FOSSDLE PieFedLemmy votes ARE public, should they be anonymous?
submitted by lalo
Currently, almost anyone in the Fediverse can see Lemmys votes. Lemmy admins can see votes, as well as mods. Only regular Lemmy users can't. Should the Lemmy devs create a way to make the votes anonymous?
There is a discussion going on right now considering "making the Lemmy votes public" but I think that premisse is just wrong. The votes are public already, they're just hidden from Lemmy users. Anyone from a kbin/mbin/fedia instance can check out the votes if they are so inclined.
The users right now may fall into a false sense of privacy when voting because the votes are hidden from Lemmy users. If you want to vote something and not show up on the vote list, please create another account to support that type of content and don't tell anyone.
Wait a minute, so any admin can see which posts do I upvote/downvote?
I'm an instance owner and mod. I'll describe what we see.
Like anyone else, I can check a post or comment and see the upvote and downvote counts. If I click on a specific menu item by a post or comment I can also see who voted which way.
I check it often and to date have only banned two users, out of thousands, who were consistently downvoting posts. These bot accounts were literally voting within seconds of the post going federated.
It's a useful feature on my end and I think others should be able to see it.
Thamk you for the insight, instance administrator views are valuable and unique.
At the risk of sounding like I'm presenting a bad faith argument, why ban them? I don't like the whole "free market" analogy but surely it's one of the liberating features of federated servers, being able to to largely express your votes or content as you see fit within the legal framework of the host nation. Wouldn't the odd one or two mass downvoters/upvoters/theyvoters ultimately be a statistical abberation or is the fediverse still small enough for this sort of shit to carry weight?
Open criticism of my view welcome, as always!
They're purposely disruptive to the community, they are not part of the community.
That's a strong viewpoint and I appreciate where you're coming from, but how many votedicks does it take to derail a post? I appreciate the fediverse is reasonably small in comparison to othe headline social media sites, but does banning one or two bots or people do enough to save posts from getting bombed?
If it’s early? One.
with *nz content on my instance, very few
Admin of a small instance, I have banned 2 accounts for another instance that were downvoting almost all content in a threads without any other interaction. They were being disruptive to the flow at the time, much like @ericjmorey@discuss.online describes.
Oh man, this is awesome - it's wonderful hearing from the practitioners of the art!
I'm just trying to figure out what driver establishing the tipping point for breaking or the ban hammer - is there any empirical data to drive these decisions, or is the fediverse user base small enough that you act on "feel" or "professional instinct"?
Managing emerging technologies fascinates me so any input - including the germs you've already volunteered - is very much appreciated 👍
For me and my (very - it may be down to just me logging in, but a couple of the communities have a few people that read/vote) small instance it comes down to feel ("Don't be a dick"). Dave, the admin of lemmy.nz (about 80 users per week) has the same in their side board as their "Rule". Dave and I set up our *nz instances in the same week and we chat often. He might not be quire as quick with the ban hammer as I might be though.
When you are this small even a small outside problem can have huge effects on your instance
If votes are anonymous and federated, it's very easy for me to add or subtract 900 votes from whatever I want.
You should consider anything you do on social media to be public. Even if Facebook tries to claim that it's not.
Oh I like a pessimistic view - partly because it makes a discussion spicier, but also because it's important for a user to understand the power that an instance owner wields!
They were describing someone who downvoted everything seconds within the post arriving.
Lemmy downvotes really have no consequences though, besides user ego.
I agree! I believe seeing who upvoted or downvoted a post aids in identifying rabid downvoters and bots. However, I personally use mobile Lemmy apps and am unable to access that data.
Furthermore, anyone can spin up a Lemmy server if they want to see people’s votes. It’s not very hard or load the same post in kbin/mbin.
Yep. On kbin I think any user can too.
On mbin users can only see who upvoted a post. An admin can of course still go into the db and look there, but for users and mods there is no way to see who downvoted a post
There is a "Reduces" tab on mbin, which shows downvotes
There was and is not anymore
Then maybe it is still around on some instances?
Either way, it is only a matter of time for another fediverse software to show downvotes, or someone to spin up a vote info page which gets its information via undisclosed legitimate fediverse instances so you cannot defederate them.
Yep and they ban people as they see fit, across different communities, based on votes anywhere
For what it's worth, admins/employees on Reddit (or any other website) can also see upvote records.
this is different, oc is talking about "any admin". Anyone can make a lemmy server and become a server admin from which they might be able to see the voters
yes, and any instance owner on any federated instance. Oh, and anyone on Kbin.
[This comment has been deleted by an automated system]
Yes, by looking in the DB or the data that's federated as it comes through
There's now a UI feature that allows admins to see votes without needing to manually query the database
Always in favor of taking power from mods that they can abuse and simply do not need.
The 1 "You think you can come into MY instance, and downvote ME?" post I read was 1 too many.
The infallible Admiral Patrick perma-banned me from UnpopularOpinion for downvoting his posts. What a great guy - and by great guy, I mean twat.
I'm guessing we saw the same one, and that's literally the only instance I've completely blocked.
Was it midwest.social by any chance?
No, vegantheoryclub.org actually
That's funny because I saw some initial comments made which then started this discussion. And what you're suggesting was the intent. The issue as they (one of Lemmy's developers) said was essentially frustration that their echo chamber had been pierced.
On Lemmy the concern isn't even mod abuse - it's just how much user telemetry is pushed around in plaintext which makes me uncomfortable. I'm sure there are already instances which do nothing but listen to AP traffic actively building activity and interest profiles on Lemmy users. Say what you will, but at least on reddit they have to buy that shit. And if such a rogue admin is even a little bit enterprising, there are a bunch of potential IP deanonymization attacks possible by serving up content targeted to specific users during specific times of day. And probably a bunch of other shady shit I haven't thought of.
Honestly it's more than a bit suspicious to me that AP and Lemmy has put seemingly zero effort into mitigating this sort of thing.
The version code hasn't even hit 0.2 yet. Lemmy was founded by people who got banned from Reddit for being too toxic & extremist leftists, so went off to make their own replacement. They do what they like, and bc Rust is a difficult language to work with, not that many are willing to help.
Then after Huffman's debacle, we started to see Kbin, Mbin, Piefed, Sublinks, and perhaps more - but none even as advanced as Lemmy yet.
But more to the point, that's just the nature of an open network. Wouldn't Wikipedia suffer from the same issues? Though less of an issue than a social media framework I would wager.
I like your funny words, magic man!
"If you have nothing to hide then you have nothing to fear."
Given the strong presence of the privacy community on Lemmy, I have to say that I'm a bit shocked to hear so many in these discussions chiming in to support voting transparency.
I'm on board with the idea of using ring signatures to validate the legitimacy of a vote and moderating spammers based on metadata.
Or, for something (potentially) easier to implement, aggregating vote tallies at the instance level (votes visible to your instance admin and mods) and federating the votes anonymously by instance, so you might see something like:
Up/down votes are the method of community moderation that sets Reddit apart from many other platforms. If the Lemmy community is trying to capture some of that magic, which is good for both highlighting gems AND burying turds, radical transparency isn't the path to get there.
In fact, I'd argue that the secret ballot has already been thoroughly discussed and tested throughout history and there are plenty of legitimate examples of why it would be better if they were more secret than they are today.
Many people have brought up the idea of brigading, but would this truly get better if votes are public? Is it hard to imagine noticing that an account you generally trust has voted and matching their vote, even subconsciously?
For those who feel that they aren't able to post on Lemmy because downvotes make you feel sad, my feeling is that if you make posts in a community and they consistently get down voted to oblivion, you're in the wrong place. The people in that community don't value your contributions, and you should find another place to share them. This is the system working as intended and the mods should be thankful that such a system has been implemented.
The last point I'll make is about the potential for a chilling effect - making users less likely to interact with a post in any way due to a fear of retaliation. Look - if you're looking for a platform where all of your activity is public, those are out there. Why should we make Lemmy look just like every other platform?
Agreed. 10/10.
And you don't even need real crypto here to start. The home instance can just send vote actions as fixed unique tokens. The way the trust framework currently works, this is literally a drop-in replacement and introduces no new spam/brigade vulns which don't already exist from a rogue instance. It would be imperfect, and may still make it possible to correlate and infer vote patterns for a sufficiently motivated adve, but it would raise the bar for protecting user telemetry by a huge factor with very minimal effort. I'm honestly a bit surprised it hasn't been done already.
