR and how it works, and that’s completely fair — especially if you’re not from Europa and/or haven’t worked with it. I just wish they would actually check how it works instead of making assumptions. This is a good start: gdpr.eu/data-privacy/

cwagner, 11 months ago

deleted_by_author

madsen, 11 months ago

It doesn’t matter if you post your +1 via lemmy or via email.

It absolutely does. When sending an email, you fill in the recipient and decide where your data goes, but when you press ‘upvote’ on Lemmy, you don’t have a say in who that information is broadcast to — especially not in its current form. And it’s on whoever runs the Lemmy server to comply with the GDPR and make data processors known. It really doesn’t matter how similar you think it is to email, the GDPR treats it differently and that’s the reality you have to accept.

Your argument could easily be extended to every piece of information floating across the internet. No one is forcing anyone to upload an image to Facebook, but Meta is still responsible for documenting who handles the image and for what purposes, they can’t just say, “you uploaded it, we let 3rd parties have their way with it”.

And I’ve also worked with the GDPR, both as a developer implementing systems to accommodate requests for data insight and erasure, and implementing controls to make sure data was being handled correctly and e.g. not stored for longer than allowed, and I’ve worked with it from a security perspective in order to protect the personal data of about a couple of million people, and finally I’ve worked with it in management to implement safe and GDPR compliant data handling strategies in a couple of companies.

cwagner, 11 months ago

deleted_by_author

madsen, 11 months ago

I am interested in discussion but I prefer to discuss things based on facts rather than feelings.

Email isn’t exempt from the GDPR. If an email provider is doing anything with your email except for delivering it to the intended recipient, then you have a right to know under the GDPR. Plenty of hefty fines have been handed out over failing to sufficiently inform about such things: www.enforcementtracker.com (look for e.g. art. 12 violations). Even something as simple as SMTP logs contain PII according to the GDPR and should be handled as such.

You voluntarily sending an email, with whatever content you decide to put there, to a recipient of your choosing, is in absolutely no way the same as clicking a vote button and involuntarily having your vote and username broadcast to whoever cares to listen without your prior knowledge and consent. Yes, emails travel through a bunch of MTAs underway — that’s a prerequisite for email to work. And no, broadcasting Lemmy votes along with usernames is in no way a prerequisite for voting to work.

cwagner, 11 months ago

deleted_by_author

madsen, 11 months ago

It’s voluntarily broadcasting it, because YOU told it to broadcast it.

Yes, and that’s not the issue as I’ve been saying the entire time. The issue is that you have a right to know where it’s broadcast — both in the past and in the present. That’s what I’ve been saying the entire time. And the privacy policy needs to specify exactly what data is sent and where to. The privacy policy you cited did neither, it just stated that it was sent out.

sab, 11 months ago

I don’t think email is a good example because you’re in complete control of who you send an email to.

You can easily check which instances your server is federated with in the footer of your server. If any of those external servers have subscriptions to the community you’re posting in, they will receive an update, so it’s safe to assume it’s being sent to all of them.

madsen, 11 months ago

Problem is that it’s not historical. If a server was defederated yesterday, it doesn’t appear in that list. And again, GDPR takes this stuff seriously, and “look at the bottom” is not sufficient. It needs to specify what data goes where.

booty_flexx, 11 months ago (edited 11 months ago)

To illustrate op’s point I’m going to spin up an instance, federate with everyone, and not tell anyone what that instance is.

Then I’m going to feed all that data into my new website, called Open Lemmy Stats, where anyone can query the user data ive accumulated. The homepage will be ripe with insights, leaderboards and all kinds of data on prolific users.

Additionally, I’ll display a snapshot/profile of a random user by feeding that users data to GPT4 to make inferences about the user’s political affiliations and display the results.

Worst of all, I’m not going to out my instance for everyone to know it as the one to defederate. In fact I’m spinning up a few instances that will host innocuous communities that I plan to mod and support to give my instances cover for their true purpose: redundant fediverse datastreams for my site, Open Lemmy Stats.

