Edit: obligatory explanation (thanks mods for squaring me away)…
What you see via the UI isn’t “all that exists”. Unlike Reddit, where everything is a black box, there are a lot more eyeballs who can see “under the hood”. Any instance admin, proper or rogue, gets a ton of information that users won’t normally see. The attached example demonstrates that while users will only see upvote/downvote tallies, admins can see who actually performed those actions.
Edit: To clarify, not just YOUR instance admin gets this info. This is ANY instance admin across the Fediverse.
To anyone surprised at this: welcome to the fediverse, please treat everyhing you do or say as public.
The way to achieve privacy around here is by following the long forgotten arts of the old internet before Facebook was a thing:
use a Nick name and don't tell strangers on the internet your real identity.Your home instance will act as a proxy and only they have access to your email and IP address. That does stay private.
So, as long as you trust your home instance to not leak or disclose your connection or sign up data (which would be illegal in EU countries), just sign up with an alias.
A very positive aspects of this is that it should allow us to detect voting manipulation by correlating the activity of certain potentially malicious actors. If Lemmy instances take vote manipulation seriously and do their best to block bots this has the chance to make Lemmy / Kbin much more transparent and credible than Reddit ever was.
Lol. kids these days would post their bank info online if the banks didn’t prevent them from doing so.
You say that like A/S/L wasn’t a thing back in the day.
19/f/Cali was the only acceptable response
I think we cybered
As I put on my robe and wizard hat…
Depends, could I have talked some vanilla WoW gold out of you?
666/D/Hell
puts on wizard’s hat
Yall remember those “your stripper name is the street you grew up on and your pet’s name” challenges? Literally phishing for password recovery keys.
Even back then we were told never to reveal that sort of stuff online. How many of us do you think were telling the truth?
You think someone would do that?
Just go on the internet and tell lies?
Lol yeah but we were 12 back then and we still understood the internet better than anyone else 🙃
I got a virus.
Flagrant System Error
Computer Over.
Virus = Very Yes
I don’t want to shame anyone, but I’ve had people sign up give me their full DoB and offering to show me their ID. I know of people who disclose their id to get access to nsfw discord communities.
DUDE MY GIRLFRIEND FUCKING DID THAT AND I JUST LOOKED AT HER AND ASKED HER IF SHE THOUGHT THAT WAS A GOOD IDEA. In hindsight no, thankfully she’s gonna be moving soonish. This was from before we were together, otherwise I would have warned her not to do that. It was the same discord she got a cyberstalker from, thankfully the stalker wasn’t a friend of the owner because otherwise he totally could have gotten her address and irl info.
Wasn’t there a twitter account that retweeted people posting photos of their credit cards?
so would my grandpa
I whole heartedly agree with this perspective.
Additionally, and this is an unpopular opinion, but trying to maintain a Nick or online identity over many years is folly. You end up with a huge repository of personal information, increasing the risk that it can be connected to you personally.
This has come up as part of those requests to migrate accounts between instances. “I want a persona that stays with me for years”… Is that actually a good idea though!?
Your home instance will act as a proxy and only they have access to your email and IP address.
Your home image typically doesn’t proxy image loading, those are hotlinked to the Lemmy server that the image was uploaded to. So your IP address and browser string are going to other Lemmy servers.
The posts just contain a URL which doesn’t include the uploader’s ip address or their browser string.
When the browser loads that URL, hotlinked image, that server has to have your IP address to return the results. Just browsing posts those images are being loaded.
Of course. They dont get any info to associate your IP with your lemmy account. You could even not have a lemmy account at all.
Of course. They dont get any info to associate your IP with your lemmy account. You could even not have a lemmy account at all.
No, an alias will only give you pseudo-anonymity. Even trivial analysis like counting which words occur together frequently in your writings can reveal with very good accuracy any other alt of you, so the available information of you is basically everything you have shared online with enough accompanying self-written text.
Also, it’s not just about privacy, it’s about retaliation. It will be the easiest thing in the world for people to put together bots that will track the downvotes on every post they make and automate adding those people to block lists. Suddenly a whole fleet of alts is invisible to the people that would disagree with them.
That is why I am as my username states: intentionally anonymous
Heck some of them dont even require the use of email to make an account
What about post views? Are those also stored?
The thing is, there is really no way to know is trustworthy as a home instance…?
This person internets. 👏
Me, using an mail alias + VPN, should be safe privacy wise. :)
To illustrate op’s point I’m going to spin up an instance, federate with everyone, and not tell anyone what that instance is.
