YSK: Your Lemmy activities (e.g. downvotes) are far from private - eviltoast

Edit: obligatory explanation (thanks mods for squaring me away)…

What you see via the UI isn’t “all that exists”. Unlike Reddit, where everything is a black box, there are a lot more eyeballs who can see “under the hood”. Any instance admin, proper or rogue, gets a ton of information that users won’t normally see. The attached example demonstrates that while users will only see upvote/downvote tallies, admins can see who actually performed those actions.

Edit: To clarify, not just YOUR instance admin gets this info. This is ANY instance admin across the Fediverse.

  • Serinus@lemmy.ml
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    Then give other admins the raw upvote/downvote data

    You can’t do this part. It makes it way too easy to just say “This post, -1000. This (shill) post, +1000.” Having to put names to those thousand votes makes a difference. A hash really doesn’t, as a hash isn’t hard to fake. The other solution is like mastodon, where your votes only count on your own instance. That decision would basically kill small instances of Lemmy, so I can understand why they didn’t go that direction.

    I don’t know if you’ve ever noticed the difference between Reddit’s Hot and New, but it’s extremely dramatic. Votes are important, and that makes it hard to effectively not use them on smaller instances.

    • OmniGlitcher@lemmy.world
      link
      fedilink
      English
      arrow-up
      2
      ·
      edit-2
      1 year ago

      So yeah, I decided to look into ActivityPub. From what I’m reading, it seems like the sacrifices in privacy are an intentional decision by the creators of the protocol so that admins can weed out “undesired interaction”.

      I can certainly see where they’re coming from, and I’ll be interested to see how it plays out. But ultimately, I don’t like this philosophy for a Reddit-like site, so sadly I don’t feel comfortable enough to contribute to it any longer. I guess it’s my fault for not looking into it before signing up, but what can ya do.

      Regardless, thanks for the discussion, to you and everyone else. Hope you guys do well here.

      • Serinus@lemmy.ml
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 year ago

        Thanks, and good luck. The only parting thought is that if you don’t want the public to have that data (and you may have a point), I wouldn’t feel comfortable giving it to Meta or Twitter either.