I’ll also have a store where anyone can buy my collected fediverse data for a handsome sum.

Just kidding I’m not doing any of this. But someone absolutely will or already is.

cousinofjah, 11 months ago

@booty_flexx @muddybulldog do we ever see these fediverse products employing a plugin system where such a bot could be added easily by instances that wanted to?

EurekaStockade, 11 months ago

Honestly, why not? The data is already being recorded. At least this way it’s public and the rest of us get to interact with it. It might even scare a few people into paying attention to the information that they disclose about themselves and increase their digital hygiene.

okamiueru, 11 months ago

If I’m reading it correctly, and please help me out if not: recorded data by the nature of being stored somewhere, should be made public?

That doesn’t make all that much sense. Data retention and access levels should always be tied to a use case that require it. And, there is no “if anything is stored, it should all be public”

EurekaStockade, 11 months ago

recorded data by the nature of being stored somewhere, should be made public?

The difference is that this data can already be surfaced by anyone, all they need to do is spin up a federated instance, so someone could do all the stuff outlined in the parent comment, but keep the results for themselves, or monetise it, build advertising profiles, doxx people, etc.

The data already exists, and it can already be extracted and made public (or used privately). I’m not saying throw open every database to the world, I am saying the world can already access this database, so pretending that it’s not available doesn’t stop bad actors from using it. Might as well make a public tool (that actually sounds kinda cool?) and bring awareness to it.

okamiueru, 11 months ago

Ah, gotcha. I don’t think anyone was saying that the solution was to try to make the problem less visible.

kolorafa, 11 months ago

Red*it can do that too (if not doing it already) but they also have your personal details linked especially when paying for premium :)

deegeese, 10 months ago

Can your instance secretly run a fork that doesn’t respect deletes?

SendMePhotos, 10 months ago

That was pretty interesting. I want to see graphs.

Reliant1087, 11 months ago

I think your comment clearly illustrates what might go wrong with it. If they need this data for sorting or something else absolutely, then I would be happy if they just hashed the usernames/instances or used some other form of UID.

Hard_to_deside, 10 months ago

Jesus Fucking Christ !

deweydecibel, 11 months ago (edited 11 months ago)

And just think how much data you can gather by sending out puppet accounts on various instances, accounts that will serve only to publicly state an opinion, such as “I support this candidate”, so the data on the people who upvote it can be harvested and categorized more easily. There is so much data harvesting potential here with a little imagination, and with a little more, a lot of ways to use that data to influence the way average users engage with the fediverse.

That site would also be a great advertisement for Lemmy. Come here to our decentralized platform, where you can vote…but you better not, lest you end up on the site. What social network wouldn’t grow when users are peer pressured into not using one of it’s basic underlying mechanics that makes the whole thing work?

Smk, 11 months ago

They will know the user but not the person in real life. Even if you know that my user is more conservative on some points or more liberal on others, how can you use that for nefarious action ? Unless you know where I live and who I am, the data is useless.

People need to be aware that sharing your personal information on the internet is never a good idea.

GenderNeutralBro, 11 months ago

It’s very difficult to both A) have meaningful conversations in a public space, and B) conceal your identity from a dedicated adversary. Once a person has a long post history, it’s likely that an observer could narrow down their identity to a very small group, if not a single person. Every post you make reveals something.

Even if you don’t ever explicitly state it, your age range and gender can likely be guessed with high probability by your writing style and/or little tidbits of info you leak without thinking about it. Same for political leanings. You might casually mention the brand of car you drive, or your favorite foods, or just reference something you experienced as a child that is not universal. All of these things leak information, and while each one seems insignificant, in aggregate they can tell a detailed story. Just knowing that you’re a Canadian who speaks both French and English eliminates about 99.8% of the world’s population as possibilities.