Then I’m going to feed all that data into my new website, called Open Lemmy Stats, where anyone can query the user data ive accumulated. The homepage will be ripe with insights, leaderboards and all kinds of data on prolific users.
Additionally, I’ll display a snapshot/profile of a random user by feeding that users data to GPT4 to make inferences about the user’s political affiliations and display the results.
Worst of all, I’m not going to out my instance for everyone to know it as the one to defederate. In fact I’m spinning up a few instances that will host innocuous communities that I plan to mod and support to give my instances cover for their true purpose: redundant fediverse datastreams for my site, Open Lemmy Stats.
I’ll also have a store where anyone can buy my collected fediverse data for a handsome sum.
Just kidding I’m not doing any of this. But someone absolutely will or already is.
People raise a good point that in countries where political dissent can actually be dangerous, this would very much dissuade people from voting on things they believe in, or even coming anywhere near Lemmy period.
A better approach I think would be to have the user’s host instance save their votes (the database obviously needs to remember what you voted on), but when federating those votes with other instances just hand over a cumulative total, e.g., “here on vlemmy.net we have +18 votes for this comment”, which the other instances can then add. There’s no need to send user information with that data.
Reading these comments, seeing so many excuses, sarcastic responses, and handwaving, makes me realize a great deal of users really need to develop some imagination.
This is not about privacy. It’s about data that can easily be used for targeting and profiling users, and how that creates countless avenues for targeted harassment and wide scale retaliation. It’s about all of the innumerable ways public vote information can and will be abused to manipulate scoring across the site with targeted/automated shadow banning and shared blocklists. Raise your hand if you trust every single admin to never abuse such a tool to curate the outward appearance of an instance to fit a narrative.
For a different example: I could say something about how great Nazis are right now, and have a bot programmed to read every single person that downvoted me, add those names to a shared blocklist, and viola, I’ve made myself and all my alts invisible to the people that would challenge me on a massive scale.
I promise you this is going to be a big issue as tools for this site get more sophisticated over time.
Not to sound harsh or anything, but those of you saying that it’s okay that all this data is public are insane. This completely goes against the entire philosophy of the Fediverse and FOSS in general. The reason we all are fleeing from Big Tech is because they collect so much data on us. At least, they keep it hidden from public view. This is a major issue in my opinion, and needs to be addressed ASAP before we can claim to have superior platforms on the Fediverse. Why can’t this data at least be encrypted?
Edit: Obligatory RIP my inbox.
Can we leave this kinda stuff behind? It is NOT obligatory.
I’m going to start throwing “edit: thanks for the gold kind stranger!” on the end of my comments just to induce some nostalgic cringe.
You are a gentleman and a scholar. /s
That’s a pretty common turn-of-phrase in Ireland, I remember hearing it in the early 90s!, and it’s still common to hear it from older generations too. I wouldn’t equate it with reddit slang/culture at all. I wonder when it made its way to reddit?
That’s wildly interesting because it’s heavily associated with neckbeard incels (tips fedora) on Reddit because there was a time when it was overused and comparatively fancy for the average yankey american vocal style. It was also often accompanied with “Edit: thabks for the gold, kind stranger!” Thinking around 2011-2013?
edit: my most upvoted comment is about beans.
🥇
I’ll be there to link /c/AwardSpeeches or whatever that sub was called.
Lemmy moment
Now that’s a big lemmy moment
How many if you gsa’s are there?
This.
EDIT: Thanks for the awards kind stranger!
EDIT 2: Rip my inbox
This is all examples of reddit shit that is really dumb. We don’t need to bring it over here
Redditisms are cringe and always have been. Yes I agree we should leave them behind.
Well, I disagree. Redditsms, or whatever you call them, among other things helped to make reddit as popular as it is (was) right now.
I get you don’t like it personally, but your personal opinion about them being cringe, while respectable, is not a fact.
I agree with both of you. We should leave redditisms behind and create lemmyisms. And yes, they get cringe if overused
Possibly relatedly, is this a good place to mention beans? I have not figured out where that meme actually came from, but apparently it’s a thing the cool kids are saying.
The narwhal bacons at midnight!
Never forget the t-shirts
There were T-shirts?
I think nit picking each others speech is the true cringe redditism
Yes all the bad Reddit jokes and unoriginal lame attempts at garnering upvotes eg making a stupid joke out of a typo (generally unfunny, rare exceptions), I also choose this guy’s wife, take my upvote you bastard, anything along the lines of wow I hate you for making a pun, I’m not crying you are, I feel personally attacked and god knows the list goes on and on
Hopefully these things aren’t just replaced but one can hope
Hopefully these things aren’t just replaced but one can hope
if you listen closely you can hear the beans coming our way
Of those ‘jokes’ you listed, “I also choose this guy’s wife” will never be not funny
I also choose this joke’s wife.