It does though. Now a rogue instance would have to have "believable" profiles for the accounts that vote, because an instance of just "lurkers" who seem to suspiciously vote is a pretty big signal of vote manipulation. If you only see a random identifier (or not even that, just a tally of votes) it'd be impossible to tell if it's truly the instance's users just passionate about something or actual vote manipulation.
In other words it would at least make the problem way worse.
The rogue instance would still need fake users though. It would be very easy to see if you are getting votes from 300 unique tokens, but the instance only has 100 users.
Also the method I am proposing would simply be transparent in terms of user management, so if you are running core Lemmy, the only way to generate voting tokens would be to generate users.
I guess that's true. Then you could just ask the instance admins to check their users' voting patterns / deanonymize them / whatever, and if they don't comply defederate them.
Not only is it not hard to imagine its easy to imagine the benefits of using this information automatically. I could imagine a client side script which re-ordered content based on who I trusted who had up or down voted it.
So I have users A B C D E F who are known to me who have voted on a given post. D and E are idiots I disregard their votes. F literally hates everything I love so I count his votes inversely. A and B are fantastic I count them x10 I tend to agree with C so I count his x2.
Not only can I potentially re-score threads and comments based on whom I trust I can if I really trust someone's opinion apply their weights as well, and the weights of the folks upstream.
Yes, I too salivate at the idea that I could simply disappear all of the ideas I disagree with, but that is exactly how to turn a community into an echo chamber.
What you are suggesting here is, as I'm understanding it, a way to only get feedback from people you agree with and to never experience a critical discussion of ideas based on their merits.
Now, I'm not here to suggest that Lemmy is some kind of shining beacon of drama-free intellectualism, where every idea is discussed without bias or agenda, but I DO think it is valuable to hear from people whose lived experiences led them to a different conclusion than the one I've reached. Obviously there needs to be a mechanism to remove trolls from the discussion, but I fear a world where we only see content that we agree with, because then we will truly be removed from reality, and that's not why I'm here.
There are a lot of people not worth attending to. If you do spend your time listening to these folks you don't hear new ideas you hear the same bad ones over and over. It would be lovely that having noticed that someone is a persistent holocaust denier he could be added to a list that would disappear not only their contributions but their votes as well for thousands of users.
Sort by Top and I'm sure the crusaders of New will have everything sorted out by then. If you find these ideas being upvoted, you're in the wrong community and you may be in a lemmygrad community. You're on the wrong side of the train tracks and need to seek higher ground.
We don't need to create literal echo chambers of people talking past each other because we block out any information that makes us uncomfortable. That's not how we foster constructive dialog and
I want to have the ability to turn on my echo chamber, when I want it, and also to be able to turn it off, when I want to step outside of it for awhile. This doesn't have to be a toggle - it could be having an alt on a different instance.
I *don't* want this choice made for me by people who think they know better how to run my own life than me. They can write an appeal that I will consider, but ultimately I want to make my own choice.
Having votes be publicly viewable allows us all the freedom to do as we choose with that information - including to ignore them entirely. What I would probably do with it is make large block lists of people on lemmy.ml, since it turns out that user blocks of an instance don't block all that much. Fwiw, for everyone I've blocked in the past, I look through the post history to see if they merely are being disagreeable on a particular matter but overall are capable of contributing *something* substantive to a conversation, or are nothing more than a troll, setting out to vomit their emotions upon everyone worldwide across the Fediverse.
I've been a mod before, on Reddit, and am under no illusions anymore that everyone is worth listening to - a downvote from someone rational I will give *serious* thought about, but an idiot is an idiot, even if a community mod hasn't banned them (yet?).
It's like autocorrect: feel free to make suggestions, but it would be nice if I could have control when I want it, including/especially not wasting my time.
I always thought anonymous voting was preferable, or at least non-public. I don't want "why did you downvote me bro!?"-arguments to occur, and I don't want to know who approves of my comments or not. I think thinking of votes as an amorphous blob representing general public opinion on Lemmy is preferable to getting into the weeds of *who* exactly likes your posts and comments.
We *could* also have "karma" on Lemmy, but while technically tracked the environment is better off without it being public in my opinion. I view voting records similarly.
If botting becomes enough of an issue that regular users need to report vote manipulation bots I'll be fine with conceding my stance.
As a comment on the other discussion says, there's a reason ballots are secret.
In reality you should be able to get an anonymized reference number to show your vote was tabulated correctly though.
Right now it comes down to an actual official finding your paper ballot with hand marked tracking and presuming the computer read it correctly on an overall vote total.
Being able to do this anonymously and securely is where the problems lie. Which is also why digital only voting still isn't a thing anywhere.
The reason there is no such thing in elections, is to prevent vote buying/extortion.
In Italy it's such an extreme problem that any ballot where the party is not marked with a cross on the party logo and (if present) a *block capital* name next to it on the provided line, is automatically discounted, because stuff like writing a name a specific way or using crosses, checks, dots, or other symbols was used to track vote buying/voter intimidation in mafia controlled territories.
Some vote counters and polling station overseers would be on the take and keep track of if the votes they expected to see showed up when counting ballots and report back.
If you were able in any way to prove something beyond the equivalent of an "I voted" sticker it would immediately be used to ensure people voted a certain way or to exact some sort of backlash on those who didn't.
There's also a reason why votes in parliaments aren't secret.
Because they're supposed to be responsible to and represent the people who voted for them. Irrelevant to this situation.
I agree. As long as anonymous voting doesn't cause obvious trolling/spam issues, it should be preferred.
One of the reasons I've always found Facebook off-putting and never used it (even before learning about the shady practices) are the very visible votes. I tend to overanalyse any reaction and would judge people based on their votes on my posts, even if I consciously tried to avoid it. Similarly, I imagine some other people would do the same and I'd feel like I'm under surveillance.
It honestly just opens up a whole shitty can of worms. Are admins ready to weigh in every time someone fakes a vote history screenshot showing that so and so up voted a bomb threat before the post got removed?
It's strange that they removed total account karma visibility a while back but are now thinking about making votes public.
I think a good compromise (since Lemmy already tracks that data) would have been to show the upvote/downvote ratio a user receives on their profile page, without showing their total karma. That'd help you spot toxic users without incentivising karma whoring.
Similarly, a display of how often a user upvotes versus downvotes others would help spot bots and trolls without completely obliterating privacy like their suggestion would.
(But ultimately none of this solves the problem of privacy on the Fediverse being one federated bad actor away from nonexistence)
They should just stay mostly hidden as they are now. I was harassed 3 times while using kbin for my voting habits. When I brought it up to ernest, him and mostly everyone else defended it, even though at the time I was actively being annoyed by someone.
It'll make less people vote in the long run and will scare people off.
Nothing worse than hopping on something I do for leisure to realize that thread I voted on a week ago has now come back to bite me in the ass because the OP decided to go on a crusade and harass everyone that downvoted them.
Please be vocal about this because I've seen two people say they didn't see this behavior. ❤️
Even for delusional tech bro bullshit, the idea that public voting on an anonymous forum will do anything other than create drama is pretty fucking detached from reality.
yep, tyranny of the majority is still tyranny. It's worth defending the 3% who disagree with the majority opinion cause, more often than not, sometimes the majority is wrong...
Defending the secret vote is the key to a functioning democracy, without it you just get cliques and in-groups who bully the outsiders. No one wins in that scenario, as critical thinking and critique are actively discouraged.
If OP mass-downvotes you, then ban them. As it is, you have the ability to mass-downvote them, without them even knowing that it is you doing it. Or maybe you wouldn't do that, but some would - I hope you see how unequal that relationship is.
When I first signed up for reddit, the upvotes and downvotes were not only separately tallied, but also showed the usernames of the most recent people who did them if you hovered over the button. Then very shortly after that they changed it so that it made votes private by default, and you could override it in the settings, but almost nobody went to check that box back on. Eventually, they completely removed that feature around the time upvotes and downvotes were combined into one. which along with vote fuzzing was one of the worst changes to reddit comments, imo.
Lemmy feels like old reddit right now, which is a great spot to be in. I don't think you necessarily need public vote info, but maybe it could be enabled on a per-community basis? I can see some communities like politics not wanting to add additional drama to the equation while other more content driven communities might enjoy knowing who was giving the feedback.
Vote fuzzing is the worst. Reddit said their main reason for implementing it was to prevent vote manipulation... seriously? Vote fuzzing laid the *groundwork* for vote manipulation.
Do you mean manipulation from the admins? Because from the spammers perspective not being able to see if your votes went through is pretty inconvenient
Wouldn’t it be easier to leave it as an option for each user on Lemmy?
