YSK: Your Lemmy activities (e.g. downvotes) are far from private - eviltoast

Edit: obligatory explanation (thanks mods for squaring me away)…

What you see via the UI isn’t “all that exists”. Unlike Reddit, where everything is a black box, there are a lot more eyeballs who can see “under the hood”. Any instance admin, proper or rogue, gets a ton of information that users won’t normally see. The attached example demonstrates that while users will only see upvote/downvote tallies, admins can see who actually performed those actions.

Edit: To clarify, not just YOUR instance admin gets this info. This is ANY instance admin across the Fediverse.

  • Serinus@lemmy.ml
    link
    fedilink
    English
    arrow-up
    6
    arrow-down
    2
    ·
    1 year ago

    then I will simply not use the site

    Maybe that’s what you should do. But don’t do it as a protest. Do it because you don’t want to share that data publicly.

    The entire point of social media is sharing things publicly. If you’re worried about people collecting that data, then you shouldn’t have put it in public.

    There aren’t good ways to keep a public secret. That’s inherent to how information works and not a failing of ActivityPub. It’s the same reason media will never stop being pirated. If I can see/hear it, I can repeat it.

    • OmniGlitcher@lemmy.world
      link
      fedilink
      English
      arrow-up
      1
      ·
      edit-2
      1 year ago

      But don’t do it as a protest. Do it because you don’t want to share that data publicly.

      I mean yeah, that’s what I’d do it for. It’s a suggestion for the site and it’s a sentiment that seems to be shared by several people here, but it ultimately falls down to me to decide whether or not I want to continue using it, much the same as with my usage of Reddit.

      If you’re worried about people collecting that data, then you shouldn’t have put it in public.

      Voting is a core functionality of the site. It’s something I don’t think should be public as it puts more emphasis on what content I interact with in what is now apparently a public manner. If you want to debate that a mere vote is something I shouldn’t put in public, then fine, you do you. But for me, it defeats half the point of me even having an account here. What one comments on are often an incredibly small portion of what one actually votes on simply by ease of voting.

      And I know I said “But Reddit…!” is a bad argument earlier, but even so, I’d like to say that even Reddit’s voting is not publicly accessible (as in not accessible by other users, even if Reddit almost certainly collects and sells such data), so clearly there should be ways to do it. If ActivityPub requires public voting and the people who have the ability to change it are unwilling or even unable to do so, then fair enough. But equally, I will refrain from contributing to such a site, which seems like a bit of a shame when it seems close to ideal otherwise.

      • Serinus@lemmy.ml
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 year ago

        clearly there should be ways to do it

        Your votes on Reddit are public to Reddit admins. On Lemmy anyone can be an admin.

        Giving vote totals without names makes the system ripe for fraud and abuse. In real life votes the decision to make votes public or private is a major one. In a system like Lemmy, the problems with private votes are exaggerated, and the problems with public votes are much smaller. Your Lemmy name shouldn’t be tied to your real name. It’s unlikely anyone is going to coerce your vote like they might coerce your political vote.

        If you’re concerned about anonymity, maybe use more than one name or a different name so that your account isn’t so easily tied back to you.

        The purpose behind having votes be more public is to have some kind of reputation behind those votes. It’s still possible to shill, but it requires more depth and and effort, and the shills may still be discovered if there are too many.

        • OmniGlitcher@lemmy.world
          link
          fedilink
          English
          arrow-up
          2
          ·
          edit-2
          1 year ago

          Your votes on Reddit are public to Reddit admins. On Lemmy anyone can be an admin.

          Which is my concern. I don’t like Reddit having and selling that data, but it’s easier for me to trust-ish a singular entity than some entire web of random people, which probably includes some corporate people siphoning data anyway. I know some would likely find that a tad paradoxical, but that’s how my brain works. At least then the corporation can be held accountable per the standards of the region they’re based in should there be issues, or users can mass target the corporation rather than go “Don’t like it, just move to another instance.”.

          For reference, it’s still not ideal, but I’d somewhat trust my instance’s admin. Why can’t my vote history be shared purely with them? Then give other admins the raw upvote/downvote data of the post/comment. After all, the instance I choose my account to be on is my decision.

          Your Lemmy name shouldn’t be tied to your real name.

          It’s not. I am careful about what I put online. Whilst I’m uncertain as I’ve never particularly tried to do so beyond some cursory Googling, I’m pretty sure you can’t tie my username back to me IRL. But even so, there’s no need to add to the pile of potentially traceable publically available data.

          The purpose behind having votes be more public is to have some kind of reputation behind those votes.

          That can still be anonymised behind a hashed ID. If all my votes were registed to some User-XXXX and it wasn’t possible to retrieve my username from that, I’d have no issues. Though from my discussion with other people, it seems that’s counter to how ActivityPub intrinsically works. I’m increasingly working towards the opinion that the fediverse isn’t for me, if it’s all set up in a similar fashion and apparently unchangeable. As they say, “different strokes for different folks” I guess.

          • Serinus@lemmy.ml
            link
            fedilink
            English
            arrow-up
            1
            ·
            1 year ago

            Then give other admins the raw upvote/downvote data

            You can’t do this part. It makes it way too easy to just say “This post, -1000. This (shill) post, +1000.” Having to put names to those thousand votes makes a difference. A hash really doesn’t, as a hash isn’t hard to fake. The other solution is like mastodon, where your votes only count on your own instance. That decision would basically kill small instances of Lemmy, so I can understand why they didn’t go that direction.

            I don’t know if you’ve ever noticed the difference between Reddit’s Hot and New, but it’s extremely dramatic. Votes are important, and that makes it hard to effectively not use them on smaller instances.

            • OmniGlitcher@lemmy.world
              link
              fedilink
              English
              arrow-up
              2
              ·
              edit-2
              1 year ago

              So yeah, I decided to look into ActivityPub. From what I’m reading, it seems like the sacrifices in privacy are an intentional decision by the creators of the protocol so that admins can weed out “undesired interaction”.

              I can certainly see where they’re coming from, and I’ll be interested to see how it plays out. But ultimately, I don’t like this philosophy for a Reddit-like site, so sadly I don’t feel comfortable enough to contribute to it any longer. I guess it’s my fault for not looking into it before signing up, but what can ya do.

              Regardless, thanks for the discussion, to you and everyone else. Hope you guys do well here.

              • Serinus@lemmy.ml
                link
                fedilink
                English
                arrow-up
                2
                ·
                1 year ago

                Thanks, and good luck. The only parting thought is that if you don’t want the public to have that data (and you may have a point), I wouldn’t feel comfortable giving it to Meta or Twitter either.