I recently learned that voting on lemmy is not anonymous. Anyone can get information about who has upvoted and downvoted a post or comment.
In combination with your IP, this is a massive privacy (maybe even physical security) risk. Also, people can target you for your votes.
Sadly, this is something where I would prefer Reddit over Lemmy. Big tech scrapes data from both places anyways, at least Reddit is safe.
Why are you saying IP addresses are publicly shown here and why is (almost) no one correcting you? That would’ve been an enormous privacy risk that would’ve required intentionally fucking users over. Just doesn’t even make sense to write what you did about IP addresses. Seems like you’re just hoping to cause some panic.
Admins can get them. It is not available to everyone.
Only the admin of your instance can see your IP address, it doesn’t get federated to other instances.
Who says that Reddit isn’t selling upvote/downvote and IP info? Or sharing with govts?
They 100% are
I am not worried about big tech because they scrape everything anyways. I am more worried about the witchhunt and potential admin abuse.
And even this does not happen, it should be made clear that votes are public
What?
Okay so then why fearmonger? You’re thinking that a handful of people in the world having your IP and also opinions is somehow more dangerous than anything else on the Internet?
Only admins of your instance.
Don’t tell anyone, but your posts and comments are also public.
Only you can see this comment Daniskarma. The Leering League of Lemmy SEES you Daniskarma and we have taken notice. Cease your efforts to spread information about public posts and comments, or ELSE Daniskarma. We’re watching you.
Why is this comment completely empty?
Iunno, weird.
I know you are being sarcastic and edgy but point is that voting is assumed to be private by the average person because it is anonymous in elections, it is anonymous on the closest social platform Reddit and popular websites like youtube.
I don’t know how to break this… But voting in Lemmy is not choosing a president.
Voting is like booing or clapping in a public agora. It’s not private. If you assume is private that’s on you.
Not even on your beloved reddit. Reddit admins know all your votes.
Admins know but users don’t.
That’s precisely your issue before. Voting in reddit is not private as admins know that info and can share with anyone so the “bad voter” could get prosecuted. But users, like you, think it’s private because they don’t see it.
Be consistent with your argument at least.
I will disengage here. Bye!
How likely is an admin to share something with someone else vs something being already public?
It’s a federated platform. How could voting have been anonymous?
Besides, nothing requires you to vote on posts. If you’re not comfortable voting, then don’t vote.
I am okay with votes being public but then it should be made explicitly clear to users.
The people I trust the least on these platforms are the admins and owners of them. Your voting wasn’t anonymous on reddit to those people either.
True but it is very less likely that admins will target a specific person when they know that information is private and they will get caught easily. Here, other than admins, every user can easily target someone.
And reddit also has a problen where you can use bots to farm upvotes and because you cant see that information means you cant tell if posts are legit or propaganda
Anyone can make multiple accounts and vote farm here too.
No shit, but if you’re getting 1000 upvotes from the same bangledeshi or Russian IP you can a least figure it out, hey its prolly not legit…
Thing is votes are federated. if someone makes an instance and farms votes by making bots on same instance, only instance owner has info about IPs. Every other instance thinks the votes are legit.
While it is important to know that voting is not private (nor truly is direct messaging), that is not in itself a danger.
Lemmy is community driven, and so it is — broadly speaking — governed by community norms and the platform is responsive to the needs of those norms. If someone is harassing or mistreating you on the basis of your voting, then you can take it up with an admin. I’ve seen people called out for the use of vote manipulation, but I’m not sure what it would look like to be targeted based on your votes.
By the way, there are also mechanisms for publicly addressing grievances with mods and admins.
Most importantly, recognize that it does take time to adjust to the reality that no one cares about the fake internet points here. Reddit uses dark patterns to manipulate users into equating votes with worthiness. Having a lot of karma on reddit contributes to a person’s reputation and credibility there. Here, no one cares, or even sees, a person’s vote totals. Like most everything else, it’s technically public, but it’s not visible or indicated.