If users want anonymity, let them have it. If they want to share their vote, let them do that. Forcing one option on others without the voice of the usually silent majority isn’t going to fix anything, it’s just going to scare some people away or start posts requesting it private again; or optional.
Not to mention, using this method you will quickly see how many users really wanted this option based on how many leave privacy enabled or disabled, instead of listening to a current vocal minority.
User choice would be best indeed. The problem is that currently the votes are public but hidden from Lemmy regular users. Anonymize votes seems to be such a big problem the devs don't even want to consider it.
I hear you, but problem or not, the devs shouldn’t be making major decisions for the user base after the fact. Anonymous voting might be a problem at first, but so will people who are broadsided by the decision. Not to mention the users who will use an open voting system to bully users they disagree with. You have to foresee problems will come with any decision, and a percentage of users will flee for each bad, meaning the safest choice is user base safety over forced decisions. Ultimately sad truth is, leaving things as they are is a much easier call for devs.
Tough. If you think any action you take on a social media platform is private then you shouldn't be here.
Whether it is private or not isn't the problem. It's people assuming any part of is. Behave or suffer. Just like the real world.
I'm not sure if there is a good way to have the content federate anonymously. Even if there was, it would be a vector for spam.
Vote manipulation is a growing problem on Reddit. It's only getting worse with all the AI spam bots and they don't have an incentive to stop it. Why trust a review on Reddit if bots are upvoting/downvoting on behalf of a company, or worse what happens in news communities when a well funded group wants to change perspectives.
Admins need to know if the votes/likes coming in are legitimate, else they should block them. It's too easy to abuse anonymous votes to affect how content is ranked.
I left a long comment in the other thread which I will link in a moment, but I think either
1) We keep the current setup, but we put in more effort to make new users aware that vote records are visible to admins/mods 2) We make it public for everyone and take steps to deal with the new issues that it could cause
Other comment on the benefits/issues: https://lemmy.ca/comment/11097046
This is a very real problem right now. Admins that are on to it use the votes to identify swarms of users that follow each other around upvoting each other's spam/troll posts.
And that is still possible with pseudonymous tokens votes. You just end up banning tokens for malicious voting activity, and users for malicious posting activity. It's at best a very mild adjustment to moderation workflows.
How does this work? The community issues federates votes but with a linked token instead of a linked user? How do you track vote manipulation across different communities on different instances?
As far as I understand it all activity originates from the home instance, where users are interacting with federated copies of posts. The unique user token from a well behaving instance follows the user across the fediverse, allowing bulk moderation for voting patterns using that token. The only difference is that it is not explicitly tied to a given user string. That means moderation for vote manipulation gets tracked via a user's vote token, and moderation for trolling/spam/rule violations happens via their display name. It may be possible that a user is banned from voting but not commenting and vice versa. It's is a fairly minor change in moderation workflow, which brings a significant enhancement to user privacy.
Under activitypub, a lemmy community is kind of like a user (actually an activitypub group). When I post here with my lemmy.nz account to this lemmy.world community, lemmy.nz sends my comment to lemmy.world who then sends it to sh.itjust.works for you to see. The community is the controller of all interactions within the community. In this case, lemmy.world is the official source of how many upvotes this post has. And each vote is validated using the user's public key to ensure it actually came from that specific user - a standard part of ActivityPub.
So would lemmy.world assign a token for your votes? If your instance assigned the token, Lemmy.world would not be able to validate against your user's public key. If Lemmy.world assigns the token, it would only be valid in lemmy.world communities, as other instances would have to assign their own token. And both sh.itjust.works and lemmy.world admins could still see the real association.
Also, changing how votes work would break compatibility with other ActivityPub software (e.g. Mastodon could no longer interpret an upvote as a favourite, Mbin would't be able to retrieve any data about the votes unless they specifically changed to work in the Lemmy way instead of using standard ActivityPub).
I will also add that I think in the long run, as we try to figure out how to differentiate between humans and machines, the only real reliably solution I see is to focus on elevating the individual. Having people with long histories validate their reality by living and documenting it.
I don't upvote something that I'd be ashamed for someone to see I upvote. I might make an exception for pornographic content, but even with that, if it's pseudononymous in that it's not attached to my personal public life, I don't mind if someone can trace through and see what a specific account I use for those purposes has liked and disliked.
The current trust model already relies on a user's home instance accurately reporting user activity and not injecting fake activity. Hiding real user votes behind pseudonymous tokens doesn't change that at all.
As far as I can tell, the activity ranking algorithms don't actually differentiate between up and down votes anyway. All votes are considered engagement.
One situation I've repeatedly faced that could be solved by fully public voting is having those debates when someone puts a single downvote on my opponent's comments.
Silly, yes, but it may look like I am downvoting a person to aggravate. I am not, it's not me! :D
I solve that by sometimes saying "upvoted" so it is clear that I am not downvoting them even if we disagree
Upvoted!
I would rather vote identities being blocked from scraping. I don't care about other users or admins. I would rather that level of information be unavailable to outside commercial sources, especially any timings based metadata that could be used to derive dwell time and other psychological metrics.
Thats probably a complete nonstarter in a federated network. The metadata needs to be sent via Activitypub, ergo it has to be public.
I think you're looking for a different type of community then, like an image board.
Its best if the rules are the same for anyone, but public votes is something power hungry mods will eventually abuse. If you dare upvote the wrong post you will get banned.
It sounds like everyone but mods should be able to see voters. But of course they will use straw accounts. What if only votes on your own post/comment were revealed to you? Like some pointed out, they are already not anonymous to anyone who wants to try hard enough to get the data because of federation. So the question is who do we want to be able to see that data easily? It's a GUI modification in any case. Who are we making the gui modification for?
All it will take is for folks to look and see you voted in something and they won't see the context or will misunderstand your intentions and they'll ban you. This shit happened back on Reddit too and it sucked. They'd blanket ban people who interacted in a community without looking at what you actually did.
Sounds like mods and admins can already do this, and if the barrier to entry to being an admin is firing up a Docker container, I don't see the purpose in restricting users from seeing it
For anyone interested, there are a few papers on cryptographically secure voting, where both voter anonymity and election integrity are preserved.
Most designs consider three separate entities, where if you accumulate the information between those entities you would be able to identify a voter and his vote, but each entity on itself does not hold enough information.
Thanks @souperk@reddthat.com,
i believe many users will be interested in these papers about cryptographically secure voting.
Amongst them there would be :
@rimu@piefed.social
@SorteKanin@feddit.dk
@brbposting@sh.itjust.works
Not sure if you are being sarcastic or not but I found this review.
https://www.mdpi.com/2073-8994/14/5/858
I had done some research about a year ago, but I don't have the papers saved.
No I was not sarcastic. So now i am trying to read your paper and i think that it is above my knowledge level.
As a layman i had the intuition that instead of having two accounts as i proposed for voting and commenting which was implemented by @rimu, we might have had something like blockchain or filecoin or some coin that would represent voting power and that would be based on our commenting value... so that coin would have been an intermediary to make voting anonymous.
Finally i know enough about science that i know that i don't know much.
Edit : after a rapid overview of the article i would say that this method :
"Blind Signature-Based e-Voting"
would be most appropriate to our social media voting and i noticed the work they have done is more targeting national elections where the outcome is much more important.
This isn't going to solve anything. Cryptographically secure voting helps when you can ensure that each person only gets to vote once. But anyone can just sign up for more accounts or make loads of bot accounts and vote multiple times. This solves nothing.
That's interesting. I have read multiple comments to the effect that it would not be possible for lemmy to implement anonymous voting because the underlying ActivityPub protocol does not support it. So it sounds like solutions do exist, although I suppose the effort required to modify ActivityPub is too much, more likely the feature will be included in some successor to the fediverse.
The problem isn't keeping votes anonymous, that's easy. The problem is bots/spam. You could just create a new instance and then upvote a post from another instance a thousand times. If the votes are anonymous for the other instance it's tough to say if they are genuine users or just bots.
That's the main issue here, when votes are anonymous you could easily just spam votes with no way to trace it back. If it's a rogue instance then fine, you can ban the whole instance. But imagine if lemmy.world starts using fake votes in the background towards other instances.
What keeps from doing that right now? You can just create an instance and bot accounts on that
It would be damn easy to look up the instance and their "users" and see that the users are not genuine. Then ban the whole instance.
If you are worried about duplicates, aka a single bot spamming multiple votes, then that's feasible to mitigate.