*dead wife
c/angryupvote
Besides that. A “disable inbox notification” option is not available yet, is it?
But it’s fun tho…
So any instance admin can analyze all users upvotes/downvotes and possibly derive political standpoints, likes/dislikes, opinions and location data from it
At first I agreed with the general “whatever” sentiment. It has some important implications, however.
It discourages people from voting if they’re concerned about other people seeing their activity. This could result in a lower quality of scoring for posts.
It discourages people from voting if they’re concerned about other people seeing their activity. This could result in a lower quality of scoring for posts.
I strongly disagree with that. I think showing downvotes makes your votes more relevant. If something has 10k up votes and 10k down votes, it’s probably a decent post. If it just shows 10k up votes, or 0 net total, the score doesn’t reflect the nature of the post.
At the individual level, it lets you know if someone is just trolling. That’s also a plus as far as reputation goes (not sure how people are scored here, or if they are).
I agree with what you’re saying, but that’s not the point of this post. This post is about the fact that an individual user’s vote history is semi-public.
i.e. if you were to upvote my comment, anyone who owns an instance would be able to see it was you who upvoted it. Likewise for if you downvote it.
Whilst I’m sure there are those who don’t care, I’d personally rather not have any rando who can be bothered to set up a Lemmy instance know what I’ve voted on. I’d honestly rather just not vote.
It might also increase quality though. If people downvote out of spite and now it can be proven that they did, they might not do it and thus remove “bad” downvotes from the pool.
I still think in total it’s probably better that they can not be seen, since anonymity usually gives more honest opinions.
I disagree, a lot of people troll-downvote meaning they downvote content that they don’t like, or just downvote because it’s already low score. Same also happens with upvotes and content that shouldn’t be upvoted. If you’re concerned with other people seeing your vote history you probably shouldn’t be making those votes.
Semi public voting discourages this form of misconduct because people who want to can audit their history and see that they’re a troll.
I disagree, a lot of people troll-downvote meaning they downvote content that they don’t like, or just downvote because it’s already low score.
Is there a valid reason, according to you, to use the downvote button? I’m really interested in knowing.
The accepted reason for downvoting since early Reddit times is content that either doesn’t contribute to discussion or is factually false. Downvote was never meant to be a disagree button, but I am sure we’ve all broken that rule occasionally.
Exactly. It seems everyone here is of the impression that voting is for agree/disagree. That sucks and it’s simply impossible to fix.
I upvoted you because I agree with you.
Downvoting has always been an indicator that you disagree in some way. Whether it’s a disagreement with the substance or format never mattered. You’ll sometimes see people jump through hoops trying to justify how their form of disagreement is the only valid one though.
deleted by creator
You do see how it could have a chilling effect on engagement if the “someone” judging you negatively for your vote is, say, a repressive government, right? And what’s the point of a social network without engagement?
Exactly.
“I see you up votes posts about my election rival… see you soon!”
“Dear child, I see you up voted LGBT content. Let’s talk about your sins, then try some electroshock”
Redditors already scream at people when they get a downvote and blame it on the person that replies to them, even if that person didn’t downvote them.
I can see this being dangerous and leading to a lot of bullying. I know k-bin already publicly shows this. I can see who downvotes my comments/posts when I open up the post in a k-bin instance, without even being a member.
deleted by creator
Couldn’t we just use a hash for the usernames instead?
Nothing too over the top, but just a simple hash and match that instead?
Also, there’s way too much trust in instances. Like, one person could easily make a post on lemmy.world, go on their personal instance, and just give themselves, say, 2000 upvotes.
Instances should have their own settings on what instances are allowed to keep a local copy. (Default behavior should be to get the post itself from the instance “hosting” it).
So when Threads decides to federate, they can slurp all this information.
That would be massively concerning and that should be blocked. Ideally votes should remain only on the current instance. Anything shared with other instances should be anonymised. This would need to be re-architected imho.
People come here to get away from Reddit now that trust has gone. Trust and a feeling of safety is vitally important to continue to build this platform.
A lot of this needs to annonoymised imo. As you say. This is all product information meta will be looking to sell. I came here to not be a product anymore.
Well you’re not a product unless a lemmy instance controller figures a way to become profitable from selling your data.