Back on Reddit I used to create fresh accounts all the time, but then I’d go and join the same subs, post with the same writing style, and generally express the same worldview. If anybody cared, had a good grasp of statistics, bothered to collect the data, and put in a stupid amount of time to it, they could likely match all of my accounts together. I was never too worried about this because…well I just didn’t care. But I did have a cyberstalker at one point and it made me think.

I wouldn’t be shocked if someone could match me to one or more of my Reddit accounts just from this one comment, tbh. I’m leaking information here like a sieve! Not many people have the skills to do that, and the few who do are unlikely to give a rat’s ass about me. HOWEVER, as AI becomes more advanced, anyone with computer literacy will be able to do analysis in minutes that might currently take an expert days or weeks.

Smk, 11 months ago

I get what you’re saying. I’m not sure if it’s something that is fixable giving that we participate in a public forum. Maybe the federation isn’t a great idea after all, or maybe we overthink it. I don’t know.

pfr, 11 months ago (edited 11 months ago)

I’m almost willing to bet that big tech companies are already doing this. They got the motive and the means. No doubt Meta or Google have dedicated some of their servers to mining our Lemmy data in this way.

Zackyist, 11 months ago

With only around 100k users and most people using anonymous usernames that cannot be connected to their identity it would hardly be worth the effort, time or money.

Quinnel, 11 months ago

You’re looking at this from the wrong point of view. The fediverse is not just lemmy: Threads, Tumblr, even BlueSky (albeit with their own protocol, but anyone could just modify their fediverse enabled app to convert their data to be applicable to BlueSky’s protocol) are quickly setting the stage for a new norm. The more websites integrate the fediverse into their stack, the more data outside the immediate sphere of influence of these major corporations can be harvested. To what ends they’ll use it, I don’t know – but I don’t trust them with it.

stevedidWHAT, 11 months ago

Lmao the internet finally realizing what companies and the govt have been doing for decades on the internet

agoramachina, 11 months ago (edited 11 months ago)

You know, I came in here with the mindset that the topic of discussion here isn’t a bad thing; I’m largely pro information-should-be-open-and-available. But you’ve argued a very solid point, and I’ve changed my mind on the issue. I appreciate you sharing this perspective!

stevedidWHAT, 11 months ago

With all due respect, figuring out who you are based off what you say in a public setting is already what people do irl

deweydecibel, 11 months ago (edited 11 months ago)

deleted_by_author

InternetTubes, 11 months ago

This isn’t reddit, you can just move on to another server. Reddit did have bots doing things like that, banning people that say participated in the prolife sub. If it happens here, people can notice and begin criticizing the Nazi, which will make his actions al the more evident.

Darkassassin07, 11 months ago

While I agree this shouldn’t be so publicly accessible, I’m curious about the possible benefits of limited sharing between instances to give spam/bot detection tool’s more power.

Users on A vote on a post on B. The admins from A and B can see the fine details of who did what, but the admins of C (and all of the general users regardless of instance) just see totals of up/down votes.

QuadratureSurfer, 11 months ago

Ideally, detecting bots should be up to the Admins. They should have access to the vote information, and they can share the tools with other admins to detect it. But the average user should not have unrestricted access to this data.

sauerkraus, 11 months ago

The average user can run their own instance as an admin.

QuadratureSurfer, 11 months ago

Let me be a little more clear, the Admins of your account’s particular instance should be the only ones that have access to your votes.

Now the question remains about when your account posts/comments into a different instance, who should have access to those votes? Perhaps your instance has a way of obfuscating the votes of any user coming from your instance, or else only the admins of the community that you’re posting into will have access to your votes?

The problem really comes down to how we avoid the problem with duplicating votes. Currently this is easy as each vote is public so every instance can verify the correct vote count. But implementing either of the solutions above will need a way to verify the correct number of votes.

To top it off you would also need a way to detect if a malicious instance had come along and started lying about how many votes had been cast.