If you are worried about multiple bots spamming one vote each, that's harder to mitigate and it comes down to how the instances handles bot accounts in general. IMO it's best to ignore the bot problem and instead focus on designing a vote weighting system that favors similar instances.
Would make the whole thing even worse, as I could create several new instances with 10 bot users each, then hammer out the votes.
The entire problem is that you can't trace back each vote to a genuine user. It would be bad in case of fake instances that create 100 user accounts and upvote/downvote stuff, but you can ban the instance. It would be a disaster if a big instance creates fake votes (like lemmy.world suddenly adds 1000 fake users and uses them to manipulate other instances, if votes were anonymous you couldn't check if it's genuine lemmy.world users or fake accounts).
Wow neat!! Eating our cake & having it
Thanks @A_A@lemmy.world
Yes they should, unfortunately I don't think that's technically possible with the fediverse model as the servers have to communicate that info over Activity pub, at least that's my understanding of it.
It's not technically possible with *any* model. Votes on Reddit are only kept private from other users -- staff could look them up or reveal them to someone any time they wanted and you'd never know.
Even if you allowed voting without an account (which would be so easily manipulated that it would be worthless), you'd *still* be identifiable from your IP.
I am the admin of a website where we have a place where our users can post custom content and rate the content of others.
We have discussed how it works and should work many times and came to the conclusion that we'd never want it to be public. Any report of abuse will be checked by the website owner directly in the database and even admins don't have full access. Everybody tries to stay as far away from the personal ratings as possible.
We also noticed that it would be a lot more fragile when there are not many voters. A whole group that is negative about something wouldn't get as much harassment as a single person having a unique opinion.
On our website we have a comment section that isn't anonymous, and we even noticed that people often don't post something negative when it would be obvious that they are the only one who has voted/rated something. ("Negative" is almost always constructive in our case)
These are just a few things that I think add to this discussion.
I just got insulted & falsely accused of downvoting someone yesterday. I chose to give them a second downvote to prove that the first one didn't come from my account. I admit, I have always been curious about the specific sources of votes but If I'm being completely honest, I don't think actually knowing would leave me better off. I think people already read too much into these votes in the first place and it gives the ego-maniacs too much to obsess over.
How about pseudonymous as a compromise? Votes could be publicly federated but tied to some uuid instead of the username. That way you still have the same anti spam ability (can see that a user upvoted these things from this instance at this time) but can't tie it directly to comments or actual user accounts without some extra osint.
It might be theoretically possible to correlate the uuids with an account's activity and dox the user in some cases, especially with some instances having a single user, but it would be very difficult or impossible to do on larger instances and would add an extra layer. Single user instances would be kind of impossible to make totally private anyway because they can be identified by instance.
The issue with that is with malicious instances that could engage with vote manipulation by just generating new IDs and voting for whatever they want. If you can't look back at the profile and determine whether it's a real, non-spam account, it's a pretty big issue unfortunately.
You also have an issue where someone could potentially vote with "your" ID without any way to detect that it's not actually "you" who sent the vote.
they could do similar to another platform had done, which is tie voting to a shadow account that only the instance admin team can link to a user, this allows for moderation while providing the ability for obscurity.
I still disagree it should be public in the first place, but I know it's a hard requirement for federation so it's unlikely to become more concealed
Yeah, that's fair enough, though I'm not sure it's very different from malicious instances creating normal user accounts?
You can see when users from an instance are all suspiciously voting the same way at the same time regardless of whether they are usernames or IDs.
There's lots of legitimate users that only vote but never post so doing it based on that doesn't seem very effective?
The second problem is solved using public key cryptography, the same way that you can't impersonate someone else's username to post comments. Votes and comments are digitally signed (There would need to be a different public key for voting to maintain pseudonymity though).
There is enough drama as it is. This will just open the door to shadowbanning and stalking and other horrors we have escaped by leaving reddit. It's enough that it's party available on kbin.
The developers of Lemmy do not seem interested in anything less than banning people instance-wide, even from communities that they have never posted in before, so ironically shadowbanning is too subtle for them.
But I thought the only way someone could be shadowbanned now is at the individual user level? It would be nice to increase transparency even further - e.g. a message pops up if you try to reply to someone saying like "this user has blocked you" (possibly everyone from that instance) so that people do not waste time trying to get a message across that the recipient will never read.
I've been thinking about this for several hours since I first became aware of the debate.
I don't care that much in theory if anyone sees my votes. They aren't anything I'm particularly private about. I care about conversation way more than up/down votes.
However, some people get a little upset about being downvoted. I think it will result in retaliatory downvotes. You already see that when two folks are arguing. I don't normally waste my time downvoting a post I'm writing a rebuttal to, but when they are downvoting me I tend to do it back. I think if everyone had easy access, they would hunt down their down voters posts and retaliate regardless of the quality of the comments.
Lastly, I wonder if this will give rise to a client that lets you use one account to post/comment and a different one to vote. And if it does, will that be better all around? Then no one will be able to associate votes with a user. But it seems unnecessarily wasteful to create a whole account that does nothing but vote. It seems like it would deny mods (and everyone) a useful tool for identifying bad actors.
Technically, anyone could get access to the voters identity if they try hard enough but 99% of the users won't put in that much effort. And technically someone could already use different accounts for different activities, but without reason to create a client to support that it's too much of a pain to be worth the effort.
So I really think I'm on team status quo here.
That would stop as soon as people start reporting this behavior to mods who felt enabled to ban users based on unjustified downvoting.
I'm really skeptical about that. Either that they would do it or that such "justified" downvoting would be a clear cut or fair decision. Most people don't vote the right way. How many people downvote content they agree with or find funny but doesn't add to the discussion? How many people upvote content they disagree with that does add to the discussion?
And am I really going to take up a mod's time because someone got mad at me and downvoted—the most accessible and innocuous way to express displeasure with someone? How many more complaints about downvote bullying are mods going to have to field?
I don't know. You could be right, but I'd want to see it successful in a small scale, if possible, before deploying it everywhere. Maybe the folks suggesting it should be up to the server admin are right. That would be another differentiator and people could go to communities on servers that have their preferred visibility policy. That would serve as an A/B test and let people vote with their feet.
Again, this is only a problem because we have lost this sense of shared culture. If we really want to have an established "community", these guidelines will have to be one way or another be restored and enforced.
Here is an idea: instead of trying to remove power from people, let's give more of it. Hiding votes is hard, but creating a finer-grained permission system for moderation is not. Let's build a system where mods can assign other mods *for specific types of reports*. Then, we can have few mods who would be "all powerful" like they are now and we could have a bunch of "issue-specific" trusted users who could access/triage specific reports.
We shouldn't need mods to figure out what is "basic" spam and we shouldn't need powerful mods to say "user A is reporting that B has downvoted their last 5 posts in different conversations. This is a violation of the community rules and therefore should be banned."
One benefit to vote transparency for admins is mod monitoring options.
Reddit is infested with vote manipulation via bots. At least on the Fediverse it seems like both admins and mods might have more options.
Sounds like opinions are pretty mixed. Maybe we should put it to a vote.
But then how do we decide if *that* vote should be public or not...
How do *mods* see them? As far as I am aware, you have to be an instance admin. But it's not difficult or time consuming to spin one up and I doubt the average user of Lemmy is technically incapable; most of the Fediverse users in general seem to be IT people and developers.
Yeah, I moderate a few communities and have no idea how to see vote identities.
I suspect you need access to the database.
Looking at the source, "comment_like" seems to be where they're stored.
Barring setting up an instance or viewing through mbin, I don't think mods can see them. Only admins.
This is all I see as lead mod of 3d printing. I also checked and desktop is the same both in desktop mobile view and on my laptop.
someone commented on github (I think it was Desallines) that the vote viewing feature has been available since 0.19.4 . Lemmy world is still on 0.19.3 .
Being able to see the moderation history linked directly to a post was added then - but I don't see vote viewing nor recall hearing about it, which would have been a huge deal.
and
I dunno, we're on 0.19.3 so I don't see it but I guess it's there.
https://github.com/LemmyNet/lemmy/issues/4967#issuecomment-2289596923
Ah, mods only, and then only for their own communities - well, still, that's something (though I'd prefer prefer it opened up for everyone). Thanks for the link.
Making a browser addon/extension wouldn't be too hard if you can get the data somewhere. And then it's just a click of a button to get the functionality.
Yes, they should ideally. But it's hard to properly implement them in a way that will guarantee anonymity and be sybil-resistant at the same time.
