Lemmy votes ARE public, should they be anonymous?

Damage , 39 minutes ago

If I vote something I’m expressing my opinion just like I would with comment, and those are not anonymous.
I get that people are worried about griefers and psychos, but anonymity is just a (poor) cure for the symptoms, not for the disease; users who don’t behave should be banned, and if their instance turns out to be a detriment to the community, they should be defederated.

The anonymity we should ensure is the one of the person behind the username, to avoid doxxing and cyber-bullying.

FeelzGoodMan420 , 20 minutes ago

No I’m worried about powertripping mods… That’s the issue.

troed , 4 hours ago

Keep the Fediverse bot- and troll-free.

The whole idea of being able to behave like a shithead without accountability needs to go.

roguetrick , 24 minutes ago

As with all things you must behave like a shithead in moderation.

j4k3 , 4 hours ago

I would rather vote identities being blocked from scraping. I don’t care about other users or admins. I would rather that level of information be unavailable to outside commercial sources, especially any timings based metadata that could be used to derive dwell time and other psychological metrics.

Microw , 51 minutes ago

Thats probably a complete nonstarter in a federated network. The metadata needs to be sent via Activitypub, ergo it has to be public.

Damage , 30 minutes ago

I think you’re looking for a different type of community then, like an image board.

Tywele , 37 minutes ago

I think votes shouldn’t be anonymous. Transparency is important to weed out trolls and bots. And public votes should be made easier accessible to every user not only admins/mods.

TheEntity , 3 hours ago

On Kbin the votes are 100% public for anyone. I’ve migrated to Lemmy after the frequent server issues with Kbin and I miss that part dearly. It was very easy to gauge whether someone was engaging in a good or bad faith discussion by checking the votes within a discussion. That being said, personally I’m very light on my downvotes, and I can see how someone more trigger-happy would see it as worrying. Personally I see the vote transparency as healthy though.

Th4tGuyII , 2 hours ago

To be fair, there's a point to be made that someone who's overly trigger-happy on dislike should be shamed for it.
Just like you would be if you kept being snide to everyone in real life.

I agree that transparency would do much more good than harm, plus compared to the info that people already put in their profiles/comments, it's not likely to make them anymore identifiable.

TheEntity , 1 hour ago

I’d even argue public votes can deescalate some situations, for example where both sides of a relatively heated discussion can see they vote each other up. They don’t necessarily agree but they appreciate the other side’s points.

As for the transparency, it’s not possible to list all the votes of a user, one rather needs to list votes on a given post. To profile a given user the attacker would need to cross-reference the data from all posts and comments which is computationally infeasible, both client-side and server-side.

mozz , 5 hours ago

With the current way that ActivityPub works, this isn’t really possible. Every vote needs to be signed by some real user; if that changed such that anonymous votes were accepted then there’s nothing to stop any random person from adding 5 or 5,000 anonymous votes.

lalo OP , 5 hours ago

What it the instance signs the activity? Then it propagates to others instances after local validation. That way only local admins would have access to voting data. Malicious instances could still be defederated/blocked/have votes disregarded.

rglullis , 4 hours ago

1. You are still trusting the instance admin. What if the admin pushes a code patch that transforms every like into a dislike based on a keyword?
2. Your history will never be fully portable.
3. It creates some weird dynamic: are we going to start dividing ourselves into “instances that obfuscate voting” and “instances that prefer transparency”?
4. What is the criteria for “malicious”?

lalo OP , 3 hours ago

1. Currently, any admin can modify any local user activity, can’t they?
2. Not really, your local instance may still hold the vote data for validation. And therefore could be ported and resigned.
3. Don’t see the problem.
4. Today, each instance decides whomever they want federation with. The ones who decide the criteria should be the same ones who decide whom the instance federates with.

rglullis , 3 hours ago (edited 58 minutes ago)

1. Admins could modify the activity, but users can verify from outside (if they so which). If the user data gets obfuscated, it becomes a complete black box.
2. But then you have two different events.
3. Here is one problem: the userbase on the Fediverse is already ridiculously small. If we keep dividing ourselves over every little preference, we will end up with nothing but a thousand little ghetto fiefdoms, used by people who will never ever learn how to tolerate a different point of view.
4. No. What will happen is that the silent majority will want to keep federation with everyone, but the intolerant minority will keep pushing instance admins to defederate from anyone who does not want to obfuscate votes. Eventually, LW will make a decision one way or another and everyone else will just have to decide if they want to stick with their principles or follow the leader so that they are not isolated.

