I recently learned that voting on lemmy is not anonymous. Anyone can get information about who has upvoted and downvoted a post or comment.
In combination with your IP, this is a massive privacy (maybe even physical security) risk. Also, people can target you for your votes.
Sadly, this is something where I would prefer Reddit over Lemmy. Big tech scrapes data from both places anyways, at least Reddit is safe.
It’s the nature of the beast. Federated software holds no secrets.
Related: https://sopuli.xyz/post/31369487
It might not be a secret but voting should be a private thing, like most irl voting. It is nowhere explicitly stated to the users, no apps or website says it.
Even if sites like lemmyvotes disappear and software like kbin/mbin starts hiding the votes all you need to do is to spin up your own lemmy server. Piefeds dev is actively trying to find a way to obscure voting, but I think that ended with the choice of public (federated) vote or private (instance-only) voting.
I agree that the public nature of votes could be made more apparent, but the lemmy devs has decided against that
https://github.com/LemmyNet/lemmy/issues/4967
It’s ridiculously stupid. In my opinion. Actually making the votes private would be fine. Making the votes public but making sure everyone knows that would be fine. Trying to pretend they’re private, and hiding them in the UI but making it an open secret that they’re not private and anyone who knows what they’re doing can look at how other people are voting, is textbook harmful security-by-obscurity misleading your users.
It kind of goes with their authoritarian mindset I guess. “Don’t question me, I don’t have to be honest with you about what’s going on, just shut up and go back to your UI which has only the features I allow you to have. Mine has a little dropdown that can look at the votes. Yours doesn’t. Get back in your box. All the good users won’t look outside what I tell them to.”
This is why I actually like that in kbin/mbin you can see up front who has voted what. It doesn’t pretend votes are secret when they aren’t.
It literally can’t be private, just from the way Lenny works. You can’t have it all. You could in theory make it less visible, but that would be a false sense of privacy as it would be possible to do get the information with some effort. Just having it be fully open is more honest and makes no claims it can’t keep.
It’s social media, even if federated. On Facebook, tiktok or whatever they are also not private btw: maybe users can or can’t see them (I have no idea), but the company behind the platform certainly can and will use it for advertising to you and for what else to show you, making you the product.
The thing is they make it extremely clear that votes are public by letting you see who voted right next to the button.
Lemmy hides this feature and most users don’t know about it.
If you are logged in to anything, what you do is tied to your account. Welcome to the internet. Instance admin on your instance can figure out your ip. Nobody else. You can run your own instance to avoid this if you want. Or just use a vpn.
Google track you constantly even when you are not logged in by the way, with scripts on almost every web page. So they have your real name, your entire search history, and what exact programs you use on your phone if you have android.