I'm at the completely opposite end of the spectrum of most people, they should be public to all. It makes it clear whether the guy downvoting you is doing so maliciously or as a non-participant. Same for upvotes. Otherwise, just get rid of it and find some better mechanism. The people saying "NO!" or that they should be anonymous don't really have a reason, your comment history is already giving you away and no one has a problem with that.
The worst thing public upvotes/downvotes might lead to are the same things your comments are already profiled for by the same people that would and perhaps a random getting mad at your downvote or upvote and voting back, which doesn't matter that much with the current karma system. The benefits, however, are a clear vision of where those upvotes and downvotes are coming from, without it you are a blind person in a social networks but with it you can tell who is interacting with you and you can investigate why and even make judgement calls because you can see whether they interact like a jerk.
No drama witch hunts, accountability for the way you are interacting online, the the benefits outweighs the drawbacks, but people don't want it because they feel insecure about it. I specially favor it because it could be a first step for a form of crowdsourced moderation (speculated on it here), where you can choose the people you think are voting comments to your taste to eventually have a select group large enough to determine which should show up first and which shouldn't show at all, and it could be completely complementary to existing systems. Don't want to see "yes, I agree" comments sorting as the most relevant? You might choose people who do not upvote but have engaged with the rest of the thread for comments you consider more informative.
No one from kbin/mbin instances can check out the downvotes you make, since this attitude has been so widespread many don't report it to those instances. They can see people who upvote, and the sky hasn't fallen because of it. Anonymity largely only helps the minority making the drama remain hidden.
the world is an interesting place, the very reasons you gave "for" it is why I was against it. I don't agree that it won't cause witch hunts, and from the POV of the commentor it might be nice, but from the POV of the person who is giving the vote, it's a severe downgrade.
Especially considering the fact that if the person downvoted but didn't leave a comment afterward they likely would not have downvoted in the first place if it wasn't anonymous because they don't want to have to deal with the social interaction of someone trying to push them to explain further. Not everything needs a detailed this is why I feel this way, that's why there is a upvo and down vote system in the first place, to prevent everyone from leaving a comment of I agree with this / I disagree with this / this is on topic / this is off topic
In addition to this, to say that no one's giving reasons of why voting should be private, I don't think that's a truthful statement there are plenty of reasons that people have provided via privacy, security and sometimes just mental state.
You mentioned that you want to have a system where you choose what people you see and the people you don't agree with don't appear., I think that type of environment is extremely unhealthy for a social media platform. It's why other platforms that have curated that content is starting to become a cesspool. I really don't want to see lemmy become one big Echo chamber, it's not healthy to have only one ideology that you see at all times and let's face it that's what that system you're proposing would introduce.
Additionally the system your proposing is going to run into the same issue as the other websites that have attempted to do, this sort of system leads to new people inadvertently getting filtered out as untrustworthy, which will mean that they're not getting activity on their posts/ comments as well which means that they're just going to move on to another platform.
Honestly, I think I would rather just have the score system be removed as a whole then see that type of system implemented
I know that's probably why you do, like I said, people feel really insecure about it. I don't really respect irrational insecurity though. Your comment history could also lead to witch hunts, yet no worries there... If it does need to be handled, it should be done by automatically deleting your old up/downvotes and comments. But no one is asking for that with comments either... They only take in issue because they don't want to be held accountable to their votes, even if the probability is practically zero and extremely exceptional.
If you really don't want to explain why you are downvoting, I really don't think people should be downvoting. I very rarely downvote, and there are plenty of comments I neither upvote or downvote simply because not everything should be rated nor am I capable of doing so. It is toxic.
You already have a system where people with alts and moderation privileges decide what you see and don't see, this will happen regardless with information saturation. What I want to have is putting that in the hands of the users. Whether it will be good or bad will depend on the users, and because it would be complementary, you could still accept the traditional or default method. More choice is not bad, it is the users that make it bad, and in this case, they would make it bad only for themselves. But it would also be easy to work this system into something like https://ground.news , where as with a homogeneous imposition you don't have a choice nor even an idea of what is being censored if you don't go out of your way to find out. If it's completely transparent, you could even look through the eye of another user's moderation settings to see the sort of content they are getting.
Not sure where you are pulling the "new users get filtered out as untrustworthy", the system I'm proposing would do not such thing. This seems more like a projected insecurity without specific examples that can be countered.
Without a karma system, the problem then goes back to which comments show up first and which might not show up at all. That's just a traditional forum thread, where the newest comments do.
there are many times that you can down-vote without a requirement of explaining. Sometimes your point has already been made by another person, other times it's just a really bad take or the person is so dead-set that honestly you couldn't change the persons mind even if you explained it. Sometimes the comment is just hostile to the current situation or the OP, sometimes the comment is just super off-topic. Some situations allow for down-votes without explaining it.
I personally down-vote for off-topic and harassing posts as it helps the system sort what is considered helpful to the discussion. I would refuse to down-vote for harassing and off-topic if this system is in place, as it creates an attack vector for the person to come after me, a situation that would require either blocking them or bugging a mod for, which is something that personally I just don't want to deal with in my life so I would simply just not participate in the vote.
The type of system proposed inherently causes it as a side effect. When you have a system that is crowdsourced from the popular opinion, you create an echo chamber that only shows content from sources that have been deemed as appropriate, as such not only do you lose the arguing side, you also lose content from people who are not established/just starting out as they are not profiled as that side. as for examples? Two examples of sites that use that style system include Stackoverflow, which uses a rep system to decide how much access you can get into, and some of the larger reddit sites which went off the karma system to even allow posting in them. There are also other examples in reddit, but the karma block system was the most predominant (followed by sub rule filters which filtered out based off bias).
I do believe that a karma system is best type of system however I believe that the metric should be hidden from sight. This will allow for helpful comments to rise to the top, but will remove the hard focus "score" ideology that everyone has. In this system you wouldn't know if you were down-voted in the first place, which means you wouldn't be aware of someone maliciously down-voting you, and it would also do what you want where it would force someone if they had a super big issue with what was posted to actually comment on it. That being said, this system can not exist in a federated environment so therefore the next best thing is either anonymous (to all but mods/admins due to moderation and federation control reasons) or just not having the system as a whole.
If those are your examples, then you are misunderstanding my proposition. Some of the reasons you suggest to downvote are not good reasons to me, but that's point, everyone has their own criteria and their own preferences for the comments they would like to be reading over others. By denying them the ability to choose, you are imposing an arbitrary and fallible karma system. Hiding it really doesn't fix it, you are denying the alternative because you feel the absolute worst case will occur. Yet right now it is possible, and does not happen.
With the current way that ActivityPub works, this isn’t really possible. Every vote needs to be signed by some real user; if that changed such that anonymous votes were accepted then there’s nothing to stop any random person from adding 5 or 5,000 anonymous votes.
What it the instance signs the activity? Then it propagates to others instances after local validation. That way only local admins would have access to voting data. Malicious instances could still be defederated/blocked/have votes disregarded.
The problem with that is, can you really trust most instances out there? If you're a sketchy admin, it's not that hard to convince a handful of people to use your instance and have a couple dozen anonymous votes at your disposal to influence certain topics. There's no way to detect it, not even the other users.
That would then mean that small instances would have to prove themselves before being accepted in the wider network of instances and just end up centralizing the fediverse.
With the votes being public, while you can create as many accounts as you want, you still have to publicly use a bunch of bot accounts which makes it more easily detectable. And of course, there's no way your instance can get away with impersonating you, because you could see it sneaking votes or comments.
I wish it could be more private, but I can't think of a way you can prevent vote manipulation without revealing who actually voted for what or rely on trust. Another way to look at it would be, what if Lemmy didn't use instances but instead some sort of decentralized system where each user is its own entity. How would we obfuscate the votes then? Anyone can publish a message to the network, so you need to tie it to some identity, and you circle right back to the problem.
For privacy, there's always alt accounts and recycling accounts often. Or treat the votes as if you were commenting "+1" or "-1".
Unless someone comes up with some crypto scheme to somehow anonymously prove that a user has voted, and has voted only once, and the user has credible history being a real person.
Personally, it's a tradeoff I chose as the price of entry for being able to participate in this while being fully independent of some benevolent person/organization/company/private equity firm. Nobody can take away my API or my apps or shove me ads. I can post entire 4K HDR clips if I want. I can have an offline copy of it if I want to read on a plane trip. I can index Lemmy, I can search Lemmy.
We already depend on trusting instances for a lot of what's going on here, I don't see why we shouldn't be able to defederate untrusted ones.