Max_P , 4 hours ago

The problem with that is, can you really trust most instances out there? If you’re a sketchy admin, it’s not that hard to convince a handful of people to use your instance and have a couple dozen anonymous votes at your disposal to influence certain topics. There’s no way to detect it, not even the other users.

That would then mean that small instances would have to prove themselves before being accepted in the wider network of instances and just end up centralizing the fediverse.

With the votes being public, while you can create as many accounts as you want, you still have to publicly use a bunch of bot accounts which makes it more easily detectable. And of course, there’s no way your instance can get away with impersonating you, because you could see it sneaking votes or comments.

I wish it could be more private, but I can’t think of a way you can prevent vote manipulation without revealing who actually voted for what or rely on trust. Another way to look at it would be, what if Lemmy didn’t use instances but instead some sort of decentralized system where each user is its own entity. How would we obfuscate the votes then? Anyone can publish a message to the network, so you need to tie it to some identity, and you circle right back to the problem.

For privacy, there’s always alt accounts and recycling accounts often. Or treat the votes as if you were commenting “+1” or “-1”.

Unless someone comes up with some crypto scheme to somehow anonymously prove that a user has voted, and has voted only once, and the user has credible history being a real person.

Personally, it’s a tradeoff I chose as the price of entry for being able to participate in this while being fully independent of some benevolent person/organization/company/private equity firm. Nobody can take away my API or my apps or shove me ads. I can post entire 4K HDR clips if I want. I can have an offline copy of it if I want to read on a plane trip. I can index Lemmy, I can search Lemmy.

lalo OP , 3 hours ago

We already depend on trusting instances for a lot of what’s going on here, I don’t see why we shouldn’t be able to defederate untrusted ones.

ricdeh , 1 hour ago

That would then mean that small instances would have to prove themselves before being accepted in the wider network of instances and just end up centralizing the fediverse.

Most of us want the Fediverse to eternally decentralise. Imho, this would be the optimal scenario. Whitelists would be a major obstacle to the décentralisation effort.

chicken , 3 hours ago

I bet you could do it with ring signatures

a message signed with a ring signature is endorsed by someone in a particular set of people. One of the security properties of a ring signature is that it should be computationally infeasible to determine which of the set’s members’ keys was used to produce the signature

Xirup , 5 hours ago

Wait a minute, so any admin can see which posts do I upvote/downvote?

bamboo , 5 hours ago

Yep. On kbin I think any user can too.

BentiGorlich , 1 hour ago

On mbin users can only see who upvoted a post. An admin can of course still go into the db and look there, but for users and mods there is no way to see who downvoted a post

Munkisquisher , 5 hours ago

Yes, by looking in the DB or the data that’s federated as it comes through

ericjmorey , 5 hours ago

There's now a UI feature that allows admins to see votes without needing to manually query the database

Link , 5 hours ago

Furthermore, anyone can spin up a Lemmy server if they want to see people’s votes. It’s not very hard or load the same post in kbin/mbin.

otter , 5 hours ago

For what it’s worth, admins/employees on Reddit (or any other website) can also see upvote records.

FiskFisk33 , 5 hours ago

yes, and any instance owner on any federated instance. Oh, and anyone on Kbin.

GBU_28 , 5 hours ago

Yep and they ban people as they see fit, across different communities, based on votes anywhere

skullgiver , 4 hours ago

What you upvote/downvote, when you upvote/downvote. With some database queries, they can also read DMs that are on their server (i.e. if you message someone on my server).

You can see who upvoted a post by putting the URL to the post or comment into any connected mbin server and clicking “favorites”. Downvotes are restricted by default (but admins can see those of course).

