Lemmy votes ARE public, should they be anonymous?

Xirup , 5 hours ago

Wait a minute, so any admin can see which posts do I upvote/downvote?

bamboo , 5 hours ago

Yep. On kbin I think any user can too.

BentiGorlich , 1 hour ago

On mbin users can only see who upvoted a post. An admin can of course still go into the db and look there, but for users and mods there is no way to see who downvoted a post

Munkisquisher , 5 hours ago

Yes, by looking in the DB or the data that’s federated as it comes through

ericjmorey , 5 hours ago

There's now a UI feature that allows admins to see votes without needing to manually query the database

Link , 5 hours ago

Furthermore, anyone can spin up a Lemmy server if they want to see people’s votes. It’s not very hard or load the same post in kbin/mbin.

otter , 5 hours ago

For what it’s worth, admins/employees on Reddit (or any other website) can also see upvote records.

FiskFisk33 , 5 hours ago

yes, and any instance owner on any federated instance. Oh, and anyone on Kbin.

GBU_28 , 5 hours ago

Yep and they ban people as they see fit, across different communities, based on votes anywhere

skullgiver , 4 hours ago

What you upvote/downvote, when you upvote/downvote. With some database queries, they can also read DMs that are on their server (i.e. if you message someone on my server).

You can see who upvoted a post by putting the URL to the post or comment into any connected mbin server and clicking “favorites”. Downvotes are restricted by default (but admins can see those of course).

The only information admins can see is the information on their server. For Lemmy, that means a server would need to be subscribed to all communities you’re active in for that information to be available. If you want I can DM what upvotes of yours my server knows about.

ZDL , 5 hours ago

To me the anonymity of voting is the problem, so the solution is to make them public for all, not to find ways of making them more private.

halm , 5 hours ago

The point of privacy is pretty shaky in this context, tbh. Anybody using the fediverse is ensured pseudonymity already, the privacy issue should be whether your account(s) can be linked to your real life identity against your will.

In that regard I can only see positives to making voting public. Foremost it could create some accountability to the system, and maybe minimise the lazier drive-by, doom scroll votes?

lalo OP , 4 hours ago

I completely agree with the idea of more accountability. We are real people in acting public right here, we should be constantly aware that our actions have consequences. If you don’t want your pseudonym associated with a vote, don’t do it. It’s kinda like the opposite of 4chan, where instand of anonymous controversial content on top, here we have human-curated content being pushed up.

halm , 4 hours ago

Couldn’t agree more, and if we passed around imaginary gold on Lemmy, I’d give you a dubloon for this.

rglullis , 4 hours ago

I’m so, so glad to see I am not the only one that thinks this way.

ZDL , 3 hours ago

It’s the lazy drive-by and rage votes specifically that I would love to see eliminated. If you’re too much a coward to defend a position, maybe you shouldn’t express it.

mozz , 5 hours ago

With the current way that ActivityPub works, this isn’t really possible. Every vote needs to be signed by some real user; if that changed such that anonymous votes were accepted then there’s nothing to stop any random person from adding 5 or 5,000 anonymous votes.

lalo OP , 5 hours ago

What it the instance signs the activity? Then it propagates to others instances after local validation. That way only local admins would have access to voting data. Malicious instances could still be defederated/blocked/have votes disregarded.

rglullis , 4 hours ago

1. You are still trusting the instance admin. What if the admin pushes a code patch that transforms every like into a dislike based on a keyword?
2. Your history will never be fully portable.
3. It creates some weird dynamic: are we going to start dividing ourselves into “instances that obfuscate voting” and “instances that prefer transparency”?
4. What is the criteria for “malicious”?

lalo OP , 3 hours ago

1. Currently, any admin can modify any local user activity, can’t they?
2. Not really, your local instance may still hold the vote data for validation. And therefore could be ported and resigned.
3. Don’t see the problem.
4. Today, each instance decides whomever they want federation with. The ones who decide the criteria should be the same ones who decide whom the instance federates with.

rglullis , 3 hours ago (edited 53 minutes ago)

1. Admins could modify the activity, but users can verify from outside (if they so which). If the user data gets obfuscated, it becomes a complete black box.
2. But then you have two different events.
3. Here is one problem: the userbase on the Fediverse is already ridiculously small. If we keep dividing ourselves over every little preference, we will end up with nothing but a thousand little ghetto fiefdoms, used by people who will never ever learn how to tolerate a different point of view.
4. No. What will happen is that the silent majority will want to keep federation with everyone, but the intolerant minority will keep pushing instance admins to defederate from anyone who does not want to obfuscate votes. Eventually, LW will make a decision one way or another and everyone else will just have to decide if they want to stick with their principles or follow the leader so that they are not isolated.