Most of us want the Fediverse to eternally decentralise. Imho, this would be the optimal scenario. Whitelists would be a major obstacle to the décentralisation effort.
I bet you could do it with ring signatures
Overall my opinion is irrelevant, however, I think there is a huge difference in knowing a person votes vs *how* a person votes. The how should not be public, imo.
1 I had assumed votes were private 2 If I don’t hear soon that votes are private, I’ll simply stop participating and return to lurking. I’ll eventually just wander off to the next thing that doesn’t expose my votes to potential bots and/or abusive actors.
I think most users assume votes are private and most will have a similar reaction to learning about this unintuitive negative feature of anything built on ActivityPub, including Lemmy.
I think it is worth reading the actual discussion on github. Having votes public and having them visibly public on the web interface has compelling reasons. Namely enshittification hardening.
It's also quite natural to stand by your words (or vote). I personally don't think people should feel like the internet is their anonimized alt character of life. And if they need/want that, just do a throwaway account and hard vpn. Otherwise NSA (or equivalents) track us anyway.
Your votes are as public as your posts. I see you have no problem posting so I don't understand what the issue is.
Sometimes you might want to show support for something but do so privately, without others knowing it's you in particular supporting that.
You are doing it privately. Nobody knows who amju_wolf is, or where they live.
It's very easy to find my IRL identity, and even my online pseudonym (well, both of them) have so much stuff tied to them that they are effectively my *real* identities. They are very much public, and definitely not anonymous.
Then I'd be more concerned about *that* and your posts rather than if you happened to up or down vote something.
Right? Big whoop, votes are public. Oh no, people might find out I'm an an-com from my voting patterns, instead of from my comments
The issue is that currently someone can behave as a shithead via voting, even if not comments, with little fear of reprisal or even discovery.
How does one "behave as a shithead via voting"? If someone decided to waste their time following me around Lemmy and down voting my posts it's not going to do very much.
The effectiveness of the shitheadiness is a separate matter from its identity:-). If someone were to say downvote literally everything you ever did, within seconds of you doing it, and regardless of content, then that would be a shitty thing to do.
As I said in another comment in this post - I believe seeing who upvoted or downvoted a post aids in identifying rabid downvoters and bots, though I personally use mobile Lemmy apps and am unable to access that data.
No, there is no real need. An account is already pseudo-anonymous. Full anonymity adds no real value beyond making it easier to manipulate vote tallies with bot accounts undetected.
edit: As a side note, this is one of the more transparent social media communities. It's not terribly privacy-oriented in general. The enhanced transparency is part of its appeal.
Yes, and this would be fairly easy to make them at least pseudonymous without even needing to modify activitypub itself.
That said, I still don't support anything which lowers the friction of vote stalking like exposing votes in even more places. Technically people can look up my address from my license plate number if they really care to, but that doesn't mean I want to list it in bold letters on my windshield.
I don't follow, what are people going to do from being able to see votes that they can't do by seeing your posts?
For starters datamining my voting patterns for building a deeper interest profile. It should be pretty obvious how this works in terms of user fingerprinting, and the ultimate monetization of Lemmy data. It would be super naive to think that Lemmy will be the one web space immune to this kind of thing. I guarantee you meta already has an army of silent instances doing this.
Worst case scenario, legit state actors use it to target deanonymization attacks at dissidents. I would not be shocked if the ...usual suspects... Are engaged in this kind of thing.
They can already datamine your posts.
But not my votes.
If I understand correctly they already can. It's not user-facing, but votes are federated if I understand correctly.
If votes became truly public, what would stop a malicious user from automating crawling the fediverse to get a list of every up and down vote a targeted user has ever made? Admins can currently do this, I assume given enough time and intent? Yuck.
I really hope a solution is found and if Lemmy goes the way of truly public votes, it would probably turn this into a nonparticipatory medium for me, I'd still read posts but not vote or comment.
Edit: also, most casual Lemmy users aren't aware of public votes and would be upset that it already works this way, and only particularly invested or curious users are even reading this thread.
There's nothing stopping a malicious user from doing that right now. Be aware that anyone who wants can already see your votes.
There's no 'if', they already are.
The same thing currently stopping them: nothing but time and effort.
No, anybody can currently do this.
That's the issue with decentralisation. The info is out there. It's that or trust a megacorp with it.
The only fair way to handle this is for all admins to immediately turn over all passwords to the Crumbgrabber, who will act as an interface between the government and private sector interests in determining the value of each Lemmy user, and whether they are a fit candidate for the mobile infantry. Remember- only service guarantees citizenship.
Votes should be transparent for everyone. Right now the system assumes that mods/admins are somehow inherently more responsible than the average user, but well, just look at the garbage clusterfuck admin/mod teams of certain instances. You're telling me you're gonna trust these people with this information and not everyone else? Get the fuck outta here.
I’d rather keep the status quo. While I realize that the vote visibility can play into the hands of mod/admin/instance owners with nefarious or petty vengeful purposes, we also can see who bad actors are in the vote system - iow a bot or person perpetually downvoting subjects they disagree with yet not participating.
But people need to be aware that the votes are not private.
We could split the difference and users could get auto-notified if their vote was viewed and by whom. That way it’s a two-way street. The mod/admin can see your votes, the users know that their vote was accessed by that mod.
Second choice would be that all users are anonymized by a hash so that bad vote actors can be removed via their hash being associated with malicious or other bad acting, but to discover who individuals are the admin would have to do the legwork of follonf multiple posts/ comments to associate the hash.
No perfect solution.
Don’t know how that would be implemented, but someone needs to watch the watchers.
Otherwise hide the votes if trust of anonymity is paramount.
It would be pointless to do. Anyone can view your votes without notifying you. Just set up your own instance, download the data (that you need to do anyway because of how activitypub works) and then just open up the database with a different software to access the data. No notification can be sent because the application doesn't know the data was accessed.
This opens a door to vote manipulation. If you can't verify users someone can send random hashes.
The votes still exist in the activitypub. They're already publicly available, the question is how accessible they should be because right now if you want to track downvotes you need to put in some effort. Upvotes you can already easily check from any mbin instance
Couldn't malicious instances use random users aswell? What if there's some sort of user manifest that shows all users an anonymous hashes belonging to that instance? That way you could check there are the same number of both.
Other posts have already posted it better than I could, but my tl;dr is: one of the *good* things about Lemmy compared to the "competition" is that votes are public -- or at least the *fact* that someone voted is.
I wouldn't mind restricting access to *how* a user voted, in particular if in the future something like multi-choice upvotes becomes a thing, or even something I'd love to see as is dual-voting ("I downvoted because I don't like it but I upvoted it because you are absolutely right about it", this is absolutely different than not voting at all if the *who* is voting is being tracked).
But on a fundamental level, in the least instance admins *have* to be able to know who votes for our version of the system to even *work* compared to the competition.
This is the most interesting take i have seen on the matter. it's not a score out of five, why shouldn't you up and down vote the same post?
you make an objectionable but very interesting point?
you are essentially right but you are belligerent and can't spell?
upvote and downvote.
Yeah I mean it's basically a consequence that an upvote or a downvote can be for any number of reasons *not shared from up- to down- or viceversa*, and a simple voting system is ill-equipped to represent or contextualize that. Various solutions are viable, but my perspective is that if up+down-voting is here to stay, that part could be extended so that the act of voting could be this one bit more representative.
it seems from a very brief search that likes and dislikes (see link below, i assume they translate to up and down votes) are the extent of what is available so a more nuanced slashdot or steam review type rating is unlikely to be viable.
in any case the ability to upvote and downvote feels like a core differentiating feature to this kind of forum and inbetween measures are unsatisfactory. upvote and downvote anything you like, and everyone can see you doing so, would be an improvement imo on the current implementation.
at least it may be possible in a future version to allow or disallow voting behaviours on a community rather than instance basis?
https://www.w3.org/wiki/ActivityPub/Primer/Like_activity
“Controversial” is what that would be called. Do we need a third vote instead of double-vote?
Could you elaborate on this claim? Because I don't really see why that would be true.
Because they have to be able to act upon invalid / spam / bot / brigading voting if it happens. And there is not a reasonable way to do *that* without knowing the voters (not necessarily the *votes*) that is not "disable votes for this particular subject".
It isn't true. As far as I can tell there is nothing right now which prevents me from sending a fixed, unique token for any give action from my test instance instead of the user string itself. Only comments would require the real user string, for obvious reasons. Likewise, another instance could ban that token, or the user or both. This actually does nothing to change the trust model, but would significantly enhance privacy and reduce the propagation of user telemetry.