One thing we can look at under the hood would be how cryptocurrency works as they have solved both the problem of duplicate values as well as the ability to trust those values being sent. All of the code is free and open source so we can pick out the parts that we need and reuse it. (And no, I’m not telling people to go out and buy crypto).

Z Cash would be a particularly good one to look at as it ensures a “zero knowledge” (or “zero trust”) method of sending the values across “nodes” (or in our case “instances”). Using this, who is voting on what would be hidden, but we could ensure that the values are correct.

Additionally you could probably throw out the second hashing algorithm altogether and just keep the Blake2b hashing algorithm as this one is far more efficient and quick to compute (and that second algorithm was mostly thrown in to prevent people with specialized hardware from being able to come in and beat anyone else running on just a GPU/CPU). github.com/zcash/zcash

However, using this particular method would make it so that not even the instance admins would be able to view the details of anyone’s votes (which may be a good thing after all if we decide that any random instance admin is not to be trusted).

sauerkraus, 11 months ago

There’s no need to complicate things by bringing crypto buzzwords into it. It’s already been solved faster, better, and easier just like everything else cryptobros invent a problem for.

QuadratureSurfer, 11 months ago

The crypto example was only a suggestion because they have simply solved the exact same problem we are looking at: duplicate votes (transactions) and verifying the results while being able to hide it.

I would love to hear any other suggestions that people may have that solve these problems. Copying open source code from crypto isn’t the only option. So let’s look for solutions instead of dismissals (unless you’re arguing for keeping votes public of course).

Bozicus, 11 months ago

I agree with you about harassment issues, and the importance of controlling the transfer of admin-level data between instances, but for your last scenario, doesn’t blocking only apply to users who are logged in? Assuming your hypothetical tankies and Nazis were actually posting as well as blocking, it would be easy to find them just by logging out, and there are a lot of ways to get them banned or otherwise counteract their activities that don’t require someone to interact directly with them while logged in. The case you’re describing is not the kind of situation where the most important action is to argue with them. Arguing with extremists usually just validates their delusions, and encourages them to keep doing what they’re doing.

DurianLongan, 11 months ago

I could say something about how great Nazis are right now, and have a bot programmed to read every single person that downvoted me, add those names to a shared blocklist, and viola, I’ve made myself and all my alts invisible to the people that would challenge me on a massive scale.

Damn

Zeus, 11 months ago

alternatively, if votes were private, you could spin up a bot network to mass upvote your comment; making it far more influential as most people are more inclined to believe statements they think others also feel. thankfully, votes are open, so you can’t

as long as there is a system, people will try to game the system; and when there is a new system, people will come up with new games

Weirdbeardgame, 11 months ago

Yes … That’s how social networking works. ANY site you go to will have this much info if not more since most “social networks” want YOU. Your personal info etc. Lemmy is just a username attached to posts and comments. So in a way it’s actually less than other networks like meta for instance

Darkassassin07, 11 months ago

The difference is on Reddit/Twitter/FB/etc the only people with that kind of access are employees hired by those platforms. It’s out of your hands, but not public data.

With lemmy, any random person can spin up an instance, federate it, and view that data. It’s openly available to the public, just with a few extra steps.

A lurker on reddit leaves no public info, just a username and an account age while still being able to up/down vote.

That same lurker here would leave a trail of up/down votes that can be viewed by anyone who knows where to look.

JshKlsn, 11 months ago

Redditors already scream at people when they get a downvote and blame it on the person that replies to them, even if that person didn’t downvote them.

I can see this being dangerous and leading to a lot of bullying. I know k-bin already publicly shows this. I can see who downvotes my comments/posts when I open up the post in a k-bin instance, without even being a member.

InternetTubes, 11 months ago (edited 11 months ago)

There was already bullying by people, and it didn’t need downvotes for it to happen. To solve it, it just needs moderation.

Maybe people can also be nicer and downvote less, for a change.

