I recently learned that voting on lemmy is not anonymous. Anyone can get information about who has upvoted and downvoted a post or comment.
In combination with your IP, this is a massive privacy (maybe even physical security) risk. Also, people can target you for your votes.
Sadly, this is something where I would prefer Reddit over Lemmy. Big tech scrapes data from both places anyways, at least Reddit is safe.
Why is public voting a massive privacy and physical threat but public posting and commenting is not?
Would be my question as well. It seems quite obvious that if you participate in publicly viewable discussion, that the stuff you do is publicly viewable.
If you don’t want it associated to your physical person, use a VPN and unidentifiable account name.
(And the statement “at least reddit is safe” seems absolutely ridiculous to me.)
Reddit is safer than Lemmy. There cannot be witchhunts on lurkers. IP info is not accessible to anyone but the company.
Your IP isn’t accessible to anyone but your instance admin, that doesn’t federate.
As long as we’re talking about privacy issues on Lemmy, I’m pretty sure that isn’t true. I strongly suspect that it would be possible to set up a tool that would post image links, or even just track the accesses for your own avatar, in a way where you could statistically be pretty confident of associating IP addresses with usernames after participating in Lemmy for a while (correlating people accessing your avatar image with replying to particular people’s comments and then them replying to those comments, sending DMs to particular people from a not-very-much used account, something like that.)
I think modern versions of Lemmy can proxy images to reduce this, but it’s hard enough to do robustly that I would bet that there is some kind of way the information leaks out. It’s really hard to prevent this kind of thing even if you’re trying hard to make it difficult and the Lemmy devs don’t seem to be trying all that hard.
I don’t even think image proxying is on by default in Lemmy, although I just checked and this Piefed instance is doing it.
reddit safer than lemmy lol
How is Reddit less secure than Lemmy?
you can be sure that reddit tracks you; often you cant even open it when using a vpn. they have an approximate location from your ip, possible movement data when their client is on your phone, and then they enrich their data with external datasets. those are then sold. reddit is a bit more private than facebook, but not as much as you believe. all those sources combined mean they pretty much know who you are.
I agree that they track and are shit at privacy. I specifically find it safer because only the company can track me and not the users.
This is a decent point. Ignore the inane downvotes you’re getting for simply expressing your opinion in a polite and good-faith manner.
you know that data is being sold to hundreds of third parties, right? I`m pretty sure that more people get access to that data than there are lemmy users. but you do you, mate
If someone starts to harrass you due to your voting habits (which I’ve never heard of happening) you can just block them and move on with your life. The difference between someone saying mean things to you and someone writing them is that you can just stop reading.
Blocking is a bandaid to the problem.
If a person climbs onto a stage to make a statement, and instead of getting on stage to make a counterpoint someone just shouts “booo” from the audience, I don’t think it’s unreasonable to demand that person to show their face. There’s a certain level of cowardice in simply downvoting without explaining why you disagree. There’s no option to post anonymously here, so it’s not obvious to me that voting should be anonymous either. If people upvote or downvote, they should be willing to stand behind that - and if someone asks for an explanation, you have three choices: ignore them, block them, or explain. I guess there’s also the option to simply not vote at all.
If it were up to me, I’d hide vote counts from users entirely. It’s not all bad, but I’d argue the net effect is negative. Visible votes encourages toxic behavior. When someone makes a controversial claim, you can first downvote them, then dunk on them in a reply - and now they’re being downvoted into oblivion while you get applause for your smug comment. It feels like you’ve won the debate when in reality, nobody’s mind changed. Heavily downvoted comments also prime readers to dislike them before they even read them, instead of approaching with a neutral mindset and then forming their own opinion - or reading further to see other perspectives. As it stands, the system mostly trains people to recognize what’s popular on a platform so they can self-censor to avoid downvotes, and feel validated for shouting down people who voice unpopular opinions.
So, if someone asks me to explain why I downvoted something, I might explain or I might not - but I don’t think it’s an unreasonable thing to ask. On the other hand, if someone makes it their personal mission to follow me around and harass me because I downvoted their comment, I think it’s unreasonable to demand the system be changed just so I don’t have to deal with it. There’s already a solution for that: blocking them.