Why does reddit want you to care about your karma? For engagement and metrics. If people are only incentivized to share genuine interests and human interaction, then they won’t scroll mindlessly for quite as long. If every post and comment is incentivized for maximum virality, then Reddit can sell more eyeballs to advertisers. Plus, if people care enough about their fake points, they will literally pay to buy reputation. Reddit doesn’t care about your well-being, just your ad impressions. Like any other social media corp.
Welcome to a better, healthier, more transparent place. We are far from perfect, but no one here will use dark patterns to mine you for content.
Most importantly, recognize that it does take time to adjust to the reality that no one cares about the fake internet points here.
Oh but they do.
It also informs how comments are sorted under each post (unless you choose New or Old by default).
IMHO the voting system is the best part of both reddit and lemmy: it gives certain powers to the majority. It gives a rough picture of how other people - even those that do not comment - feel about opinions.
edit: lol, even you do
Voting functions completely differently between the two sites. I didn’t say that voting doesn’t matter, I said that no one cares about the “points.”
People can and do use voting to let others know about interesting content or to express displeasure at seeing a post (which is why it is sometimes surprising to see any downvotes on certain posts such as the nice one I was responding to in the screenshot).
What people don’t use them for is a measure of merit or reputation. Voting here functions much more like reddit used to years ago. It helps sort content by what people want to see.
I took it up with a mod. They said it is public information. That is how I learned about it. Mods won’t do shit if they favor the abuser.
I like piefed because it lets you see at a glance if someone is a serial downvoter. On each piefed user profile is a thing called “attitude” and it’s a ratio of your upvotes vs downvotes.
100% means the person doesn’t downvote people. 50% means they downvote and upvote equally. 0% is only downvotes.Edit: I saw someone today with negative % so it must be 100% is all upvotes. 0% is half upvotes half downvotes. -100% is all downvotes.It shows up for people outside piefed too so i see you too lemmy angry people.
I would never downvote cereal.
Unless it was grape nuts. That shit is like eating gravel.
Here’s how you Grape Nut:
Pour a small pile (like a cup or so) in a bowl.
Take a spoonful of peanut butter and use the backside of the spoon to mix up the PB and GN. Smash it together for longer than you think until it’s well mixed.
Top with a drizzle of honey and then pour milk over it.
S-tier breakfast.
Raisin bran gang!
What is mine?
90%
Now do me, please.
Hang on, doing your mom.
Come on, dad. Those jokes are lame.
Thanks! Cool feature.
This just sounds like Reddit account karma score all over again? But with a percentage displayed instead of total.
Reddit karma is how others feel about what you say. Piefed’s attitude is how you feel about what other people say.
Slightly different but i see your point.
oh no. I should upvote more. I’m really bad about voting at all 😓
Why would you let others police your behavior?
Others influence many things about my life. I don’t see it as policing if I’m trying to choose to bring more positivity to the table.
at least Reddit is safe.
Lmao, what!? Reddit tries their best to know exactly who you are, where you live, your education, where you work, etc… And then they sell that data to anyone.
They have that data, true. But they don’t harass me.
Russia really should just leave Ukraine, though. (Sorry, I just saw the context for this a few minutes ago and can’t help myself).
Dont care who knows but I too agree with this.
It is not the context for this post, people have made it the context. It is the reason for this post.
Maybe context is the wrong word.
E: how about catalyst.
It’s the nature of the beast. Federated software holds no secrets.
Related: https://sopuli.xyz/post/31369487It might not be a secret but voting should be a private thing, like most irl voting. It is nowhere explicitly stated to the users, no apps or website says it.
Even if sites like lemmyvotes disappear and software like kbin/mbin starts hiding the votes all you need to do is to spin up your own lemmy server. Piefeds dev is actively trying to find a way to obscure voting, but I think that ended with the choice of public (federated) vote or private (instance-only) voting.
I agree that the public nature of votes could be made more apparent, but the lemmy devs has decided against that
https://github.com/LemmyNet/lemmy/issues/4967I don’t understand why everyone is so dismissive of this being a problem. Especially considering it is easily mitigated using simple voting agents.
