Currently, almost anyone in the Fediverse can see Lemmys votes. Lemmy admins can see votes, as well as mods. Only regular Lemmy users can’t. Should the Lemmy devs create a way to make the votes anonymous?
There is a discussion going on right now considering “making the Lemmy votes public” but I think that premisse is just wrong. The votes are public already, they’re just hidden from Lemmy users. Anyone from a kbin/mbin/fedia instance can check out the votes if they are so inclined.
The users right now may fall into a false sense of privacy when voting because the votes are hidden from Lemmy users. If you want to vote something and not show up on the vote list, please create another account to support that type of content and don’t tell anyone.
You must log in or register to comment.
How about pseudonymous as a compromise? Votes could be publicly federated but tied to some uuid instead of the username. That way you still have the same anti spam ability (can see that a user upvoted these things from this instance at this time) but can’t tie it directly to comments or actual user accounts without some extra osint.
It might be theoretically possible to correlate the uuids with an account’s activity and dox the user in some cases, especially with some instances having a single user, but it would be very difficult or impossible to do on larger instances and would add an extra layer. Single user instances would be kind of impossible to make totally private anyway because they can be identified by instance.
Votes could be publicly federated but tied to some uuid instead of the username. That way you still have the same anti spam ability (can see that a user upvoted these things from this instance at this time) but can’t tie it directly to comments or actual user accounts without some extra osint.
The issue with that is with malicious instances that could engage with vote manipulation by just generating new IDs and voting for whatever they want. If you can’t look back at the profile and determine whether it’s a real, non-spam account, it’s a pretty big issue unfortunately.
You also have an issue where someone could potentially vote with “your” ID without any way to detect that it’s not actually “you” who sent the vote.
they could do similar to another platform had done, which is tie voting to a shadow account that only the instance admin team can link to a user, this allows for moderation while providing the ability for obscurity.
I still disagree it should be public in the first place, but I know it’s a hard requirement for federation so it’s unlikely to become more concealed
Any instances that actually show public downvotes? I’ve seen people talk about them but haven’t seen them yet
No, there is no real need. An account is already pseudo-anonymous. Full anonymity adds no real value beyond making it easier to manipulate vote tallies with bot accounts undetected.
edit: As a side note, this is one of the more transparent social media communities. It’s not terribly privacy-oriented in general. The enhanced transparency is part of its appeal.
Make the author of the comment/post see who voted for them.
Yes, they should ideally. But it’s hard to properly implement them in a way that will guarantee anonymity and be sybil-resistant at the same time.
Should the Lemmy devs create a way to make the votes anonymous?
I’m not sure if there is a good way to have the content federate anonymously. Even if there was, it would be a vector for spam.
Vote manipulation is a growing problem on Reddit, and it’s only getting worse with all the AI spam bots. They don’t have an incentive to stop it and it’s only going to get worse. Why trust a review on Reddit if bots are upvoting/downvoting on behalf of a company, or worse what happens in news communities when a well funded group wants to change perspectives.
Admins need to know if the votes/likes coming in are legitimate, else they should block them. It’s too easy to abuse anonymous votes to affect how content is ranked.
I left a long comment in the other thread which I will link in a moment, but I think either
- We keep the current setup, but we put in more effort to make new users aware that vote records are visible to admins/mods
- We make it public for everyone and take steps to deal with the new issues that it could cause
I will also add that I think in the long run, as we try to figure out how to differentiate between humans and machines, the only real reliably solution I see is to focus on elevating the individual. Having people with long histories validate their reality by living and documenting it.
I don’t upvote something that I’d be ashamed for someone to see I upvote. I might make an exception for pornographic content, but even with that, if it’s pseudononymous in that it’s not attached to my personal public life, I don’t mind if someone can trace through and see what a specific account I use for those purposes has liked and disliked.
The current trust model already relies on a user’s home instance accurately reporting user activity and not injecting fake activity. Hiding real user votes behind pseudonymous tokens doesn’t change that at all.
As far as I can tell, the activity ranking algorithms don’t actually differentiate between up and down votes anyway. All votes are considered engagement.