WHO BOOED? GET UP HERE THIS INSTANT - I DEMAND TO KNOW WHO BOOED!
If people are harassing you privately, I’m sorry and I’m sure you can message a mod. If you like to express your opinion through votes and adding to the pile but don’t like others knowing you did so, you’re a coward.
I don’t understand why people are calling me a coward. I gave an unpopular opinion, I stood by it and then made a post that might subject my account to scrutiny.
I think they are referring to the point that you want your personal votes to be kept private. Some say it is a form of “cowardice” to not vote publicly.
Personally I see your point is very valid and at least this should be more actively described when signing up for Lemmy and that obviously your instance admins can see everything and you should be very careful (e.g. VPN) if you’d like to participate privately in a conversation. Maybe this is not the right platform for you then ufortunately. Everything in life has its pros and cons and certainly Lemmy is not perfect.
Is this a joke? Are you here as some pro reddit propaganda machine?
How is Reddit less secure than Lemmy?
dude is just bent out of shape because they got called out for disagreeing Russia should go home and leave Ukraine alone.
I mean it is kind of a dick move to spy on downvotes and then demand that someone respond to you. The dude is wrong as hell, but I do agree with the overall principle that not every vote needs to be subject to someone getting interrogated as to why they voted that way.
Their shock at finding out that it works that way is, of course, why the currently Lemmy UI is badly designed because it creates the illusion for people that their votes are private. They definitely should not do that.
It’s not something I usually do, but I’m tired of not calling out people on shitty opinions in regards to fascism. especially when it comes to a simple perspective of “this bad thing is bad”.
it’s like someone downvoting because a comment said “fuck cancer”. like…why? my mind can’t even fathom why anyone would dislike that kind of message unless they themselves are cancer or advocate for the advancement of cancer.
typically I don’t give a shit about downvotes, but it just really rubbed me the wrong way.
Yeah, I get it. You’re not wrong.
People are free to their opinions. Not everyone will fit into your concept of ethics. If you are calling out someone for their non-conventional opinion, you are against free speech.
I feel like you misunderstand what free speech is.
Calling someone out for any opinion is part of free speech.
Makes sense
To elaborate, the ability to call someone out is literally “free speech”. The backlash you may get for said call out, in speech form, is also part of free speech.
If the government locks you up for what you said, that is not free speech.
Free speech just means the government isn’t allowed to punish you for only saying things (and even that had a whole constellation of big fuckin asterisks on it). Free speech does not mean freedom from consequences.
If you are calling out someone for their non-conventional opinion, you are against free speech.
Nope, that’s not what that means. Freedom of speech does not mean freedom of consequences of your speech and it doesn’t mean guaranteed anonymous speech. And as far as the constitution is concerned, the right to freedom of speech only means the government can’t stop you from expressing your opinion.
So you have the right to say what you want without government interference, but other people can tell you that what you said is shitty, your employer can fire you because you opinion isn’t consistent with their values, the forum/venue where you expressed your opinion can ban you, etc.
I read the thread and it was definitely worth calling him out this time.
Exactly my point. It is a form of witch-hunt. People are too focused on my views on the Russia-Ukraine than the actual topic.
deleted by creator
Who’s ‘bent out of shape’?
Having to vent his little frustration from NATO fascists losing the war in a totally unrelated discussion about up/downvotes.
Go cry somewhere else.
Or better go volkssturm and go to the Ostfront like your example from the 1940.
You will be dealth with appropriately there.One comment and five rubles in your pocket, well done Yuri.
Another original banger from the nazi.
Yawn.
Go volunteer then to the Ostfront like your WW2 heroes so can you get what you deserve and I don’t have to read your boring drivel.
I’ll piss on your grave laterThat’s rich coming from an actual Putin nazi, Bumhole.
keep em coming dummy
You’re not accurately representing what they said.
this could easily be solved.