It’s not just a privacy concern either, I promise you that trolls love being able to see which accounts are engaging with them in order to target certain demographics. Like we know this kind of shit has been used to manipulate elections already, and people here are just like “well I guess that’s just the world now.”
If you have an easy solution then I’m sure they would love your code over at https://github.com/w3c/activitypub
I don’t mind public votes, I do wish lemmy did a better job of showing that they are public though.
Piefed literally already implemented voting agents and it worked fine until forum politics killed it.
Ah, so what Rimu calls an alt/sockpuppet account that automatically votes on their behalf.
I haven’t seen the Matrix chat but having a dev look for feedback and then implement changes based on feedback received isn’t “forum politics” in my world.Good luck with your fork!
https://piefed.social/post/956572Yes that thread is quite literally just describing forum politics, based on a very small amount of feedback from a select group of individuals discussing the matter in back channels.
Simply put, admins were not satisfied just banning the agents for voting and the user for commenting. This is entirely a perception issue and caused no actual problems besides feels. This caused the implementation of trusted instances which was actually a flawed concept. Rather than iteration on the idea, the pressure from other admins caused it to be abandoned unceremoniously with almost zero input from users. I’m not sure how you can interpret this as anything other than forum politics.
It literally can’t be private, just from the way Lenny works. You can’t have it all. You could in theory make it less visible, but that would be a false sense of privacy as it would be possible to do get the information with some effort. Just having it be fully open is more honest and makes no claims it can’t keep.
It’s social media, even if federated. On Facebook, tiktok or whatever they are also not private btw: maybe users can or can’t see them (I have no idea), but the company behind the platform certainly can and will use it for advertising to you and for what else to show you, making you the product.
The thing is they make it extremely clear that votes are public by letting you see who voted right next to the button.
Lemmy hides this feature and most users don’t know about it.
Piefed did it with voting agents and it worked fine. The reason they rolled it back was just forum politics, because admins didn’t like not knowing who was voting, even though they could just ban the agent if they wanted. This, incidentally is just more reason to hate the idea of public votes.
If you are logged in to anything, what you do is tied to your account. Welcome to the internet. Instance admin on your instance can figure out your ip. Nobody else. You can run your own instance to avoid this if you want. Or just use a vpn.
Google track you constantly even when you are not logged in by the way, with scripts on almost every web page. So they have your real name, your entire search history, and what exact programs you use on your phone if you have android.
I don’t think IP addresses federate? I think only your instance admin can see your IP address. In any case, though, you should generally always assume that your up/down votes on any service are recorded and tied to your username. If you can come back later and change your vote, that vote is tied to your username. It may not be visible to other users, but the server admins can absolutely see what you’re doing.
Reddit might not make your votes publicly visible, but they’re absolutely tracking them and using that information to select what you see, including advertising. They might not directly share those votes with advertisers, but they almost certainly are sharing your interests based on your votes. And you should assume Reddit and others will comply if the government comes asking for what users liked a post the government opposes, or who downvoted a post praising a new government initiative.
It depends on your threat model, but your threat model might change. Freedom of speech might be curtailed by politicians even when that’s supposed to be unconstitutional. What might be safe to do online now might become unsafe in a year or two.
YSK: every action you take online, even as simple as an Upvote or Like, might be recorded and may come back to haunt you
Reddit is one entity, and by providing a service it is bound by a variety of privacy and data protection regulations. On the fediverse anyone can accumulate any of that information and store it for years, and they are not bound by any such data management or privacy laws. It’s absolutely shocking to me that a place which is otherwise quite obsessed with privacy just brushes aside this distinction. As it stands a vote on the fediverse is far more likely to have real consequences versus one on reddit if, say, ones phone is searched at a border.
This could be mitigated considerably with simple voting agents, as piefed tried to do, but this idea was killed by idiotic forum politics over fears of “vote manipulation.”
Yes, this is not hyperbole - the otherwise “privacy focused” leaders of the fediverse are more concerned with fake Internet points than real privacy concerns.