Bozicus, 11 months ago

Some instances don’t allow downvotes by people logged into that instance, which I think helps. (From both sides: I find that when I can’t downvote, I have a lot less motivation to read anything that makes me angry. I just keep scrolling).

muddybulldog, 11 months ago (edited 11 months ago)

Yes.

Just muddling around I’ve built queries that: (a) list all of my post & comments, everybody who voted on them, and their votes (b) tally how many times specific users have upvoted or downvoted me. © identifies the most prolific voters across the Fediverse and the communities they are voting in (d) identifies users with the same username or display name across all instances and correlates the activities across those accounts.

These are all for the sake of learning and are innocuos the way I’m using them. It is plain to see that someone with skills and an agenda could make more out of it than I have.

platypus_plumba, 11 months ago

Oh sweet summer child, comments aren’t deleted either.

sebi, 11 months ago (edited 11 months ago)

So any instance admin can analyze all users upvotes/downvotes and possibly derive political standpoints, likes/dislikes, opinions and location data from it

Pizzacheese4, 11 months ago

How is this different than any other website?

madsen, 11 months ago

I can’t just spin up a website and automatically get that info from other websites, but I can spin up a lemmy instance and get that info from everyone it’s federated with.

platypus_plumba, 11 months ago

How is it even possible to do a SQL query on the database from another instance?

Makes no sense, databases should be private and behind the HTTP API. Why is he showing a SQL query as evidence?

So I’ll assume this is done via the HTTP API then. If that’s the case, why does an instance needs to see this information from other instances? By needs I mean if there’s an actual purpose for that info being exposed.

addison, 11 months ago

You don’t query another instance’s database.

When your instance is federated with another, your instance will sync a local copy of threads and interactions from that instance.

You then query your own database and instantly have access to everyone else’s interaction data.

platypus_plumba, 11 months ago

Wow. Off-topic but that sounds inefficient for very large networks of instances. Sounds like the federation is doing more that it should.

Is there some place to learn about the federation protocol?

sebi, 11 months ago

I agree, someone has to store and maintain your data, but giving all instances access to it is a risk that could be avoided

newDayRocks, 11 months ago

To further this thought, it makes it really easy for any motivated party to profile accounts.

Create an account that posts intentionally politically motivated news or comments.

Rinse and repeat a few times and now you the data you want.

muddybulldog, 11 months ago

Yes.

Just muddling around I’ve built queries that: (a) list all of my post & comments, everybody who voted on them, and their votes (b) tally how many times specific users have upvoted or downvoted me. © identifies the most prolific voters across the Fediverse and the communities they are voting in (d) identifies users with the same username or display name across all instances and correlates the activities across those accounts.

These are all for the sake of learning and are innocuos the way I’m using them. It is plain to see that someone with skills and an agenda could make more out of it than I have.

sebi, 11 months ago

So you can get the users voting on posts on other instances?

Could it be anonymized, so you can get exact up/downvote data from your instance, but when it comes to other instances you only get the absolute up/downvotes?

SuRiYa, 11 months ago

deleted_by_author

Chasm, 11 months ago

I have proudly downvoted you 😌 for fun, no less. Not even disagreement.

SuRiYa, 11 months ago

deleted_by_author

Chasm, 11 months ago

I amusedly upvoted you because you called me silly 😌

ZoopZeZoop, 11 months ago

And I updated you with a chuckle!

hddsx, 11 months ago

Well time to write a bot that creates a new account for every vote and comment

nothacking, 11 months ago

If you are doing anything tgat could get you in legal trouble on the internet, only use acounts that can not be linked to your real life identity, and always use tools like Tor. Do not depend on tools like private messages, private voting, etc. In those cases, there is always someone who can give you away, and service admins will give out information when the feds come knocking.

Chasm, 11 months ago

Add a matrix account to your profile and any time someone DMs you, remind them that DMs are not private and guide them to your Matrix. Then pretend to disagree with them energetically on DMs while sharing your terrorist plans on Matrix.