Admins need to know if the votes/likes coming in are legitimate, else they should block them. It’s too easy to abuse anonymous votes to affect how content is ranked.
This is a very real problem right now. Admins that are on to it use the votes to identify swarms of users that follow each other around upvoting each other’s spam/troll posts.
And that is still possible with pseudonymous tokens votes. You just end up banning tokens for malicious voting activity, and users for malicious posting activity. It’s at best a very mild adjustment to moderation workflows.
How does this work? The community issues federates votes but with a linked token instead of a linked user? How do you track vote manipulation across different communities on different instances?
As far as I understand it all activity originates from the home instance, where users are interacting with federated copies of posts. The unique user token from a well behaving instance follows the user across the fediverse, allowing bulk moderation for voting patterns using that token. The only difference is that it is not explicitly tied to a given user string. That means moderation for vote manipulation gets tracked via a user’s vote token, and moderation for trolling/spam/rule violations happens via their display name. It may be possible that a user is banned from voting but not commenting and vice versa. It’s is a fairly minor change in moderation workflow, which brings a significant enhancement to user privacy.
Under activitypub, a lemmy community is kind of like a user (actually an activitypub group). When I post here with my lemmy.nz account to this lemmy.world community, lemmy.nz sends my comment to lemmy.world who then sends it to sh.itjust.works for you to see. The community is the controller of all interactions within the community. In this case, lemmy.world is the official source of how many upvotes this post has. And each vote is validated using the user’s public key to ensure it actually came from that specific user - a standard part of ActivityPub.
So would lemmy.world assign a token for your votes? If your instance assigned the token, Lemmy.world would not be able to validate against your user’s public key. If Lemmy.world assigns the token, it would only be valid in lemmy.world communities, as other instances would have to assign their own token. And both sh.itjust.works and lemmy.world admins could still see the real association.
Also, changing how votes work would break compatibility with other ActivityPub software (e.g. Mastodon could no longer interpret an upvote as a favourite, Mbin would’t be able to retrieve any data about the votes unless they specifically changed to work in the Lemmy way instead of using standard ActivityPub).
Worst case scenario, there is an entirely separate, tokenized identity for votes which is authenticated the exact same way, but which is only tied to an identity at the home instance. It would be as if the voting pub is coming from user:socsa-token. It’s effectively a separate user with a separate key. A well behaving instance would only ever publish votes from socsa-token, and comments from Socsa. To the rest of the fediverse socsa-token is simply a user which never comments and Socsa is a user which never votes.
I am not sure key based ID is actually core to AP anyway. The last time I read the spec it kind of hand waved identity management implementation.
Well hey, sounds like you might be able to help. Lemmy devs are actively soliciting opinions on lemmy votes, maybe you could have a say? Most of the comments are around “votes are already sort of public” therefore either a) make them actually public so we aren’t pretending they aren’t, or b) keep them hidden, a little less public is better than completely public.
Perhaps you can come in with a c) option to make votes even less public?
The more I spend time on Lemmy, the more I think it is in a lot of trouble. There are many serious issues that need to be addressed and I don’t see how most of them can be.
Federation is touted as a Good, but has many drawbacks. Privacy (as listed in this post for example) for one, instead of algorithm curated/focused content federated servers each enforce (subconsciously or overtly) a theme, rampant user generation off multiple servers rendering moderation pointless, and so on.
Then there is the rampant issue of moderation abuse. It seems that the only reason to be a moderator is to not be annoyed at other people forcing their opinions on you. This reminder that admins/mods get yet another way to subject the users to their biases is the nail in the coffin IMO. “You vote this way? Banned because my feelings matter more”.
Privacy is important for a lot of people and that is impossible to get on Lemmy unless something drastically changes, but it doesn’t sound like this is will ever happen. The people that can see your data is not under your control at all and I think this fact alone will never allow Lemmy to grow to a place we can be happy with.
If admins can see data without limits, everyone should be able to. All 5 of us once that realization sinks in.
;tldr I don’t think even admins should see peoples data but that seems impossible so…
Wouldn’t it be easier to leave it as an option for each user on Lemmy?