Russia go home. Leave Ukraine.…is on par with telling people to “get a higher-paying job” to fix their finances or “just get friends” to solve loneliness. I don’t downvote a comment like this because it wouldn’t solve the issue, but because the proposed “solution” is completely out of touch with reality.
Good rule of thumb for online discussion: if someone offers a simple solution to a complex problem, they probably don’t know what they’re talking about.
I mean…I am “they”.
honestly I’m at a loss of even how to respond to your critique. you’re comparing first world problems and the primary request of the Ukrainian government like it’s apples to apples.
I think if either of us is underestimating the complexity of the situation, it’s you.
many of the problems that are plaguing Ukraine right now is Russia. many of the problems plaguing Russia right now is their illegal occupation of Ukraine. the simplest solution right now is for Russia to leave Ukraine. after that, discussions of reciprocity can be held. I use that term loosely here though because Russia is clearly the one at fault and Ukraine has been acting in self-defense, as such Ukraine shouldn’t be required to repay anything to Russia.
also, if you’re coming to Lemmy to have a deep political discussion on the finer points of political discourse (especially on the topic of Russia), you might not be that intelligent. maybe read a book on the subject and find a discussion group at a local library if you want to engage with an intellectual.
remember, these are comments not thesis statements.
“You might not be that intelligent” isn’t the counter argument you might think it is.
You misrepresented what OP said. Plain and simple. That’s what I’m calling you out on.
Thank you for saying it. I thought I was going mad.
Ok at the risk of being downvoted to oblivion, why do you think Russia invaded Ukraine?
Mind you, I still think Russia did the wrong thing but there is nuance.
why do you think Russia invaded Ukraine?
To take it over. You know, like they have done with number of countries number of times before?
That’s the US shithole dummy
There is no nuance. Russia amassed an invasion force at the Ukrainian border for a week before entering their sovereign territory.
Russia postured at the border and had been threatening to advance for months before that even.
Russia was supporting Russian separatists and funding domestic terrorists within Ukraine before the invasion.
the only reason why this happened is because the Ukrainian public rebelled against the Russian fed corruption and held an actual legitimate election and removed the installed puppets.
if there is any nuance here, it’s in the multiple ways that Russia had attempted to circumvent the will of the Ukrainian people.
No, it’s on par with telling someone “Well, you shouldn’t keep driving drunk then” or “You should 100% stop contacting her and move on if she keeps instantly blocking you on every new platform you try on.” Certain actions really are under voluntary control. We’re not telling Russia they really need to shape up that GDP if they want the world to take them seriously. We’re asking them to stop deciding to kill innocent people. Seems legit. The obstacle is that they really want to, and they’re reluctant to stop.
(The analogy is flawed because there’s no real equivalency between driving drunk and maybe rolling the dice on killing one family, and yourself, versus doing it to members of a million families. But the simplicity of the solution is the same.)
There’s no real cost to stopping drunk driving. Putin, on the other hand, has gone all in on the war in Ukraine. “Just pull your troops from Ukraine” is about as realistic as “just shoot yourself,” because from his perspective, the outcome is basically the same in both scenarios.
Sure, it would be nice if Russia simply left Ukraine, but put yourself in Putin’s position - it’s a complete non-solution. You don’t fold after going all in. It’s an incredibly naive thing to say, and it ignores the reality and complexity of the situation entirely. It’s a thought-terminating cliché - a feel-good slogan people toss around to avoid critical thinking, while fishing for upvotes from like-minded people.
There’s no real cost to stopping drunk driving.
There isn’t one for Russia to go home neither.
put yourself in Putin’s position - it’s a complete non-solution
You are taking a fucking piss.
Sure, it would be nice if Russia simply left Ukraine, but put yourself in Putin’s position - it’s a complete non-solution. You don’t fold after going all in. It’s an incredibly naive thing to say
This is exactly the kind of logic someone would use to justify either of the examples I brought up. Exactly.
The fact that he really doesn’t want to stop killing innocent people, and so he would have to pay the “cost” of doing something he doesn’t want to do, isn’t a justification. I would actually really like for him to be arrested on that ICC warrant and try to explain this exactly logic at the Hague. I think it would be great. I would support him using that defense, I think it would be wonderful to see. People could decide whether to accept the logic, and then whether to hang him or not depending on whether they bought into it as a good reason for continuing to kill innocent people on an industrial scale.