Right now votes really don't matter in terms of post sorting so I'm not sure if there's really a point to this. As far as I understand it, any vote is engagement in terms of making a post active/hot/whatever
I typically operate under the assumption that basically anything I decide to post on a public forum is not private.
Call me crazy, but I care less about the instance admins being able to see my vote history than regular users. For me the latter will produce a chilling effect on how I operate with the site moreso than the former, even if admins have more power that can be abused. I was already aware of the votes not actually being public and the idea admins could see that info seemed to be a given, but I still think there's a difference between having a motivated malicious user go out of their way to look (making an instance, looking on a different platform, etc) vs making it simple for lay users to see that info within the platform itself (which I what I think is under discussion, currently).
And honestly, if a solution could be determined to help make votes anonymous but still allow admins/mods to deal with bots/trolls, then I'd be all for it.
Why?
All it takes is some API calls and some simple python scripting and you could data mine a person. Maybe they subconsciously only upvote LGBT posts. Maybe they downvote leftwing posts.
Then, oops, one day they post something that can doxx them and now they're getting targeted ads or worst case a stalker or someone who wants to get them fired/thrown in jail.
Now imagine a machine learning algorithm or AI has done all the data mining and it took just a couple days to work through all users on lemmy.world.
If there's any data that could be used to make money someone will eventually try it.
same thing you should teach your kids..
anything you put online can (and probably will) be used to identify you, as ad and ip tracking has done for a long time.
and once it's on the webs, it's always on the internet. no erasing pictures or tweets.
that's how it has been, that's how it'll always be
The same argument could be made about your posts. Maybe a user tends to post things that aligns with a certain group, just as easy to track that (if not easier) for targeting.
Not to mention anyone with the tech to do this *already can* by creating their own instance so they can view votes.
okay but you make posts with the expectation they are public. Votes only change a number, and are a way for you to show support/disagreement for something without broadcasting it to everyone.
If you want to broadcast it and make it public you can reply to a comment
Because if lay users can see how I vote within the app, then I might start being harassed by people for daring to downvote them or daring to upvote someone. And may stay tracking my voting habits.
In which case, I'd probably stop voting.
Having a barrier to that info is better than no barrier even if it's not impossible, imo.
If someone tries to harass me about how I vote I'll just block them.
Eh, I don't personally care.
But it *could* lead to nastiness as lemmy expands. If enough people go to the trouble of looking it up, you get some of them being assholes because *people* are prone to being assholes. That leads to drama. Drama leads to nastiness and worse things sometimes.
If that's going to be part of how lemmy works, so be it, I'm way too old to skip using a block list for assholes. But it might bite federated services in the ass, so it probably should be on the list to get implemented.
Yes by default, but there should be an option to make them public
On Kbin the votes are 100% public for anyone. I've migrated to Lemmy after the frequent server issues with Kbin and I miss that part dearly. It was very easy to gauge whether someone was engaging in a good or bad faith discussion by checking the votes within a discussion. That being said, personally I'm very light on my downvotes, and I can see how someone more trigger-happy would see it as worrying. Personally I see the vote transparency as healthy though.
To be fair, there's a point to be made that someone who's overly trigger-happy on dislike should be shamed for it. Just like you would be if you kept being snide to everyone in real life.
I agree that transparency would do much more good than harm, plus compared to the info that people already put in their profiles/comments, it's not likely to make them anymore identifiable.
I'd even argue public votes can deescalate some situations, for example where both sides of a relatively heated discussion can see they vote each other up. They don't necessarily agree but they appreciate the other side's points.
As for the transparency, it's not possible to list all the votes of a user, one rather needs to list votes on a given post. To profile a given user the attacker would need to cross-reference the data from all posts and comments which is computationally infeasible, both client-side and server-side.
Keep the Fediverse bot- and troll-free.
The whole idea of being able to behave like a shithead without accountability needs to go.
As with all things you must behave like a shithead in moderation.
To me the anonymity of voting is the problem, so the solution is to make them public for all, not to find ways of making them more private.
The point of privacy is pretty shaky in this context, tbh. Anybody using the fediverse is ensured pseudonymity already, the privacy issue should be whether your account(s) can be linked to your real life identity against your will.
In that regard I can only see positives to making voting public. Foremost it could create some accountability to the system, and maybe minimise the lazier drive-by, doom scroll votes?
I completely agree with the idea of more accountability. We are real people in acting public right here, we should be constantly aware that our actions have consequences. If you don't want your pseudonym associated with a vote, don't do it. It's kinda like the opposite of 4chan, where instand of anonymous controversial content on top, here we have human-curated content being pushed up.
The problem with every system is it will eventually be broken down by someone smarter and used to manipulate the user-base that grew to trust its safety to market something. Be it ideas or products, the only true safety net we have is a choice in the decision. The second a choice is forced, is the second groups split away. Each user at least deserves the safety of choice if we expect them to trust in any larger system. Decisions being made by a smaller group of individuals for the larger whole, doesn’t exactly have the best history if we look at the world around us. Don’t get me wrong… Trust would be great, but we have to trust that going from one extreme to another will inevitably create a another new problem.
Couldn't agree more, and if we passed around imaginary gold on Lemmy, I'd give you a dubloon for this.
I'm so, so glad to see I am not the only one that thinks this way.
It's the lazy drive-by and rage votes specifically that I would love to see eliminated. If you're too much a coward to defend a position, maybe you shouldn't express it.
And now I definitely want to see whoever downvoted your post outed as cowards 👍👍
I know, right? It's like irony is a lost art.
I'm not technical and I'm also not young.
I think anyone coming into an online social platform who thinks that any part of it is private, is too naive and/or uneducated to be using that type of platform.
I'm sure there's parts of platforms which are private, I just don't think it's advisable to assume that at any point.
You're online, interacting with people. If you wanted privacy, don't be there doing that. Post and behave as if you are publishing everything to a major commercial physical publication. Every post, every comment, every vote, every blocked user. On every one of your accounts.
Otherwise, you'll get what's coming to you. And I'm fine with that.
Yeah. If you're on a public forum accessible to anyone, which the whole fediverse is, then you should never assume privacy.
Honestly transparency in this regard would be better - they're already visible to much of the community, so they might as well be visible to everyone.
Any instances that actually show public downvotes? I've seen people talk about them but haven't seen them yet
It's on mbin's post/comment under more > activity. Not under a user's profile.
Here is a video of me doing it on my phone with fedia.io: https://files.catbox.moe/nb5rx1.mp4 For some reason it wouldn't show me reduces (downvotes), though.
Ahhhh, okay. I was expecting it to be under a user but it is attached to the post. That makes targeted harassment marginally more difficult but regardless, I definitely can see that it's trivial to see the upvotes (favorites) and downvotes (reduces).
Whether or not this is "good" or "bad" I'm still undecided on, but you've officially convinced me that it is trivial to see exactly who voted (and how) on a post (or comment). You do not need to "set up an instance" like many people say.
Fair enough. I do think you can view it under a users profile in some Mastodon clients- but only upvotes, not downvotes.
At least NOW I can find out exactly who can call me out for saying something stupid, and thank that person for providing me with valuable information and knowledge.
Downvotes are actually kinda useful, even I benefit from them.
In LiveLeak all votes were public. What happened was a lot less downvoting, but also aggrevated users would stalk your page and leave mean messages if you downvoted their comment.
On the other hand, it was *really* easy to spot trolls trying to manipulate the narratives, Hasbarah and Russian trolls were really active on LiveLeak. This allowed me to block them and keep them from bombing my comments anytime I said something critical.
I actually didn't notice that it could REALLY go wrong.
I think votes shouldn't be anonymous. Transparency is important to weed out trolls and bots. And public votes should be made easier accessible to every user not only admins/mods.
If I vote something I'm expressing my opinion just like I would with comment, and those are not anonymous.
I get that people are worried about griefers and psychos, but anonymity is just a (poor) cure for the symptoms, not for the disease; users who don't behave should be banned, and if their instance turns out to be a detriment to the community, they should be defederated.
The anonymity we should ensure is the one of the person behind the username, to avoid doxxing and cyber-bullying.
No I'm worried about powertripping mods... That's the issue.
Why is this so universal?
Because too many mods are power tripping assholes and I say that as someone whose been a mod in various corners of the Internet since at least 2000.
The best mods, and admins, are nearly invisible and as close to drama free as possible.
I am Palestinian and I just got banned from world news ml for saying that some Israeli hostages experienced rape/sexual assault/abuse without "credible evidence". Somehow the mod equated this with me not giving a fuck about Palestinian prisoners of war.