R51, 11 months ago

The issue isn’t about any one person… so many people here are making it a personal problem. The problem is the ability for literally anyone to track how ideas propagate PER USER. The person analyzing this data doesn’t care who any one person is in real life.

TeoTwawki, 11 months ago

A government would only need to get its hands on one instance to havest downvote based dissent data.

Tbh I’d rather we had an up-only based vote system though. Downvotes had a lot to do with the reddit culture that I don’t want taking over Lemmy.

nothacking, 11 months ago

At least lemmy shows votes as seperate upvotes and downvotes, do you can see that someone agrees. (But please dont vote based on if you agree, only downvote misinformation, attempts to incite flamewars, spam. If its high quality an on topic don’t downvote)

TeoTwawki, 11 months ago

Yeah, that in itself is a major improvememt over every post and every i dividual having a “score”.

irkli, 11 months ago

I agree, I think separate tallies for up and down might be a really great thing.

On that other place, while lots of downvoting is “obvious”, a lot is really odd, like someone posting a technically correct, documentable, verified answer, and it gets downvoted? Also black-supportive or LGBTQI+ stuff gets downvoted at times. 9000 ups and 9000 downs at the same time would be umm interesting.

marmo7ade, 11 months ago

Downvotes are part of the reddit culture I miss and what I came to lemmy for. Toxic positivity on reddit, youtube, etc is so annoying. Some content sucks and we should be able to downvote it into oblivion.

TeoTwawki, 11 months ago

Yeah I… wait what?? Toxic positivity…in youtube comments?!

Have I been transported to a parrellel universe where youtube comments aren’t a high 90’s % cesspit of the most vile personalities known to humankind? Does this mean I’m on the good timeline now? Is climate change still poised to make the world super uncomfortable and maybe deadly?

TORFdot0, 11 months ago (edited 11 months ago)

Disapproval has its place in deterring bad behavior. It’s not toxic to disagree with a person. If the only two choices are approval and indifference it promotes toxic behavior as there is nothing to suppress the toxic behavior.

Edit: I understand what you are getting at though and one thing I didn’t like is people using the downvote button as a disagree button. I only ever use it to downvote off-topic, spam, or toxic posts/comments; but I’ve been on Reddit and gotten massively downvoted because I’ve expressed an opinion counter to general consensus (hive mind)

TeoTwawki, 11 months ago (edited 11 months ago)

Yeah we’re kinda on the same page there, its just intent and what it evolves into later down the road tend to drift apart over time. A down buttom isn’t inherantly bad, but it seems inevitably mossed used by a large portion of users. And right now lemmy is taking in a mass influx of refugees from a place that -already- had large numbers of users doing so.

I didn’t try lemmy till like a week before all reddits recent drama. I wish I had found this ages ago. I actually found this via github instead of reddit! But once thay drama happened I knew a lot of folks would be looking for a replacement.

Hopefully I’m not comimg off as concern trolling. Things have worked as is for lemmy for some time. Best case scenario is the former reddit users get used to lemmy’s kinder culture and no systems adapt from it.

I disagree on it meaning there is nothing to stop toxic behavior though. If somethings truly toxic it has -always- taken action beyond a simple downvote to excise.

howdy, 11 months ago

I turned off downvotes and no karma in lemmy is nice. It’s overall a friendlier experience IMO.

muddybulldog, 11 months ago

Another example of YSK. The lack of a karma system is a fallacy. It’s only because the devs haven’t surfaced the data, as karma, in the user interface.

Going by Reddit standards, your post karma is 54 and your comment karma is 527.

