Upvotes seem to just federate as likes and dislikes.
There’s no way that isn’t going to be abused. Some marketing or tracking agency will setup a fediverse server and just collect all data like this for free. Or worse, take advantage of a friendica instance to bombard it with requests for data collection purposes.
Yes, but as long as you don’t reveal your identity, they can’t do much to track you.
They don’t have access to your IP.
Of course, it you’re using the same username over multiple services, or reveal identifying information (which is much easier to analyse now due to AI) they will be able to track you.
Is IP not logged anywhere in Lemmy/ ActivityPub?
Nope just server
I think server admins can access. It makes sense moderation wise, if for keeping a tab on alts for enforcing permabans.
Well yes, the whole concept of the fediverse is that of social media as a public service. All activitypub data is public.
So you’re agreeing with me that it will be abused.
Not them but yes but it’s not a feature of the system, it’s a failure of the humans.
What can they use that data for?
It would only be usable data if they could show personalized ads to the users. They can’t.
All they know is that Meldrik up/downvoted this and that, but outside of Lemmy they have no idea who Meldrik is.
I think the issue is that many Lemmy users will think more carefully about what they comment than what they up/downvote, as a comment appears connected to your username but a vote doesn’t. You might decide against commenting on something you disagree with because you don’t want to get in a fight, instead just downvoting it, but if people then know if was you who downvoted can still pick the fight.
Basically the issue is you’re revealing a lot more information than you might initially have realised if you’d have known votes were public all along. Maybe a disgruntled person uses that to dox you, or maybe a corpo feeds all that information into their fancy computer system to work out who you might be, who knows.
Or you can be an instance admin. Iirc In the next lemmy version (1.0.0), mods will also be able to view votes in their communities.
mods will also be able to view votes in their communities.
You can already do this using tesseract, by the way (not tesseract.dubvee.org, strangely?)
On t.lemmy.dbzer0.com i can see both upvotes and downvotes (for all my modded comms):
I guess the feature was already merged in one of the past Lemmy versions then?
I think it’s been implemented this whole time, but it’s just that the default lemmy-ui doesn’t show it
You can already do it with a database query iirc.
I’m not sure about the downvotes part (i failed to recreate this lmao) but you can already view upvotes with mbin. Piefed solves this problem with a option to make your votes private but only with untrusted instances (but from my tests it didn’t work? weird)
IIRC, piefed’s private votes are disabled for “trusted” instances. You can see which instances are trusted here.
Ah, well that sucks :( i thought it just used a different strategy to do so if it was trusted, not outright disable it.
Will correct it, thanks
IIRC PieFed’s method is to send the upvote using a second random username not connected to your username.
Damn, so this is how I find out we’re least trustworthy part of the commonwealth.
I was thinking that it would make sense to federate upvotes, but with the hash of your username instead of your actual handle. Would this work?
The userbase is small enough that hashing would be easy cracked by a determined person. Even with salting, iterating through the entire userbase and hashing each username+salt to check for a match would probably not take long
Replace “hashing” with “encrypted” (perhaps just using a symmetric key that the admin sets up) and then it gets impossible to know for any outsiders who is the real user behind the vote.
I for one just wish people understood once and for all that anything you do on social media is public.
If you are not comfortable backing up your opinion or action, then don’t do it.
Assuming each user will always encrypt to the same value, this still loses to statistical attacks.
As a simple example, users are e.g. more likely to vote on threads they comment in. With data reaching back far enough, people who exhibit “normal” behavior will be identified with high certainty.
What if a uuid is generated every time a user signs up, and every upvote iterates through the uuids?
How long until it gets abused, and trolls start brigading though instances that hide their votes?
Nothing stops defederation, though.
That creates an incentive for trolls to create accounts at the popular instances using this mechanism in order to destroy their reputation.
But they can just be banned from those instances?
How would that work? How would an admin separate downvotes from brigaders and legitimate users who happen to downvote a comment?
Banning trolls would be doable - they’d have patterns where they target specific users across many different communities. If the same user downvotes everything I’ve ever said, from controversial political takes to pictures of food to posts about gardening, that’s probably a malicious user.
But “brigading” doesn’t mean anything and I don’t respect the concept. You can’t ban it because you can’t define it in a way that doesn’t include normal usage of the site.
Or mentally unwell people stalking.
One of the advantages of votes being public is that it keeps instance owners honest and, perhaps more importantly, means they know other instance owners are honest.
If they weren’t public it would be easy to modify your lemmy instance to send 10 votes with fake hashes for every real vote. There would be constant accusations of brigading and faking votes.
Piefed already does this, because it is the way.
Just make a rainbow table and get the usernames back.
I don’t know this name, I read its part of the Fediverse… Does this affect us?
Yes, after all other servers need this information in order to prevent double voting, you can’t just have servers sending each other information “somebody upvoted this” and also tell when servers are allowing users to vote more than once.
So upvotes and downvotes aren’t actually private, never have been, some servers may display them publicly even if most don’t.
That’s pretty cool. Sometimes in an argument there’s that (1/-1) thing going on, would be funny to see how both are downvoting each other.
There are some instances that disable downvotes altogether!
Oof, hell no. That’s some Facebook level cancer right there when they removed downvotes.
It’s just a form of white washing that makes the same people who made up being offended by “black lists” and “master branch”.
Edit: Y’all do realize the irony of exercising your ability to downvote a comment that is defending your ability to downvote?
The whole concept of the Fediverse as social media is that all the data is public. Stop acting like these servers are giving out private data. This data has never been private, and it never will be. Data like this being shared with any other server is how ActivityPub and the Fediverse work.
I know, but some people assume votes are private.
If you’d only ever interacted with Lemmy and not read up on how ActivityPub works then that’s a reasonable assumption, it’s not like anything (that I’ve noticed!) actually tells you that your votes are public, and they don’t look to be public in the places you’re likely to see!
Lemmy likes aren’t meant to be public, this is just other software failing to respect the privacy Lemmy indicates.
That’s almost as bad as using robots.txt to claim sites are private and secure and just whining that people/bots should respect it.
You should assume voter data is fully public and fully open. It otherwise is in the federated ecosystem.
The comparison doesn’t work because both Lemmy and Mbin are implementing the same standard, while robots.txt is mostly an honour system.
You should assume voter data is fully public and fully open. It otherwise is in the federated ecosystem.
Information not being private isn’t the same thing as information being public.
idk, the label is also an honor system, if it can be just ignored like robots.txt.
I didn’t explain what I meant very well. To scrape a website you don’t need to understand robots.txt, implementing robots.txt is something you do to be a good netizen. But to get like info from Lemmy, implementing ActivityPub is a requirement.
Now I’ll admit, it’s not a great system and I do wish we had something better, but I also don’t think “this isn’t a good way to communicate preferences” is a good reason to ignore them.