If users want anonymity, let them have it. If they want to share their vote, let them do that. Forcing one option on others without the voice of the usually silent majority isn’t going to fix anything, it’s just going to scare some people away or start posts requesting it private again; or optional.
Not to mention, using this method you will quickly see how many users really wanted this option based on how many leave privacy enabled or disabled, instead of listening to a current vocal minority.
User choice would be best indeed. The problem is that currently the votes are public but hidden from Lemmy regular users. Anonymize votes seems to be such a big problem the devs don’t even want to consider it.
deleted by creator
I hear you, but problem or not, the devs shouldn’t be making major decisions for the user base after the fact. Anonymous voting might be a problem at first, but so will people who are broadsided by the decision. Not to mention the users who will use an open voting system to bully users they disagree with. You have to foresee problems will come with any decision, and a percentage of users will flee for each bad, meaning the safest choice is user base safety over forced decisions. Ultimately sad truth is, leaving things as they are is a much easier call for devs.
Keep the Fediverse bot- and troll-free.
The whole idea of being able to behave like a shithead without accountability needs to go.
As with all things you must behave like a shithead in moderation.
Votes should be transparent for everyone. Right now the system assumes that mods/admins are somehow inherently more responsible than the average user, but well, just look at the garbage clusterfuck admin/mod teams of certain instances. You’re telling me you’re gonna trust these people with this information and not everyone else? Get the fuck outta here.
deleted by creator
Yeah. If you’re on a public forum accessible to anyone, which the whole fediverse is, then you should never assume privacy.
Honestly transparency in this regard would be better - they’re already visible to much of the community, so they might as well be visible to everyone.
I’ve been thinking about this for several hours since I first became aware of the debate.
I don’t care that much in theory if anyone sees my votes. They aren’t anything I’m particularly private about. I care about conversation way more than up/down votes.
However, some people get a little upset about being downvoted. I think it will result in retaliatory downvotes. You already see that when two folks are arguing. I don’t normally waste my time downvoting a post I’m writing a rebuttal to, but when they are downvoting me I tend to do it back. I think if everyone had easy access, they would hunt down their down voters posts and retaliate regardless of the quality of the comments.
Lastly, I wonder if this will give rise to a client that lets you use one account to post/comment and a different one to vote. And if it does, will that be better all around? Then no one will be able to associate votes with a user. But it seems unnecessarily wasteful to create a whole account that does nothing but vote. It seems like it would deny mods (and everyone) a useful tool for identifying bad actors.
Technically, anyone could get access to the voters identity if they try hard enough but 99% of the users won’t put in that much effort. And technically someone could already use different accounts for different activities, but without reason to create a client to support that it’s too much of a pain to be worth the effort.
So I really think I’m on team status quo here.
I don’t normally waste my time downvoting a post I’m writing a rebuttal to, but when they are downvoting me I tend to do it back. I think if everyone had easy access, they would hunt down their down voters posts and retaliate regardless of the quality of the comments
That would stop as soon as people start reporting this behavior to mods who felt enabled to ban users based on unjustified downvoting.
I’m really skeptical about that. Either that they would do it or that such “justified” downvoting would be a clear cut or fair decision. Most people don’t vote the right way. How many people downvote content they agree with or find funny but doesn’t add to the discussion? How many people upvote content they disagree with that does add to the discussion?
And am I really going to take up a mod’s time because someone got mad at me and downvoted—the most accessible and innocuous was to express displeasure with someone? How many more complaints about downvote bullying are mods going to have to field?
I don’t know. You could be right, but I’d want to see it successful in a small scale, if possible, before deploying it everywhere. Maybe the folks suggesting it skills be up to the server admin are right. That would be another differentiator and people could go to communities on servers that have their preferred visibility policy. That would serve as an A/B test and let people vote with their feet.
How many people downvote content they agree with or find funny but doesn’t add to the discussion?
Again, this is only a problem because we have lost this sense of shared culture. If we really want to have an established “community”, these guidelines will have to be one way or another be restored and enforced.
How many more complaints about downvote bullying are mods going to have to field?