The data is all there and there are alternative clients who do provide it in that manner.

howdy, 11 months ago

Well you’re no fun 😝 . I get it though, I saw a userscript the other day that could add it to your interface.

irkli, 11 months ago

Up and down is interesting, ain’t it. I use UP to mean good point, great idea, I agree, etc. But I use DOWN differently: not for I disagree, don’t like, but “YOU ARE SHITTING UP OUR CULTURE HERE”, bigots and totally wrong facts that the poster insists on which is different than ‘the answer is X’ but its wrong, it’s Y, and you reply Y is the answer, we disagree, that’s fine, even if I’m annoyed etc. Downvoting to me is, you are not being a good citizen here, fuck you. A meta-comment on the posting.

Sometimes I fail, lol.

RyanHx, 11 months ago

People raise a good point that in countries where political dissent can actually be dangerous, this would very much dissuade people from voting on things they believe in, or even coming anywhere near Lemmy period.

A better approach I think would be to have the user’s host instance save their votes (the database obviously needs to remember what you voted on), but when federating those votes with other instances just hand over a cumulative total, e.g., “here on vlemmy.net we have +18 votes for this comment”, which the other instances can then add. There’s no need to send user information with that data.

Feirdro, 11 months ago

Agreed, especially because I believe we’re headed for a repressive regime here in the US in about 2 years.

Places like this will need to get very careful if they want to remain bastions of free speech and places where people can come to find the information that will no longer be available in mainstream channels.

nicholas, 11 months ago

Lemmy is not a bastion of free speech lmfao

beefstu, 11 months ago

How do we get this to happen?

kolorafa, 11 months ago

That would allow to fake votes, as I can tweak my instance to spew any number I want.

Zyansheep, 11 months ago

Can probably fake votes anyway by faking usernames right? Harder, but still doable 🤔

astral_avocado, 11 months ago

I think those users who live under oppressive governments should be used to using tools like Tor and accounts with a proton email to interact on the internet.

Paradox, 11 months ago

Pretty easy to make an instance that would auto vote certain things with suspicious amounts of votes

As it stands now, they have to fake the origin of some of those votes. Not much of a barrier, the fediverse generally accepts any user an instance says exists, but still, it’s a barrier

And of course any instance thats blatantly manipulating votes is going to be defederated, but I’m more concerned with an instance that behaves normally until it encounters a keyword or user is been set to, and then gives their posts a -5 or whatever

Distributed, 11 months ago

This was my thoughts as well. I understand the need for an audit trail.

Would be very easy to build up an interaction graph with this data that could be used for fingerprinting. If this is an issue for you, though, just browse without signing in/interacting

Was just thinking about this more though, and unfortunately there can also be rogue instances that allow bot users to be created and interact with other instances posts, so this issue could still persist.

plumbercraic, 11 months ago

Could replace the usernames with UUIDs, and keep the username-UUID map back on the source instance? Then you get an audit trail, but not associated with user identity. There’s also no guarantee that people don’t use bob_jones as their username, and this is Personally Identifiable Information, which brings up some GDPR stuff too.

muddybulldog, 11 months ago

The problem with that is that every interaction that any user has with a post or a comment would require calls back to the home instance in order to lookup those usernames. That’s a LOT of extra load

JackbyDev, 11 months ago

There is no reason you couldn’t only do it for votes and not for posts and comments.

deweydecibel, 11 months ago

The problem that Reddit realized early on is that user voting is the engine behind the content aggregation. That aggregation is one of the main selling points of Reddit. The more users vote on what they see, the more information Reddit has for how to aggregate that content. That’s what keeps the front page fresh, that’s what keeps content moving up and down on the site. In a very real sense, the voting is the heart pumping blood through the site.

So it behooves the site to not give any reason for users not to vote how they feel. Keeping votes private was part of that. It is one of the most basic tenets of democracy: the only way to give people the freedom to vote honestly and frequently is to give them the privacy to do it.

The potential for retaliation against users, in any number of conceivable ways, far outweighs any benefits that come from making votes public.

The voting information also makes it insanely easy to automate mass blocking of any opinion under the sun. Nobody in this thread seems to grasp all the things you can do with that data to manipulate user interactions on this site. If you think troll armies are bad, wait till those troll armies have a shared automated block list of every single person that has ever downvoted them.