Max_P , 3 hours ago

The problem with that is, can you really trust most instances out there? If you’re a sketchy admin, it’s not that hard to convince a handful of people to use your instance and have a couple dozen anonymous votes at your disposal to influence certain topics. There’s no way to detect it, not even the other users.

That would then mean that small instances would have to prove themselves before being accepted in the wider network of instances and just end up centralizing the fediverse.

With the votes being public, while you can create as many accounts as you want, you still have to publicly use a bunch of bot accounts which makes it more easily detectable. And of course, there’s no way your instance can get away with impersonating you, because you could see it sneaking votes or comments.

I wish it could be more private, but I can’t think of a way you can prevent vote manipulation without revealing who actually voted for what or rely on trust. Another way to look at it would be, what if Lemmy didn’t use instances but instead some sort of decentralized system where each user is its own entity. How would we obfuscate the votes then? Anyone can publish a message to the network, so you need to tie it to some identity, and you circle right back to the problem.

For privacy, there’s always alt accounts and recycling accounts often. Or treat the votes as if you were commenting “+1” or “-1”.

Unless someone comes up with some crypto scheme to somehow anonymously prove that a user has voted, and has voted only once, and the user has credible history being a real person.

Personally, it’s a tradeoff I chose as the price of entry for being able to participate in this while being fully independent of some benevolent person/organization/company/private equity firm. Nobody can take away my API or my apps or shove me ads. I can post entire 4K HDR clips if I want. I can have an offline copy of it if I want to read on a plane trip. I can index Lemmy, I can search Lemmy.

lalo OP , 3 hours ago

We already depend on trusting instances for a lot of what’s going on here, I don’t see why we shouldn’t be able to defederate untrusted ones.

ricdeh , 1 hour ago

That would then mean that small instances would have to prove themselves before being accepted in the wider network of instances and just end up centralizing the fediverse.

Most of us want the Fediverse to eternally decentralise. Imho, this would be the optimal scenario. Whitelists would be a major obstacle to the décentralisation effort.

chicken , 3 hours ago

I bet you could do it with ring signatures

a message signed with a ring signature is endorsed by someone in a particular set of people. One of the security properties of a ring signature is that it should be computationally infeasible to determine which of the set’s members’ keys was used to produce the signature

Carrolade , 5 hours ago

No, there is no real need. An account is already pseudo-anonymous. Full anonymity adds no real value beyond making it easier to manipulate vote tallies with bot accounts undetected.

edit: As a side note, this is one of the more transparent social media communities. It’s not terribly privacy-oriented in general. The enhanced transparency is part of its appeal.

otter , 5 hours ago (edited 3 hours ago)

Should the Lemmy devs create a way to make the votes anonymous?

I’m not sure if there is a good way to have the content federate anonymously. Even if there was, it would be a vector for spam.

Vote manipulation is a growing problem on Reddit. It’s only getting worse with all the AI spam bots and they don’t have an incentive to stop it. Why trust a review on Reddit if bots are upvoting/downvoting on behalf of a company, or worse what happens in news communities when a well funded group wants to change perspectives.

Admins need to know if the votes/likes coming in are legitimate, else they should block them. It’s too easy to abuse anonymous votes to affect how content is ranked.

I left a long comment in the other thread which I will link in a moment, but I think either

1. We keep the current setup, but we put in more effort to make new users aware that vote records are visible to admins/mods
2. We make it public for everyone and take steps to deal with the new issues that it could cause

Other comment on the benefits/issues: lemmy.ca/comment/11097046

andrewrgross , 4 hours ago

I will also add that I think in the long run, as we try to figure out how to differentiate between humans and machines, the only real reliably solution I see is to focus on elevating the individual. Having people with long histories validate their reality by living and documenting it.

I don’t upvote something that I’d be ashamed for someone to see I upvote. I might make an exception for pornographic content, but even with that, if it’s pseudononymous in that it’s not attached to my personal public life, I don’t mind if someone can trace through and see what a specific account I use for those purposes has liked and disliked.

Dave , 4 hours ago

Admins need to know if the votes/likes coming in are legitimate, else they should block them. It’s too easy to abuse anonymous votes to affect how content is ranked.

This is a very real problem right now. Admins that are on to it use the votes to identify swarms of users that follow each other around upvoting each other’s spam/troll posts.