Explanation is not excuse. This has absolutely nothing to do with justifying anything they’ve done.
So what they’ve done in Ukraine is completely unjustified? In your opinion?
Wow, I’m dumbfounded by this logic.
Let’s say you and I live next door to each other. One day, my family and I break into your house and move in. You tell us to leave, but we punch you in the face. You try fighting back, but we don’t leave, and days and weeks go by. I’ve moved some of my furniture into your house. How would you feel if people started saying that the problem is now too complex. I’ve obviously invested too much in living in your house for me to just pack up and go home. The solution is going to have to be more nuanced than that.
This seems to be the logic you’re defending.
Ok I have ro ask, have you studied philosophy or language? Your comments are so well formed with proper terminology.
Thank you!
No, I haven’t - I’m a plumber by training. I credit my autism for my precision of speech, and as for my philosophy and the vocabulary around it, I’d say that’s simply the result of a few decades of debating these topics online, combined with thousands of hours of podcasts and YouTube videos covering these topics.
It’s rare that I say anything completely original. If something I say comes across as well-crafted, it’s probably because I’ve said the exact same thing a dozen times before.
Autism is a superpower if used correctly.
You are my second favourite plumber, after Mario.
This is just bait lol
Get a room you two
if someone offers a simple solution to a complex problem, they probably don’t know what they’re talking about.
New quote added to my journal
I am not bent out of shape. I said what I said and I stand by it. I am surprised about the public nature of my votes.
I feel hat posts/comments are much more of a privacy exposure than any vote.
If the OP wants private voting vs their post/comments then two account would be the solution to that - this is how it is done in the backend on piefedAlso if only voting is so bad, just don’t vote. Those votes are not used for anything but ranking in lists for others, you’ll not see any difference for yourself if you stop voting.
It is a social forum. Voting and commenting is the core part of the experience.
Yes. So does seeing how you are voting and commenting.
I don’t understand
So you still don’t understand that publicly accessible votes come from publicly viewable actions of users and can be tracked back to them???
If you’re a lurker who votes, voting would be your only exposure.
If you are a lurker that votes then I very little that some random could tie back to your home address or even IP
Which only has rather limited information derivable from it. The most “identifying” would be to vote regularly on a community dedicated to your local area.
If you don’t trust your instance with knowing your IP-address, then the issue is not going to be solved by “anonymous voting”. Because your instance has to know if you voted on something or not, so votes cannot be done multiple times. This is unavoidable and equal to the situation when using reddit. Except that you can choose a different instance if you distrust the current instance.
OP either did not think through what he is claiming or he is driven by an agenda.
Both of them are but when a person comments, they willingly put out their opinion in the public. Voting is meant to be anonymous (like irl).
Also, votes have a massive amount as compared to comments. An average user might comment on 1 post for every 50 they vote on (a number I pulled out of my ass)
Voting is meant to be anonymous
You THINK it should be anonymous. I disagree so did Lemmy creators.
The Lemmy creators thought votes should be private, and didn’t respond meaningfully to people who tried to tell them that Lemmy votes are not private.
If they’re currently retconning it as “Lemmy votes are not private and never were,” then that’s a step in the right direction I guess, but the fatal flaw was ever following the Reddit model where votes are “supposed” to be private for real. Because as you note it is impossible to do in an ActivityPub system. A lot of people when this was first being discussed, pre-lemvotes, were objecting strongly to the idea of making votes public, because they liked pretending they were private and just not paying any attention to the fact that they weren’t. I think mbin still refuses to display downvotes for this (stupid) reason.
(Actually, Piefed did what I thought was a brilliant solution, creating new actors to send out votes with that were different from the comment actors, so that individual users could vote from Piefed and admins could check into it but the votes would not be trivial to associate with the users. IDK why they abandoned it but it seemed like a pretty clever way.)