No my man... I was raped myself as a teen. So to me, all rapes are equal no matter who does it to whom.
The more I spend time on Lemmy, the more I think it is in a lot of trouble. There are many serious issues that need to be addressed and I don't see how most of them can be.
Federation is touted as a Good, but has many drawbacks. Privacy (as listed in this post for example) for one, instead of algorithm curated/focused content federated servers each enforce (subconsciously or overtly) a theme, rampant user generation off multiple servers rendering moderation pointless, and so on.
Then there is the rampant issue of moderation abuse. It seems that the only reason to be a moderator is to not be annoyed at other people forcing their opinions on you. This reminder that admins/mods get yet another way to subject the users to their biases is the nail in the coffin IMO. "You vote this way? Banned because my feelings matter more".
Privacy is important for a lot of people and that is impossible to get on Lemmy unless something drastically changes, but it doesn't sound like this is will ever happen. The people that can see your data is not under your control at all and I think this fact alone will never allow Lemmy to grow to a place we can be happy with.
If admins can see data without limits, everyone should be able to. All 5 of us once that realization sinks in.
;tldr I don't think even admins should see peoples data but that seems impossible so...
Everyone's fleshed out a lot of the discussions so I'll just bullet point my opinion to try to better explain the discourse I'm seeing on here
I view "Lemmy" like it's a Community Center with group discussions, Community gatherings, and/or lectures with public comments. If you're in the crowd "Booing" (downvoting) without standing up and making your position clear, you're not adding anything to the discussion.
Downvote/Upvote is not like "Booth Voting" at all. You have ONE vote in a democracy, that's the core principle. You don't vote Yes for a candidate then vote No for another. You don't see a ticker above the booth tallying everyone's vote that was before you (voter manipulation, why hidden scores became a thing).
I think this would go over a lot better if mods had the choice of how to present the votes. Opt in or out of showing voters, opt in or out of showing scores or eliminating downvotes or even upvotes if you want. Give the power to the community and create useful tools for mods to try out.
Multiple votes is not why we have secret ballots IRL. Votes during referenda where you don't vote for one candidate are also secret.
The purpose of secrecy is to protect from repercussions (ie worker vs boss, person vs family, tenant vs landlord...)
I'm not being pedantic. It matters here, because your votes can have repercussion if they're easy to see at all times. I don't want to be harassed because I downvoted an obsessive tankie.
That's just not the same at all. How many times do you get to vote on the referenda? I'm really interested to know where this mindset comes from that a social media upvote/downvote is anything like a real political "vote". It's completely different except the name, is that where the confusion is coming from? Is this an age/demographic thing?
You can vote no or yes on a referendum. The Upvote is for comments that contribute, the downvote is for off-topic not that you disagree with the policy! By continuing this logic you're exposing you want to continue "Voting" on whether you agree with a topic in *"privacy"*. That's not how public discourse works, which this is. You guys are acting like everyone is a guest speaker and you're the X-factor judge deciding if they should continue or get off the stage.
Anyone looking at the actual voting system on here would not say it's democratic or fair/balanced. There are no protections or even logic to construct a system like that because we're not voting on policies! This is a town square, not your local council. You're wanting to walk into the square and vote on the flowers or people walking by, that's not how public interaction should work!
In every single thread the downvote is abused as a "I disagree" or as a reactionary "I don't like this person". It does absolutely nothing for the conversation, it's solely for others to feel better if the numbers match their own personality or to dissuade the person who's being downvoted from voicing their opinion.
This whole event is rather sad and disheartening like a depressing xkcd
I see absolutely no reason why they shouldn't be
Sure, if and when we get the ability to ignore federated votes
If that were to happen, the receiving end wouldn't know who sent which vote, thus making spamming extremely easy.
I did think of a few ways round it (in kbin/mbin) a year or so ago. But, it wouldn't work unless everyone using ActivityPub recognized it. It's also really a small problem in reality. It's likes and dislikes.
Make the author of the comment/post see who voted for them.
I can see that in some circumstances, votes might need to be public due to protocol, otherwise public votes have their own uses, and so are private ones.
Votes should absolutely be public. They were on KBin, and it made people more civil for it because you could be shamed if you were dislike trolling or liking all of your own posts/comments to make them look better (which is something you actively have to do on here, unlike Reddit).
Given this place is pseudo-anonymous anyways, and people comment far more personal and identifiable info here anyways (which tbf you should be careful about), I think public votes would do much more good than harm.
I will always downvote ai shit. Brigade 100%. I'm fact this reminds me I need to get through all the ai subs and downvote everything again.
We need to reveal downvotes so we can identify the ai lovers.
And then?
Also brigade them
You make a good point for anonymity of the votes
Thanks, that's what I was getting at, but I still also hate ai shit.
No, but they should be public to everyone, and not hidden unless you jump through hoops.
One way to anonymize voting, if desired, could be just make a mess out of who voted what in the logs. I vote something, some other random user's name is logged. Or maybe that could be used to deter scrapers and make the incorrect logging reverseable somehow that requires actual human interaction that cant be automated.
Get rid of votes.
They’re only useful for ranking content and content is only useful in the context of ad revenue.
You don’t have to be on reddit anymore.
Yes, a return to the unstructured glory of unranked comments of yesteryear. Every thread starting with a resounding "First!!1!!". Relevant or interesting things hidden on page 5 of 31. Spam lurking around every corner, as a treat.
I do want to find the most relevant topics at the top of a community, though.
And useful to let you know if a post is actually genuine/useful, or something you should probably ignore and disregard because everyone else that read it before you discarded it as bad
no it must only be for content farming
I agree, downvotes lead to a toxic online social environment
Downvoted
Lol
Unlike commenting and posting, which offers the who, what, where, and when parts of the message passing process, voting on Lemmy (now, for non-admins) is inherently an unequal process. Imagine if someone could send you an email whenever they wanted, but you were prevented from knowing who or even from what instance it is from, or when it was sent, do you think that could open up a potential for some variety of abuse? Or texting, phone calls, showing up at your door, etc.
Knowing the identity of the voter is an important part of properly receiving the "message". It also increases freedom of choice, b/c otherwise the only way to prevent such messages (if, let's take it as a given that *some* people find them annoying) would be to turn off voting entirely, either by going to one of the instances that does that, or just ignoring all (down-)votes yourself.
If we want the Fediverse to grow, and in particular to include less emotionally stunted humans that actually care when someone says something about them, good or bad, this will be a necessity. (Also, I was speaking tongue-in-cheek there, but genuinely social standards do vary across this wide world, and it really would increase content if there were not only more but different *types* of people, especially those most likely to generate quality content.)
And as other non-Lemmy methods of access to the Fediverse provide that feature - k/mbin, piefed, sublinks - Lemmy will fall increasingly behind if it were to ignore this very basic feature.
Making the votes public also increases honesty, since they are *already* public now. And if you don't want to know who down-(up?-)votes you then... don't look? But for those who want to know, it will be a great feature to have.
Bitte mt
Why would you even want anonymous votes but not anonymous comments?
The former is as good\bad as the latter.
I know they were already technically public. I think they should be shown.
The question of whether Lemmy votes should be anonymous is an important one, balancing transparency with privacy. Public voting can encourage accountability, but anonymity might lead to more honest and unbiased voting behavior. If you're interested in exploring the pros and cons of this issue further, chatgpt 日本語 can provide a detailed discussion and help you form a well-rounded opinion on the matter.
Hello, low-effort bot.
Yup.
This kind of spam has been going on for a while and is usually removed promptly.
Sorry, I think our local bot was offline at the time.
Anyway, they've since been banned along with a several alt accounts.
Don't hesitate to report those if you see more.
Oh and I think we would rather not advertise their spam URL if you wouldn't mind editing the link out from the quoted part.
Thanks,
Thanks, will do.
editing the link out from the quoted part
Done. Thanks for all the work you do to keep this place running smoothly.
레미에 대한 공개 투표는 커뮤니티 내에서 투명성과 책임성을 강화하여 사용자가 특정 콘텐츠를 지지하거나 반대하는 사람을 확인할 수 있게 해줍니다. 그러나 이는 또래의 압력이나 원치 않는 감시로 이어질 수도 있습니다. 온라인 상호작용에서 프라이버시와 자유를 원하는 사용자에게는 익명성이 더 바람직할 수 있습니다. 온라인 개인정보 보호 도구에 대해 자세히 알아보려면 챗GPT 를 방문하세요.
I'm sorry, what?
Spambot