Lemminary , 5 hours ago

Make the author of the comment/post see who voted for them.

kenkenken , 5 hours ago

Yes, they should ideally. But it's hard to properly implement them in a way that will guarantee anonymity and be sybil-resistant at the same time.

ada , 5 hours ago

Sure, if and when we get the ability to ignore federated votes

Cephalotrocity , 5 hours ago

The more I spend time on Lemmy, the more I think it is in a lot of trouble. There are many serious issues that need to be addressed and I don’t see how most of them can be.

Federation is touted as a Good, but has many drawbacks. Privacy (as listed in this post for example) for one, instead of algorithm curated/focused content federated servers each enforce (subconsciously or overtly) a theme, rampant user generation off multiple servers rendering moderation pointless, and so on.

Then there is the rampant issue of moderation abuse. It seems that the only reason to be a moderator is to not be annoyed at other people forcing their opinions on you. This reminder that admins/mods get yet another way to subject the users to their biases is the nail in the coffin IMO. “You vote this way? Banned because my feelings matter more”.

Privacy is important for a lot of people and that is impossible to get on Lemmy unless something drastically changes, but it doesn’t sound like this is will ever happen. The people that can see your data is not under your control at all and I think this fact alone will never allow Lemmy to grow to a place we can be happy with.

If admins can see data without limits, everyone should be able to. All 5 of us once that realization sinks in.

;tldr I don’t think even admins should see peoples data but that seems impossible so…

RustyShackleford , 5 hours ago

Wouldn’t it be easier to leave it as an option for each user on Lemmy?

If users want anonymity, let them have it. If they want to share their vote, let them do that. Forcing one option on others without the voice of the usually silent majority isn’t going to fix anything, it’s just going to scare some people away or start posts requesting it private again; or optional.

Not to mention, using this method you will quickly see how many users really wanted this option based on how many leave privacy enabled or disabled, instead of listening to a current vocal minority.

lalo OP , 4 hours ago

User choice would be best indeed. The problem is that currently the votes are public but hidden from Lemmy regular users. Anonymize votes seems to be such a big problem the devs don’t even want to consider it.

ianovic69 , 4 hours ago

currently the votes are public but hidden from Lemmy regular users

Tough. If you think any action you take on a social media platform is private then you shouldn’t be here.

Whether it is private or not isn’t the problem. It’s people assuming any part of is. Behave or suffer. Just like the real world.

troed , 4 hours ago

Keep the Fediverse bot- and troll-free.

The whole idea of being able to behave like a shithead without accountability needs to go.

roguetrick , 18 minutes ago

As with all things you must behave like a shithead in moderation.

ianovic69 , 4 hours ago

I’m not technical and I’m also not young.

I think anyone coming into an online social platform who thinks that any part of it is private, is too naive and/or uneducated to be using that type of platform.

I’m sure there’s parts of platforms which are private, I just don’t think it’s advisable to assume that at any point.

You’re online, interacting with people. If you wanted privacy, don’t be there doing that. Post and behave as if you are publishing everything to a major commercial physical publication. Every post, every comment, every vote, every blocked user. On every one of your accounts.

Otherwise, you’ll get what’s coming to you. And I’m fine with that.

Th4tGuyII , 1 hour ago

Yeah. If you're on a public forum accessible to anyone, which the whole fediverse is, then you should never assume privacy.

Honestly transparency in this regard would be better - they're already visible to much of the community, so they might as well be visible to everyone.

DoctorButts , 4 hours ago

Votes should be transparent for everyone. Right now the system assumes that mods/admins are somehow inherently more responsible than the average user, but well, just look at the garbage clusterfuck admin/mod teams of certain instances. You're telling me you're gonna trust these people with this information and not everyone else? Get the fuck outta here.

Lutin , 4 hours ago

레미에 대한 공개 투표는 커뮤니티 내에서 투명성과 책임성을 강화하여 사용자가 특정 콘텐츠를 지지하거나 반대하는 사람을 확인할 수 있게 해줍니다. 그러나 이는 또래의 압력이나 원치 않는 감시로 이어질 수도 있습니다. 온라인 상호작용에서 프라이버시와 자유를 원하는 사용자에게는 익명성이 더 바람직할 수 있습니다. 온라인 개인정보 보호 도구에 대해 자세히 알아보려면 챗GPT 를 방문하세요.