The IP address thing is not real, though
Just choose a nickname that is random word+4 random digits and don’t reuse it on other services
This is the way. Randomise your usernames and use a password manager to keep track of them.
Sir, this is the Fediverse.
It is nowhere explicitly made clear to users that voting is public. It should be made clear if it is going to be
It’s the other way around here: Everything is public except where it’s made clear that it won’t be (e.g. email address, password).
For what it’s worth, your instance of choice is particularly negligent in regard to informing its users. Compare lemmy.today/legal to lemmy.world/legal, or their respective signup pages for examples. There’s little that Lemmy itself or the community at large can do about that 😞
It needs to be fixed. Every user is having a different user experience during account creation but everyone’s information is being federated equally.
They don’t seem very active, but you can try reaching your instance admin at https://lemmy.today/u/mrmanager
It is not the problem of my instance per se. It is a problem for all instances because everyone has to agree to instance terms but they kind of are agreeing to all instances’ terms.
An EU resident could sue for emotional damages under the GDPR. Or maybe just complain to data protection authorities.
One day it will happen.
I hope it does. Lemmy should not get benefit of the doubt just because it is open source
deleted by creator
It is made clear because there is an option to see all the votes right next to the like button. Similarly, many sites allow you to go through activity of people you follow.
deleted by creator
I can see the number of votes but not who voted. This gives the impression that this information is not available publicly. However, it can be accessed by anyone on third party websites.
deleted by creator
I think its a fair assumption that most people make that whatever data which isnt explicitly displayed to a regular user is not public. Having likes be public but hidden is misleading.
In combination with your IP, this is a massive privacy (maybe even physical security) risk.
Your IP would only be seen by your instance (which is inevitable, you gotta connect to it after all). But there’s no way for anyone else to look up your IP.
I read that since images are hosted on the instance they were posted to, any instance hosting pictures you load, even if they’re DMd to you can get your ip. So someone could just DM you a picture from their own instance if they wanted it for whatever reason. I have not personally verified, but just adding it here because this comment seems to be the most succinct and accurate one I currently see.
even if they’re DMd to you
Really only if they’re DMs. Because a publicly posted picture yeah, they’ll see your IP loading it but they will also see everyone’s, with no way to tell who is who.
And a fairly recently Lemmy was updated to not show embedded images in DMs so that wouldn’t even work. (This depends on your client, but on the most recent official web version external images are blocked)
image proxying may become (more of) a thing in future.
My votes are a massive privacy risk? How? I’m putting them out there publicly willingly. As is the nature of the internet.
I want you to know
?
They want you to know that they downvoted you
Ohh, what a mature take lol.
deleted by creator
I see, why don’t you post your full name and social security number? Take real accountability for your actions.
This is a stupid take. My point was never that voting should be changed from public to private now. My point is that if it is public, make it explicitly known that it is.
deleted by creator
I am saying it should be made clear. I never said that it not specified anywhere and I can drag them to court for it.
If you’re an instance admin, for any post, you can just click “view votes” and see everything tied to usernames, even outside your own instance. Moderators can too, but it’s restricted to the communities they moderate.
So if a bad actor wanted to get aces to vote data, they could setup and instance and have it federate with any instance they want to extract voting data from?
Yes, it’s very simple too. You don’t even need to extract anything from a database or do some complicated stuff. As an admin you have free access to all moderation tools no matter where the post is from, including the option to “view votes”.
this is why i vote at random, like two-face doing his quarter thing
I did this last night putting my son to bed, said heads you go to bed, tails we stay up. Jokes on him though, double heads. And he fell for it, what a sucker. Hope it works when he’s not four, or I at least don’t need to do it.
you’re raising a future supervillain
You get 3 accounts. Say you want to upvote something. You downvote in 1 account (randomly selected), upvote on another, and upvote on the third. So it’s net +1 and the only way to see how you voted is to piece together all 3 of your accounts voting history. Need more privacy? No problem, just use 5 accounts instead of 3.
/s
wait, so what do i do with the first shell again?