Here is an idea: instead of trying to remove power from people, let’s give more of it. Hiding votes is hard, but creating a finer-grained permission system for moderation is not. Let’s build a system where mods can assign other mods for specific types of reports. Then, we can have few mods who would be “all powerful” like they are now and we could have a bunch of “issue-specific” trusted users who could access/triage specific reports.
We shouldn’t need mods to figure out what is “basic” spam and we shouldn’t need powerful mods to say “user A is reporting that B has downvoted their last 5 posts in different conversations. This is a violation of the community rules and therefore should be banned.”
레미에 대한 공개 투표는 커뮤니티 내에서 투명성과 책임성을 강화하여 사용자가 특정 콘텐츠를 지지하거나 반대하는 사람을 확인할 수 있게 해줍니다. 그러나 이는 또래의 압력이나 원치 않는 감시로 이어질 수도 있습니다. 온라인 상호작용에서 프라이버시와 자유를 원하는 사용자에게는 익명성이 더 바람직할 수 있습니다. 온라인 개인정보 보호 도구에 대해 자세히 알아보려면 챗GPT 를 방문하세요.
레미에 대한 공개 투표는 커뮤니티 내에서 투명성과 책임성을 강화하여 사용자가 특정 콘텐츠를 지지하거나 반대하는 사람을 확인할 수 있게 해줍니다. 그러나 이는 또래의 압력이나 원치 않는 감시로 이어질 수도 있습니다. 온라인 상호작용에서 프라이버시와 자유를 원하는 사용자에게는 익명성이 더 바람직할 수 있습니다. 온라인 개인정보 보호 도구에 대해 자세히 알아보려면 챗GPT 를 방문하세요.
lemie daehan gong-gae tupyoneun keomyuniti naeeseo tumyeongseong-gwa chaeg-imseong-eul ganghwahayeo sayongjaga teugjeong kontencheuleul jijihageona bandaehaneun salam-eul hwag-inhal su issge haejubnida. geuleona ineun ttolaeui ablyeog-ina wonchi anhneun gamsilo ieojil sudo issseubnida. onlain sanghojag-yong-eseo peulaibeosiwa jayuleul wonhaneun sayongja-egeneun igmyeongseong-i deo balamjighal su issseubnida. onlain gaeinjeongbo boho dogue daehae jasehi al-abolyeomyeon chaesGPT leul bangmunhaseyo.
Public voting for Remi increases transparency and accountability within the community, allowing users to see who supports or opposes certain content. However, it can also lead to peer pressure or unwanted surveillance. For users who want privacy and freedom in their online interactions, anonymity may be preferable. Visit ChatGPT to learn more about online privacy tools.
I’m sorry, what?
Spambot
I would rather vote identities being blocked from scraping. I don’t care about other users or admins. I would rather that level of information be unavailable to outside commercial sources, especially any timings based metadata that could be used to derive dwell time and other psychological metrics.
Thats probably a complete nonstarter in a federated network. The metadata needs to be sent via Activitypub, ergo it has to be public.
I think you’re looking for a different type of community then, like an image board.
Sill waiting for someone to show me how to see what someone up votes and down votes on Lemmy through a pre-existing Mbin or Mastodon instance. That’s really been the only convincing argument to make them public that I’ve heard. (That convinces me, I mean.) But nobody has shown it is possible through fedia.io for example. I tried but couldn’t see it, but it’s possible I was looking in the wrong place.
Here is a video of me doing it on my phone with fedia.io: https://files.catbox.moe/nb5rx1.mp4 For some reason it wouldn’t show me reduces (downvotes), though.
Ahhhh, okay. I was expecting it to be under a user but it is attached to the post. That makes targeted harassment marginally more difficult but regardless, I definitely can see that it’s trivial to see the upvotes (favorites) and downvotes (reduces).
Whether or not this is “good” or “bad” I’m still undecided on, but you’ve officially convinced me that it is trivial to see exactly who voted (and how) on a post (or comment). You do not need to “set up an instance” like many people say.
Fair enough. I do think you can view it under a users profile in some Mastodon clients- but only upvotes, not downvotes.