I’d dare say lemmy creators wouldn’t mind private votes, they chose not to dispolasy voting counts to normal users after all, but that’s not how the ActivityPub protocol is built and honestly can’t be built if you want federated votes.
Voting is only seldom private IRL, only in very specific situations like in very important national elections.
When you vote for what to get for lunch together or for who will be the head of your local football club or who will be the speaker in your school, most of them are public, similarly to Lemmy votes.
The only one tying your votes to your IP-address or the E-Mail you registered with, is your home instance. This is identical to reddit. If you don’t trust your home instance with your IP-address, use a VPN and/or switch to a different instance.
You are making up an issue for lemmy, which you are willing to accept with reddit.
Votes being public is a lemmy specific issue
But they aren’t tied to any public information that relates back to you, unless you voluntarily make this information public yourself. You have the exact same “privacy (maybe even physical security)” risk, like when you use reddit. Just that with reddit you have to trust reddit to use the platform, while in the Fediverse you only have to choose one instance to trust.
Votes are public here and not on Reddit. Someone who doesn’t like a downvote can go on a witch-hunt, something which is happening to my comments right now.
Both of them are but when a person comments, they willingly put out their opinion in the public. Voting is meant to be anonymous (like irl).
Also, votes have a massive amount as compared to comments. An average user might comment on 1 post for every 50 they vote on (a number I pulled out of my ass)
Voting is meant to be anonymous (like irl).
Says who? Voting/likes are public on a lot of social media sites, as long as the content itself is public. The only mainstream ones I can think of where it’s not are YouTube and reddit.
The thing is they make it extremely clear that votes are public by letting you see who voted right next to the button.
Lemmy hides this feature and most users don’t know about it.
person comments, they willingly put out their opinion in the public.
Yes.
Voting is meant to be anonymous
No.
That is not true. Most votes irl are in fact public to the audience. Did you ever participate in a democratically organized group? Local council votes are usually done by raising hands. Votes in HOA meetings are usually done by raising hands. Your sports club deciding on a new executive and treasurer? Guess what. Raising hands.
On most social media the voting is public, see Facebook/Twitter likes. Hell back in the days of forums you could usually see the list of users that liked a given thread in most of the forum software I ever used. Reddit was the anomaly really
I think piefed has a feature where your votes never leave your instance, so are not exposed in this way (but obviously only appear on your home instance too)
Agree that it should be clearer to people coming from Reddit that that’s how it works though.
The thing is they make it extremely clear that votes are public by letting you see who voted right next to the button.
Lemmy hides this feature and most users don’t know about it.
Why are you saying IP addresses are publicly shown here and why is (almost) no one correcting you? That would’ve been an enormous privacy risk that would’ve required intentionally fucking users over. Just doesn’t even make sense to write what you did about IP addresses. Seems like you’re just hoping to cause some panic.
Admins can get them. It is not available to everyone.
Only the admin of your instance can see your IP address, it doesn’t get federated to other instances.
Who says that Reddit isn’t selling upvote/downvote and IP info? Or sharing with govts?
They 100% are
I am not worried about big tech because they scrape everything anyways. I am more worried about the witchhunt and potential admin abuse.
And even this does not happen, it should be made clear that votes are public
Okay so then why fearmonger? You’re thinking that a handful of people in the world having your IP and also opinions is somehow more dangerous than anything else on the Internet?
While it is important to know that voting is not private (nor truly is direct messaging), that is not in itself a danger.
Lemmy is community driven, and so it is — broadly speaking — governed by community norms and the platform is responsive to the needs of those norms. If someone is harassing or mistreating you on the basis of your voting, then you can take it up with an admin. I’ve seen people called out for the use of vote manipulation, but I’m not sure what it would look like to be targeted based on your votes.
By the way, there are also mechanisms for publicly addressing grievances with mods and admins.
Most importantly, recognize that it does take time to adjust to the reality that no one cares about the fake internet points here. Reddit uses dark patterns to manipulate users into equating votes with worthiness. Having a lot of karma on reddit contributes to a person’s reputation and credibility there. Here, no one cares, or even sees, a person’s vote totals. Like most everything else, it’s technically public, but it’s not visible or indicated.