The only information admins can see is the information on their server. For Lemmy, that means a server would need to be subscribed to all communities you’re active in for that information to be available. If you want I can DM what upvotes of yours my server knows about.

souperk , 4 hours ago

For anyone interested, there are a few papers on cryptographically secure voting, where both voter anonymity and election integrity are preserved.

Most designs consider three separate entities, where if you accumulate the information between those entities you would be able to identify a voter and his vote, but each entity on itself does not hold enough information.

wazoobonkerbrain , 1 hour ago

That’s interesting. I have read multiple comments to the effect that it would not be possible for lemmy to implement anonymous voting because the underlying ActivityPub protocol does not support it. So it sounds like solutions do exist, although I suppose the effort required to modify ActivityPub is too much, more likely the feature will be included in some successor to the fediverse.

rottingleaf , 1 hour ago

The users right now may fall into a false sense of privacy when voting because the votes are hidden from Lemmy users.

Why would you even want anonymous votes but not anonymous comments?

The former is as good\bad as the latter.

I know they were already technically public. I think they should be shown.

MagicShel , 4 hours ago

I’ve been thinking about this for several hours since I first became aware of the debate.

I don’t care that much in theory if anyone sees my votes. They aren’t anything I’m particularly private about. I care about conversation way more than up/down votes.

However, some people get a little upset about being downvoted. I think it will result in retaliatory downvotes. You already see that when two folks are arguing. I don’t normally waste my time downvoting a post I’m writing a rebuttal to, but when they are downvoting me I tend to do it back. I think if everyone had easy access, they would hunt down their down voters posts and retaliate regardless of the quality of the comments.

Lastly, I wonder if this will give rise to a client that lets you use one account to post/comment and a different one to vote. And if it does, will that be better all around? Then no one will be able to associate votes with a user. But it seems unnecessarily wasteful to create a whole account that does nothing but vote. It seems like it would deny mods (and everyone) a useful tool for identifying bad actors.

Technically, anyone could get access to the voters identity if they try hard enough but 99% of the users won’t put in that much effort. And technically someone could already use different accounts for different activities, but without reason to create a client to support that it’s too much of a pain to be worth the effort.

So I really think I’m on team status quo here.

rglullis , 2 hours ago

I don’t normally waste my time downvoting a post I’m writing a rebuttal to, but when they are downvoting me I tend to do it back. I think if everyone had easy access, they would hunt down their down voters posts and retaliate regardless of the quality of the comments

That would stop as soon as people start reporting this behavior to mods who felt enabled to ban users based on unjustified downvoting.

MagicShel , 2 hours ago (edited 51 minutes ago)

I’m really skeptical about that. Either that they would do it or that such “justified” downvoting would be a clear cut or fair decision. Most people don’t vote the right way. How many people downvote content they agree with or find funny but doesn’t add to the discussion? How many people upvote content they disagree with that does add to the discussion?

And am I really going to take up a mod’s time because someone got mad at me and downvoted—the most accessible and innocuous was to express displeasure with someone? How many more complaints about downvote bullying are mods going to have to field?

I don’t know. You could be right, but I’d want to see it successful in a small scale, if possible, before deploying it everywhere. Maybe the folks suggesting it should be up to the server admin are right. That would be another differentiator and people could go to communities on servers that have their preferred visibility policy. That would serve as an A/B test and let people vote with their feet.

rglullis , 1 hour ago

How many people downvote content they agree with or find funny but doesn’t add to the discussion?

Again, this is only a problem because we have lost this sense of shared culture. If we really want to have an established “community”, these guidelines will have to be one way or another be restored and enforced.

How many more complaints about downvote bullying are mods going to have to field?

Here is an idea: instead of trying to remove power from people, let’s give more of it. Hiding votes is hard, but creating a finer-grained permission system for moderation is not. Let’s build a system where mods can assign other mods for specific types of reports. Then, we can have few mods who would be “all powerful” like they are now and we could have a bunch of “issue-specific” trusted users who could access/triage specific reports.

We shouldn’t need mods to figure out what is “basic” spam and we shouldn’t need powerful mods to say “user A is reporting that B has downvoted their last 5 posts in different conversations. This is a violation of the community rules and therefore should be banned.”

ianovic69 , 4 hours ago

I’m not technical and I’m also not young.