MissingNo, 11 months ago

At first I agreed with the general “whatever” sentiment. It has some important implications, however.

It discourages people from voting if they’re concerned about other people seeing their activity. This could result in a lower quality of scoring for posts.

chakan2, 11 months ago

It discourages people from voting if they’re concerned about other people seeing their activity. This could result in a lower quality of scoring for posts.

I strongly disagree with that. I think showing downvotes makes your votes more relevant. If something has 10k up votes and 10k down votes, it’s probably a decent post. If it just shows 10k up votes, or 0 net total, the score doesn’t reflect the nature of the post.

At the individual level, it lets you know if someone is just trolling. That’s also a plus as far as reputation goes (not sure how people are scored here, or if they are).

OmniGlitcher, 11 months ago (edited 11 months ago)

I agree with what you’re saying, but that’s not the point of this post. This post is about the fact that an individual user’s vote history is semi-public.

i.e. if you were to upvote my comment, anyone who owns an instance would be able to see it was you who upvoted it. Likewise for if you downvote it.

Whilst I’m sure there are those who don’t care, I’d personally rather not have any rando who can be bothered to set up a Lemmy instance know what I’ve voted on. I’d honestly rather just not vote.

marmo7ade, 11 months ago

Good. A type of voting it discourages is using multiple accounts to game the system. People on lemmy have already been caught doing this and quickly shunned.

If you think that someone will judge you negatively for your vote - then do not make that vote. That is the entire point. And I like it.

minnow, 11 months ago

You do see how it could have a chilling effect on engagement if the “someone” judging you negatively for your vote is, say, a repressive government, right? And what’s the point of a social network without engagement?

Draconic_NEO, 11 months ago

I disagree, a lot of people troll-downvote meaning they downvote content that they don’t like, or just downvote because it’s already low score. Same also happens with upvotes and content that shouldn’t be upvoted. If you’re concerned with other people seeing your vote history you probably shouldn’t be making those votes.

Semi public voting discourages this form of misconduct because people who want to can audit their history and see that they’re a troll.

noworriesimaracoon, 11 months ago

I disagree, a lot of people troll-downvote meaning they downvote content that they don’t like, or just downvote because it’s already low score.

Is there a valid reason, according to you, to use the downvote button? I’m really interested in knowing.

IronKrill, 11 months ago

The accepted reason for downvoting since early Reddit times is content that either doesn’t contribute to discussion or is factually false. Downvote was never meant to be a disagree button, but I am sure we’ve all broken that rule occasionally.

locuester, 11 months ago

Exactly. It seems everyone here is of the impression that voting is for agree/disagree. That sucks and it’s simply impossible to fix.

IronKrill, 11 months ago

I upvoted you because I agree with you.

sauerkraus, 11 months ago

Downvoting has always been an indicator that you disagree in some way. Whether it’s a disagreement with the substance or format never mattered. You’ll sometimes see people jump through hoops trying to justify how their form of disagreement is the only valid one though.

traveler01, 11 months ago

I mean the platform needs to store information in order to be able to show them to other users no? As a programmer I can’t really see a better way to handle up and down votes than that.

giantshortfacedbear, 11 months ago

Is the poster’s IP address, system, or other system identifier/location, tracked?

If I have users giantshortfacedbear and throwaway123. Then it could be inferred or impled that they are same person if there are from the same IP or phone.

muddybulldog, 11 months ago

That information is not tracked in the application itself. A “home instance” admin could correlate their web access logs with the database to draw this kind of conclusion but it’s not federated info.

Iceblade02, 11 months ago

That’s good at least. This means that I only need to trust the host for my home instance keep my anonymity.

Draconic_NEO, 11 months ago

I believe that information isn’t sent over ActivityPub protocol so while the instance admins individually could see it, it isn’t federated data.

Though if account association by IP address is a concern for you then you should probably be using Tor to connect with your accounts.