YSK: Your Lemmy activities (e.g. downvotes) are far from private - eviltoast

Edit: obligatory explanation (thanks mods for squaring me away)…

What you see via the UI isn’t “all that exists”. Unlike Reddit, where everything is a black box, there are a lot more eyeballs who can see “under the hood”. Any instance admin, proper or rogue, gets a ton of information that users won’t normally see. The attached example demonstrates that while users will only see upvote/downvote tallies, admins can see who actually performed those actions.

Edit: To clarify, not just YOUR instance admin gets this info. This is ANY instance admin across the Fediverse.

  • baseless_discourse@mander.xyz
    link
    fedilink
    English
    arrow-up
    15
    arrow-down
    1
    ·
    edit-2
    1 year ago

    Another way to be more private is to only federate upvote/downvote count, instead of the detail of the upvote/downvote. This is not only lighter but more private. When the count needs to be updated just broadcast the new upvote count.

    But I see why they want to do it the current way, as it is more aligned with activitypub protocol, and allow other platform like mastodon to participate without problems.

    I cannot think of much problem in implementing a “hidden upvote system” in activitypub. Basically, it will work like this:

    • user on instance A upvotes a post in instance B: instance A tells instance B the user upvoted the post, but not anyone else.
    • instance C trying to fetch a post from instance B: B will only communicate the upvote/downvote count, but not the detail
      • if instance C is not a threadiverse instance (like mastodon) it will show “xx number of upvote from B is hidden.”
    • nova@lemmy.world
      link
      fedilink
      English
      arrow-up
      19
      ·
      1 year ago

      Wouldn’t it be easy to lie though? Instance B could report 1000 upvotes to Instance C and Instance C would have no way of verifying that. An instance could boost its own numbers pretty easily, pushing agendas to the front page.

      The transparency allows for accountability. It would be pretty easy to detect an instance making up user upvotes versus a “just trust this number” system.

      • gun@lemmy.ml
        link
        fedilink
        English
        arrow-up
        9
        ·
        1 year ago

        It would be equally as easy to lie either way. Instead of reporting 1000 anonymous upvotes, report 1000 fake upvotes from fake users or users who didn’t actually upvote. Any instance that gets caught abusing the protocol would get blocked pretty quickly though. Even though it’s theoretically possible, I’ve never seen it happen.

      • baseless_discourse@mander.xyz
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 year ago

        A instance can always generate bunch of fake user and use them to upvote their own stuff. With LLM I would imagine it would be trivial to make them sounds semi-human.

        Unless fediverse implements some sort of smart contract system using proof of work/stake system, i don’t really see much way to fix faking upvote. Even so, it is hard to make the implementation correct, and probably abusable (for example, most user only use a phone with 128G of storage, people can just buy couple 4TB drive and pretend each of them are 40 real users).