I think anyone coming into an online social platform who thinks that any part of it is private, is too naive and/or uneducated to be using that type of platform.

I’m sure there’s parts of platforms which are private, I just don’t think it’s advisable to assume that at any point.

You’re online, interacting with people. If you wanted privacy, don’t be there doing that. Post and behave as if you are publishing everything to a major commercial physical publication. Every post, every comment, every vote, every blocked user. On every one of your accounts.

Otherwise, you’ll get what’s coming to you. And I’m fine with that.

Th4tGuyII , 1 hour ago

Yeah. If you're on a public forum accessible to anyone, which the whole fediverse is, then you should never assume privacy.

Honestly transparency in this regard would be better - they're already visible to much of the community, so they might as well be visible to everyone.

reksas , 2 hours ago

One way to anonymize voting, if desired, could be just make a mess out of who voted what in the logs. I vote something, some other random user’s name is logged. Or maybe that could be used to deter scrapers and make the incorrect logging reverseable somehow that requires actual human interaction that cant be automated.

asukaakari , 2 hours ago

The question of whether Lemmy votes should be anonymous is an important one, balancing transparency with privacy. Public voting can encourage accountability, but anonymity might lead to more honest and unbiased voting behavior. If you're interested in exploring the pros and cons of this issue further, chatgpt 日本語 can provide a detailed discussion and help you form a well-rounded opinion on the matter.

Th4tGuyII , 2 hours ago

Votes should absolutely be public. They were on KBin, and it made people more civil for it because you could be shamed if you were dislike trolling or liking all of your own posts/comments to make them look better (which is something you actively have to do on here, unlike Reddit).

Given this place is pseudo-anonymous anyways, and people comment far more personal and identifiable info here anyways (which tbf you should be careful about), I think public votes would do much more good than harm.

Lutin , 4 hours ago

레미에 대한 공개 투표는 커뮤니티 내에서 투명성과 책임성을 강화하여 사용자가 특정 콘텐츠를 지지하거나 반대하는 사람을 확인할 수 있게 해줍니다. 그러나 이는 또래의 압력이나 원치 않는 감시로 이어질 수도 있습니다. 온라인 상호작용에서 프라이버시와 자유를 원하는 사용자에게는 익명성이 더 바람직할 수 있습니다. 온라인 개인정보 보호 도구에 대해 자세히 알아보려면 챗GPT 를 방문하세요.

threelonmusketeers , 4 hours ago

레미에 대한 공개 투표는 커뮤니티 내에서 투명성과 책임성을 강화하여 사용자가 특정 콘텐츠를 지지하거나 반대하는 사람을 확인할 수 있게 해줍니다. 그러나 이는 또래의 압력이나 원치 않는 감시로 이어질 수도 있습니다. 온라인 상호작용에서 프라이버시와 자유를 원하는 사용자에게는 익명성이 더 바람직할 수 있습니다. 온라인 개인정보 보호 도구에 대해 자세히 알아보려면 챗GPT 를 방문하세요.

lemie daehan gong-gae tupyoneun keomyuniti naeeseo tumyeongseong-gwa chaeg-imseong-eul ganghwahayeo sayongjaga teugjeong kontencheuleul jijihageona bandaehaneun salam-eul hwag-inhal su issge haejubnida. geuleona ineun ttolaeui ablyeog-ina wonchi anhneun gamsilo ieojil sudo issseubnida. onlain sanghojag-yong-eseo peulaibeosiwa jayuleul wonhaneun sayongja-egeneun igmyeongseong-i deo balamjighal su issseubnida. onlain gaeinjeongbo boho dogue daehae jasehi al-abolyeomyeon chaesGPT leul bangmunhaseyo.

Public voting for Remi increases transparency and accountability within the community, allowing users to see who supports or opposes certain content. However, it can also lead to peer pressure or unwanted surveillance. For users who want privacy and freedom in their online interactions, anonymity may be preferable. Visit ChatGPT to learn more about online privacy tools.

I’m sorry, what?

Bezier , 3 hours ago

Spambot