YSK: Your Lemmy activities (e.g. downvotes) are far from private - eviltoast

Edit: obligatory explanation (thanks mods for squaring me away)…

What you see via the UI isn’t “all that exists”. Unlike Reddit, where everything is a black box, there are a lot more eyeballs who can see “under the hood”. Any instance admin, proper or rogue, gets a ton of information that users won’t normally see. The attached example demonstrates that while users will only see upvote/downvote tallies, admins can see who actually performed those actions.

Edit: To clarify, not just YOUR instance admin gets this info. This is ANY instance admin across the Fediverse.

  • Album@lemmy.ca
    link
    fedilink
    arrow-up
    82
    arrow-down
    6
    ·
    1 year ago

    Posts and comments is one thing… It’s inherently public. But I think being able to see up and down vote publically is a tough pill. If you don’t realize your votes can be seen you risk your vote being held against you. If you do know it disincentivizes you to use the vote system to protect yourself from something that should be rather benign.

    • mookulator@lemmy.world
      link
      fedilink
      English
      arrow-up
      13
      arrow-down
      3
      ·
      1 year ago

      At least you know the instance host isn’t selling your data right? The advertisers already have it 🤪

      • mookulator@lemmy.world
        link
        fedilink
        English
        arrow-up
        3
        ·
        1 year ago

        I was kind of joking, but now that I think about it isn’t that better? The problem isn’t really advertisers having your data, it’s companies doing skeezy things to be able to make more money with your data.

        This way, instance hosts are free from that incentive and can just focus on making a good website.

        • mookulator@lemmy.world
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          I was kind of joking, but now that I think about it isn’t that better? The problem isn’t really advertisers having your data, it’s companies doing skeezy things to be able to make more money with your data.

          This way, instance hosts are free from that incentive and can just focus on making a good website.

    • donut4ever@sh.itjust.works
      link
      fedilink
      arrow-up
      0
      ·
      1 year ago

      That’s my only concern. I don’t mind my comments to be public. That’s what a public place is, unlike other social media platforms who claim to be but they’re not. It’s, like you mentioned, the upvote/downvote system that I’m worried about and will refrain from using. Because it is public, too, it feels like it lets people read your thoughts. So, I’ll refrain from using it until it’s fixed.

    • Vlyn@lemmy.ml
      link
      fedilink
      English
      arrow-up
      1
      arrow-down
      1
      ·
      1 year ago

      I mean I didn’t upvote or downvote porn on Reddit either. It’s all personal information.

      On Reddit there were plenty of people with access and the data was sold to advertisers.

      Here it’s public, not great but not terrible either. Also makes it easier to battle vote brigading?

      • deweydecibel@lemmy.world
        link
        fedilink
        English
        arrow-up
        3
        ·
        1 year ago

        It also makes it easier to profile users and weed out anyone who disagrees about literally anything.

        Like, you guys need to consider not every admin is a paragon of virtue.

        • Vlyn@lemmy.ml
          link
          fedilink
          English
          arrow-up
          2
          arrow-down
          1
          ·
          1 year ago

          But that has always been a thing. Just like Reddit mods banning you from their subreddit just because you posted in another subreddit they didn’t like. It sucks, but it’s nothing new.

          If either a server admin or a community mod doesn’t like you for what you’re doing, they can kick you out. It’s the same as if this was an old time forum and you pissed off the admin.

          With lemmy you have to watch two things:

          1. Trust the instance admin you sign up with, this is where your account data lives, the admin can read everything on your account. Hell, even your password if they manipulated the instance code, so use a random one

          2. Trust the moderators of the communities you interact with. If you interact with a community and the mods there don’t like you, they can just remove your posts for example. Same as with Reddit

          A random person outside of your instance or communities you interact with can’t do much. They can “steal” your posts and comment data and see your votes. But that’s it. They can’t block your account or kick you out of your favorite communities. They could obviously harass you (just your account, not your email), but then you can block them. Or ask the admin to block their entire instance.