Why does reddit want you to care about your karma? For engagement and metrics. If people are only incentivized to share genuine interests and human interaction, then they won’t scroll mindlessly for quite as long. If every post and comment is incentivized for maximum virality, then Reddit can sell more eyeballs to advertisers. Plus, if people care enough about their fake points, they will literally pay to buy reputation. Reddit doesn’t care about your well-being, just your ad impressions. Like any other social media corp.
Welcome to a better, healthier, more transparent place. We are far from perfect, but no one here will use dark patterns to mine you for content.
if someone is harassing or mistreating you on the basis of your voting, then you can take it up with an amin.
this is a highly demanding solution for a misbehavior that takes very little energy to engage in. at least in my experience with admins, even when you have an effective one that doesn’t mean they will be effective in the coming months or years. ultimately a lot of people will end up having to explain somebody else’s bad behavior to another who just might not care.
but never mind that. what I’ve actually got to wonder is what does having votes public even accomplish positively? is the goal to help users understand each other based on actions we made that up to this point we thought were anonymous?
Votes are public more of a side effect of the fact that Lemmy is federated, rather than intentionally as something to be publicly visible, I don’t believe you can go find someone’s vote history just from the normal Lemmy ui, but someone could create their own Lemmy/mastodon/kbin version (or just some custom scraper that speaks activity pub and pretends to be one of these) to start collecting vote counts.
Votes being tied to accounts makes it slightly harder to do vote manipulation, but only slightly. It would be as simple as having my server tell the server of the original post that 5000 users that totally exist voted on this post. Of course you could do the same by actually creating 5000 fake accounts on your server, but that’s marginally more work, and also slightly more detectable. There’s a lot of trust in the activity pub protocol.
I don’t believe you can go find someone’s vote history just from the normal Lemmy ui
If you run your own Lemmy server, you can probably just query your server’s database. Lemmy admins can see upvoters and downvoters for all comments (and posts I think), not just comments/posts on servers they’re an admin on, so that data must be in the database.
got it. thank you for the in-depth explanation
There have been a lot of discussions about whether voting on Lemmy should be public. Some threadiverse platforms actually take the step of displaying votes and reactions publicly for that very reason.
I won’t attempt to recap those discussions here, but you may be able to search for them.
Most importantly, recognize that it does take time to adjust to the reality that no one cares about the fake internet points here.
Oh but they do.
It also informs how comments are sorted under each post (unless you choose New or Old by default).
IMHO the voting system is the best part of both reddit and lemmy: it gives certain powers to the majority. It gives a rough picture of how other people - even those that do not comment - feel about opinions.
edit: lol, even you do
Voting functions completely differently between the two sites. I didn’t say that voting doesn’t matter, I said that no one cares about the “points.”
People can and do use voting to let others know about interesting content or to express displeasure at seeing a post (which is why it is sometimes surprising to see any downvotes on certain posts such as the nice one I was responding to in the screenshot).
What people don’t use them for is a measure of merit or reputation. Voting here functions much more like reddit used to years ago. It helps sort content by what people want to see.
I took it up with a mod. They said it is public information. That is how I learned about it. Mods won’t do shit if they favor the abuser.
Don’t tell anyone, but your posts and comments are also public.
Only you can see this comment Daniskarma. The Leering League of Lemmy SEES you Daniskarma and we have taken notice. Cease your efforts to spread information about public posts and comments, or ELSE Daniskarma. We’re watching you.
I know you are being sarcastic and edgy but point is that voting is assumed to be private by the average person because it is anonymous in elections, it is anonymous on the closest social platform Reddit and popular websites like youtube.
I don’t know how to break this… But voting in Lemmy is not choosing a president.
Voting is like booing or clapping in a public agora. It’s not private. If you assume is private that’s on you.
Not even on your beloved reddit. Reddit admins know all your votes.
Admins know but users don’t.
That’s precisely your issue before. Voting in reddit is not private as admins know that info and can share with anyone so the “bad voter” could get prosecuted. But users, like you, think it’s private because they don’t see it.
Be consistent with your argument at least.
