- cross-posted to:
- comradeship@lemmygrad.ml
- cross-posted to:
- comradeship@lemmygrad.ml
Edit: obligatory explanation (thanks mods for squaring me away)…
What you see via the UI isn’t “all that exists”. Unlike Reddit, where everything is a black box, there are a lot more eyeballs who can see “under the hood”. Any instance admin, proper or rogue, gets a ton of information that users won’t normally see. The attached example demonstrates that while users will only see upvote/downvote tallies, admins can see who actually performed those actions.
Edit: To clarify, not just YOUR instance admin gets this info. This is ANY instance admin across the Fediverse.
the comment_like database table in Lemmy also has a timestamp on it, “published” field, that discloses what time you voted. This reveals patterns of your Lemmy usage to other federated servers.
That’s a point that I think a lot of people are missing. Since a lot of this data is propagated, it’s not just their own instance admins they have to be concerned about, it’s any instance admin across the globe. There’s effectively zero cost to become an instance admin.
People are already using it for “good”, e.g. correlating upvotes and downvotes to identify accounts that are related to each other for the purposes of stamping out bot activity. The same method could also be used correlate ALT-accounts, say for example, a hard-right leaning account that has an alternate that interacts regularly in support of LGBTQ+ communities.
Okay so say a bad actor gets this information, and wants to use it maliciously. If they goto the users instance and attack the user in posts and comments, then they likely get banned. All this data links back to arbitrary usernames. I dont understand where the actual “threat” is in this data being semi-public.
It all depends upon how each individual uses the platform. You’d be surprised how many people inadvertently dox themselves over time.
Not all accounts tie back to arbitrary user names. There are plenty of people who know each other IRL or whose public identities are generally known. There’s a lot more potential eyeballs that can possibly build heatmaps of activity that could out “burner accounts”, for example, or otherwise make connections that aren’t readily apparent via the user interface. An overly- simplified example is I can easily tie your lemmy.world and lemm.ee accounts together without having to jump through any interface hoops. That may be of no concern to you but that doesn’t mean it’s of no concern to anybody else.
I, some shmuck in his basement, can build a user profile and fingerprint of you the same way so many people are concerned is happening at commercial platforms.
Isn’t this kind of how comments works too tho? You can tell who it is by how they write and you can see what they do care about and when they are active. I assume comments are worth more than just a up vote or down vote. So the votes could also just have been a log in the comment section “x likes this post”. It is good you said it tho so ppl know that votes aren’t anonymous.
Well yeah I want people to tie my lemmy.world and lemm.ee accounts to each other, which is why i used the same username, that was intentional. But this username can’t trace back to any of my personal information.
I get what your saying, but I think this boils down to just using social media responsibly. The downvote/upvote system isnt a privacy exposure point. Even with the timed thing, nobody is upvoting the same thing on 2 accounts at the same exact time. And personally if i vote a post or comment on one account I’m not going to bother voting the same with another account.
So other instances outside the instance your user exist on, has access to this? Which means everyone, as anyone can create an instance?
Yes, I installed a Lemmy server my own self, there is no screening, approval, or even a “terms of use” on the signup page. This is the “wild west” of social media. And some of the claims on the GitHub project page such as “full delete” are an overreach, as it has no footnote that federated servers do not have to comply with the delete of your replicated votes/comments/posts/profile
Not to mention that even good faith efforts can fail. We see that server lag and reliability impacts posts, comments and upvotes across instances. The same goes for purge requests. If my instance misses the message from lemmy.world to delete or purge a post, it won’t happen on my instance. There’s no after the fact reconciliation.
Wow… I mean, I feel like creating 15 users across many instances and just using them at random. I dont want that kind of insight available. Though I probably already gave all that on Reddit. You’re welcome AI!!
I only upvote porn at 3:07-3:11 AM