threelonmusketeers , 4 hours ago

레미에 대한 공개 투표는 커뮤니티 내에서 투명성과 책임성을 강화하여 사용자가 특정 콘텐츠를 지지하거나 반대하는 사람을 확인할 수 있게 해줍니다. 그러나 이는 또래의 압력이나 원치 않는 감시로 이어질 수도 있습니다. 온라인 상호작용에서 프라이버시와 자유를 원하는 사용자에게는 익명성이 더 바람직할 수 있습니다. 온라인 개인정보 보호 도구에 대해 자세히 알아보려면 챗GPT 를 방문하세요.

lemie daehan gong-gae tupyoneun keomyuniti naeeseo tumyeongseong-gwa chaeg-imseong-eul ganghwahayeo sayongjaga teugjeong kontencheuleul jijihageona bandaehaneun salam-eul hwag-inhal su issge haejubnida. geuleona ineun ttolaeui ablyeog-ina wonchi anhneun gamsilo ieojil sudo issseubnida. onlain sanghojag-yong-eseo peulaibeosiwa jayuleul wonhaneun sayongja-egeneun igmyeongseong-i deo balamjighal su issseubnida. onlain gaeinjeongbo boho dogue daehae jasehi al-abolyeomyeon chaesGPT leul bangmunhaseyo.

Public voting for Remi increases transparency and accountability within the community, allowing users to see who supports or opposes certain content. However, it can also lead to peer pressure or unwanted surveillance. For users who want privacy and freedom in their online interactions, anonymity may be preferable. Visit ChatGPT to learn more about online privacy tools.

I’m sorry, what?

Bezier , 3 hours ago

Spambot

MagicShel , 4 hours ago

I’ve been thinking about this for several hours since I first became aware of the debate.

I don’t care that much in theory if anyone sees my votes. They aren’t anything I’m particularly private about. I care about conversation way more than up/down votes.

However, some people get a little upset about being downvoted. I think it will result in retaliatory downvotes. You already see that when two folks are arguing. I don’t normally waste my time downvoting a post I’m writing a rebuttal to, but when they are downvoting me I tend to do it back. I think if everyone had easy access, they would hunt down their down voters posts and retaliate regardless of the quality of the comments.

Lastly, I wonder if this will give rise to a client that lets you use one account to post/comment and a different one to vote. And if it does, will that be better all around? Then no one will be able to associate votes with a user. But it seems unnecessarily wasteful to create a whole account that does nothing but vote. It seems like it would deny mods (and everyone) a useful tool for identifying bad actors.

Technically, anyone could get access to the voters identity if they try hard enough but 99% of the users won’t put in that much effort. And technically someone could already use different accounts for different activities, but without reason to create a client to support that it’s too much of a pain to be worth the effort.

So I really think I’m on team status quo here.

rglullis , 2 hours ago

I don’t normally waste my time downvoting a post I’m writing a rebuttal to, but when they are downvoting me I tend to do it back. I think if everyone had easy access, they would hunt down their down voters posts and retaliate regardless of the quality of the comments

That would stop as soon as people start reporting this behavior to mods who felt enabled to ban users based on unjustified downvoting.

MagicShel , 2 hours ago (edited 51 minutes ago)

I’m really skeptical about that. Either that they would do it or that such “justified” downvoting would be a clear cut or fair decision. Most people don’t vote the right way. How many people downvote content they agree with or find funny but doesn’t add to the discussion? How many people upvote content they disagree with that does add to the discussion?

And am I really going to take up a mod’s time because someone got mad at me and downvoted—the most accessible and innocuous was to express displeasure with someone? How many more complaints about downvote bullying are mods going to have to field?

I don’t know. You could be right, but I’d want to see it successful in a small scale, if possible, before deploying it everywhere. Maybe the folks suggesting it should be up to the server admin are right. That would be another differentiator and people could go to communities on servers that have their preferred visibility policy. That would serve as an A/B test and let people vote with their feet.

rglullis , 1 hour ago

How many people downvote content they agree with or find funny but doesn’t add to the discussion?

Again, this is only a problem because we have lost this sense of shared culture. If we really want to have an established “community”, these guidelines will have to be one way or another be restored and enforced.

How many more complaints about downvote bullying are mods going to have to field?

Here is an idea: instead of trying to remove power from people, let’s give more of it. Hiding votes is hard, but creating a finer-grained permission system for moderation is not. Let’s build a system where mods can assign other mods for specific types of reports. Then, we can have few mods who would be “all powerful” like they are now and we could have a bunch of “issue-specific” trusted users who could access/triage specific reports.

We shouldn’t need mods to figure out what is “basic” spam and we shouldn’t need powerful mods to say “user A is reporting that B has downvoted their last 5 posts in different conversations. This is a violation of the community rules and therefore should be banned.”