But realistically i don’t see how this is an issue. There isnt any ads on any instance that im aware of, which is what it would be used for, to serve you more personalized ads to your lemmy account. If an instance runner knows that your specific account voted a certain way on any post or comment, how could they even use that information to profit or degrade your experience here. Its just garbage data 🤷♂️
If a celeb joined or did a AMA joined and voted some stuff, they stuff could be made public quite quickly.
What stuff? Lol what their profile voted for? Thats not going to dox anything like a location or address. If Seth Rogan did an ama and upvoted a 420 post literally nobody would be surprised. Again, voting opinions aren’t a privacy concern. Y’all are making a fuss about nothing.
Except if you live in Saudi and you voted in support of gay rights. Or HK and voted something negative of China, or if you were a republican and voted something supportive of trans. Voting behaviour can be published to bring detriment to their users.
In the UK, the Labour party suspended members who voted for content from other parties (such as that they had recovered from covid) etc or for voting for content from groups that were proscribed later and they were excluded from the party for this sort of stuff. They had previously hired someone who previously worked for a company linked to the Israeli state and potentially Mossad and they were using this knowledge to crack down on left wingers with in the party. (https://www.theguardian.com/politics/2021/mar/02/lawyers-complain-to-labour-over-hiring-of-ex-israeli-intelligence-officer)
What people upvote is increasingly being highlighted and used as discreditation by association.
As the world becomes more digitalised, and this is used more and more, it becomes more and more critical. Maybe not for you personally, but for many.
That account still has to be linked to a real person, and not doxing yourself circles back to using social media responsibly. Social media is just that, Social media. You cant swim in the pool and not get wet. The ways in which your describing it being abused are ways in which every facet of every social media can be abused. So if one is so concerned about it, why even bother using social media.
Unfortunately they could just spin up a lemmy instance on some anonymous server somewhere and do that anyway. I don’t want them in here, but they can certainly already pull the data up. To me that necessitates some form of anonymizing protocol, or even a form of shared encryption making it so you can’t simply pull data in, you need to be invited or allowed into the federation.
The admin of the Mastodon instance I use has a very well thought-out process anticipating how to deal with this alleged, possible federation of FB’s “threads.net”. It will be allowed, but tools at hand to deal with, and hold them to following AP rules, required openness, sharing etc. Exceedingly wary, prepared, but open to possibility. I think that’s the right approach. We’ll see won’t we…!
Thank you for considering that. There’s certainly many people who left Reddit so they aren’t “slurping up all their data” anymore. Missing the point that, yes, yes they are.
I’m already questioning the whole system behind it, not just votes.
Say you have critical information that you want to delete but other instances can just ignore this deletion request, than I could technically write a plugin that uses an extra instance, to always display all deleted comments to me, despite me being a regular user.
For other sites you’d need a crawler, catching this information and all this in a rapid fashion to be usable, with a lot of programming extra work.
At this point we can as well remove the option to delete or edit a comment as everyone can host their own, which wouldn’t be possible with proprietary tools.
If someone can simply see votes the same way, we can as well add a mouse hover function that will display the username of whoever upvoted.
Good find, albeit a bit horrifying.
I wonder what the GDPR implications of this is. As far as I understand, even free, privately run services are required to abide by GDPR and offer data insight and deletion. They’re also required to state clearly what happens to user data.
Edit: Apparently people have varying takes and feelings on what the GDPR does and does not say, so I urge you to please read the summary of GDPR data privacy here: https://gdpr.eu/data-privacy/ as well as the summary of what constitutes personal data here: https://gdpr.eu/eu-gdpr-personal-data/ It’s easier to have a good and fruitful discussion if we talk about what the GDPR actually says.
There is a fundamental misunderstanding here.
Our data has never been ‘invisible’… We’ve just trusted that places like Reddit and their staff will do the right thing. That’s literally how it already works.
If you sign up for Reddit, Reddit staff can see your posts and votes if they want to.
If you sign up for a private forum the admin there can also see database contents.
One way encryption is not possible without stopping functionality… If data about you was encrypted then posts you make couldn’t be displayed. If you include a means to decrypt then there was no point encrypting anyway.
This is how it’s always been, and Lemmy doesn’t change this status quo much.
A faceless corporation that has had access to your data is just replaced by a variety of admins distributed across instances.
This isn’t a good or bad thing, the potential for abuse does exist, but when we have literally made agreements with places like Reddit that they can use and sell our data… then what difference does it make it an admin takes a peek?
It wouldn’t be great… but nothing is perfect.
It’s still worth working on however, to see if a better solution can be found, but at this time I’d say just be aware that it is possible that your data can be seen and understand the only safeguard against that if you need to communicate something private would be to use direct messaging with end to end encryption.