I will disengage here. Bye!
How likely is an admin to share something with someone else vs something being already public?
Mods can also see them for their communities iirc.
But it’s part of the activity pub protocol and how things work between federated platforms. Some platforms display the votes in public for everyone
It’s a federated platform. How could voting have been anonymous?
Besides, nothing requires you to vote on posts. If you’re not comfortable voting, then don’t vote.
I am okay with votes being public but then it should be made explicitly clear to users.
The people I trust the least on these platforms are the admins and owners of them. Your voting wasn’t anonymous on reddit to those people either.
And reddit also has a problen where you can use bots to farm upvotes and because you cant see that information means you cant tell if posts are legit or propaganda
I don’t think IP addresses federate? I think only your instance admin can see your IP address. In any case, though, you should generally always assume that your up/down votes on any service are recorded and tied to your username. If you can come back later and change your vote, that vote is tied to your username. It may not be visible to other users, but the server admins can absolutely see what you’re doing.
Reddit might not make your votes publicly visible, but they’re absolutely tracking them and using that information to select what you see, including advertising. They might not directly share those votes with advertisers, but they almost certainly are sharing your interests based on your votes. And you should assume Reddit and others will comply if the government comes asking for what users liked a post the government opposes, or who downvoted a post praising a new government initiative.
It depends on your threat model, but your threat model might change. Freedom of speech might be curtailed by politicians even when that’s supposed to be unconstitutional. What might be safe to do online now might become unsafe in a year or two.
YSK: every action you take online, even as simple as an Upvote or Like, might be recorded and may come back to haunt you
It’s the nature of the beast. Federated software holds no secrets.
Related: https://sopuli.xyz/post/31369487It might not be a secret but voting should be a private thing, like most irl voting. It is nowhere explicitly stated to the users, no apps or website says it.
Even if sites like lemmyvotes disappear and software like kbin/mbin starts hiding the votes all you need to do is to spin up your own lemmy server. Piefeds dev is actively trying to find a way to obscure voting, but I think that ended with the choice of public (federated) vote or private (instance-only) voting.
I agree that the public nature of votes could be made more apparent, but the lemmy devs has decided against that
https://github.com/LemmyNet/lemmy/issues/4967It’s ridiculously stupid. In my opinion. Actually making the votes private would be fine. Making the votes public but making sure everyone knows that would be fine. Trying to pretend they’re private, and hiding them in the UI but making it an open secret that they’re not private and anyone who knows what they’re doing can look at how other people are voting, is textbook harmful security-by-obscurity misleading your users.
It kind of goes with their authoritarian mindset I guess. “Don’t question me, I don’t have to be honest with you about what’s going on, just shut up and go back to your UI which has only the features I allow you to have. Mine has a little dropdown that can look at the votes. Yours doesn’t. Get back in your box. All the good users won’t look outside what I tell them to.”
Making the votes public but making sure everyone knows that would be fine.
This is why I actually like that in kbin/mbin you can see up front who has voted what. It doesn’t pretend votes are secret when they aren’t.
It literally can’t be private, just from the way Lenny works. You can’t have it all. You could in theory make it less visible, but that would be a false sense of privacy as it would be possible to do get the information with some effort. Just having it be fully open is more honest and makes no claims it can’t keep.
It’s social media, even if federated. On Facebook, tiktok or whatever they are also not private btw: maybe users can or can’t see them (I have no idea), but the company behind the platform certainly can and will use it for advertising to you and for what else to show you, making you the product.
The thing is they make it extremely clear that votes are public by letting you see who voted right next to the button.
Lemmy hides this feature and most users don’t know about it.
If you are logged in to anything, what you do is tied to your account. Welcome to the internet. Instance admin on your instance can figure out your ip. Nobody else. You can run your own instance to avoid this if you want. Or just use a vpn.
Google track you constantly even when you are not logged in by the way, with scripts on almost every web page. So they have your real name, your entire search history, and what exact programs you use on your phone if you have android.
My votes are a massive privacy risk? How? I’m putting them out there publicly willingly. As is the nature of the internet.
I like piefed because it lets you see at a glance if someone is a serial downvoter. On each piefed user profile is a thing called “attitude” and it’s a ratio of your upvotes vs downvotes. 100% means the person doesn’t downvote people. 50% means they downvote and upvote equally. 0% is only downvotes.
It shows up for people outside piefed too so i see you too lemmy angry people.
I would never downvote cereal.
Unless it was grape nuts. That shit is like eating gravel.
Here’s how you Grape Nut:
Pour a small pile (like a cup or so) in a bowl.
Take a spoonful of peanut butter and use the backside of the spoon to mix up the PB and GN. Smash it together for longer than you think until it’s well mixed.
Top with a drizzle of honey and then pour milk over it.
S-tier breakfast.
Raisin bran gang!
What is mine?
90%
Thanks! Cool feature.
Now do me, please.
Hang on, doing your mom.
In combination with your IP, this is a massive privacy (maybe even physical security) risk.
Your IP would only be seen by your instance (which is inevitable, you gotta connect to it after all). But there’s no way for anyone else to look up your IP.
I read that since images are hosted on the instance they were posted to, any instance hosting pictures you load, even if they’re DMd to you can get your ip. So someone could just DM you a picture from their own instance if they wanted it for whatever reason. I have not personally verified, but just adding it here because this comment seems to be the most succinct and accurate one I currently see.
even if they’re DMd to you
Really only if they’re DMs. Because a publicly posted picture yeah, they’ll see your IP loading it but they will also see everyone’s, with no way to tell who is who.
And a fairly recently Lemmy was updated to not show embedded images in DMs so that wouldn’t even work. (This depends on your client, but on the most recent official web version external images are blocked)
I dsiagree that transparent upvotes are an issue. In fact i think it’s a powerful feature for community to self correct and resist astro turfing.
On reddit votes have become meaningless because they are not 1 person == 1 vote and its completely astroturfed. You can literally got to buyredditvotes dot com (not real but real ones are very close just google it) and stuff any post with votes and nobody will ever know.
Transparent interactions are key for community health even if behind anonymous nicknames. So all interactions should be transparent.
My only issue is that many lemmy instances are blocking popular VPN services which is very dangerous. I understand the bot argument but (even though residential proxies are dirt cheap these days) user safety suffers hard here.
Oh no now the lemmy.ml special mods will know I downvote them when I see them lol
Sure they will be interested in your petty downvotes.
Or pathetic remarks
It was something I had to learn, coming from Reddit.
But I made my peace with it. Let the mods* see my up/downvotes. If that becomes a problem then, well, the Lemmyverse isn’t right for me.
* I was told that anyone can see this, with a little effort.
But I have not heard about this applying to IPs.
Obviously someone running an instance (an admin) can see who visits that instance; that’s just how servers work. If you can’t live with that you must use Tor or VPN.So while I agree that everyone should be aware that up/downvotes + username are visible to anyone, I’m not sure about the IP argument.
IP thing is a risk but I don’t see an alternative as you pointed out.
Russia really should just leave Ukraine, though. (Sorry, I just saw the context for this a few minutes ago and can’t help myself).
It is not the context for this post, people have made it the context. It is the reason for this post.
Maybe context is the wrong word.
E: how about catalyst.
Cool stuff right? Everyone can spy on you, and you can keep them guessing by behaving incongruent. Lots of fun!
Lol
It’s currently impossible to have private upvotes and downvotes with a federated service. It could probably be done, but it’d need a big revamp of the ActivityPub protocol, and apps would need to adopt the new protocol version. It’s not trivial.
Just hiding the data in the UI doesn’t solve it, because the data is still there.
Additionally, a lot of other social media sites have public votes/likes, as long as the content is public. Facebook, Twitter, Instagram, Discord, LinkedIn, Telegram (if you consider it social media?), and probably some others all have public likes by default.
It is okay to have public votes but it should be made clear to the users. Instagram and others allow you to see who has liked easily (next to the like button), so everyone knows it is public. Lemmy does not let me see who voted easily and it being a reddit alternative further makes it seem anonymous.
