I recently learned that voting on lemmy is not anonymous. Anyone can get information about who has upvoted and downvoted a post or comment.
In combination with your IP, this is a massive privacy (maybe even physical security) risk. Also, people can target you for your votes.
Sadly, this is something where I would prefer Reddit over Lemmy. Big tech scrapes data from both places anyways, at least Reddit is safe.
at least Reddit is safe.
Lmao, what!? Reddit tries their best to know exactly who you are, where you live, your education, where you work, etc… And then they sell that data to anyone.
They have that data, true. But they don’t harass me.
A lot of people here still refuse to understand that Lemmy, as it currently exists, is a privacy nightmare, and the voting thing is just the top of the iceberg. There are several de-anonymization attacks possible involving dynamically serving different content to different users. This, combined with the public voting makes it possible that someone can dox an account and expose a lot more information than other forums where that information is more private.
Public votes also open the fediverse up to much worse astroturfing IMO. It’s incredible feedback for bots and trolls to see exactly who is interacting with their posts and comments. It’s frustrating that a bunch of people here have convinced themselves of the opposite, and insist that public voting is the only way to combat brigades and trolls, which is an incredibly shortsighted stance which doesn’t scale nearly as well as it does in the other direction.
iirc someone got banned from like 25 subs because they downvoted a single post that said “I want YOU to generate more AI slop” and the mod got pissed and power tripped super hard
Could you give an example of what else is a problem?
What do you mean by dox here? I usually think of dox as being, real name, real address, etc. But I’m having trouble seeing how even my Lemmy instance admin could figure that out about me.
Nobody sets out to be doxxed, but it happens. And as it stands on the fediverse, when it happens the consequences are potentially even greater because all activity is available to all subscribers. All I am asking is for these simple facts to be acknowledged when we have this discussion. The potential risk profile for using Lemmy is greater than reddit in many ways. My frustration with how people approach this conversation is that they all too frequently dismiss or ignore this simple fact.
It doesn’t need to be like this though. There are simple ways to mitigate this, but people are weirdly hostile to them, and I believe it is specifically because they do not acknowledge this additional risk.
I want you to know
?
They want you to know that they downvoted you
Ohh, what a mature take lol.
deleted by creator
I see, why don’t you post your full name and social security number? Take real accountability for your actions.
This is a stupid take. My point was never that voting should be changed from public to private now. My point is that if it is public, make it explicitly known that it is.
deleted by creator
I am saying it should be made clear. I never said that it not specified anywhere and I can drag them to court for it.
I’ll downvote everyone here if I damn well please it!!!
If you’re an instance admin, for any post, you can just click “view votes” and see everything tied to usernames, even outside your own instance. Moderators can too, but it’s restricted to the communities they moderate.
So if a bad actor wanted to get aces to vote data, they could setup and instance and have it federate with any instance they want to extract voting data from?
Yes, it’s very simple too. You don’t even need to extract anything from a database or do some complicated stuff. As an admin you have free access to all moderation tools no matter where the post is from, including the option to “view votes”.
The IP address thing is not real, though
Just choose a nickname that is random word+4 random digits and don’t reuse it on other services
This is the way. Randomise your usernames and use a password manager to keep track of them.
Sir, this is the Fediverse.
It is nowhere explicitly made clear to users that voting is public. It should be made clear if it is going to be
It’s the other way around here: Everything is public except where it’s made clear that it won’t be (e.g. email address, password).
For what it’s worth, your instance of choice is particularly negligent in regard to informing its users. Compare lemmy.today/legal to lemmy.world/legal, or their respective signup pages for examples. There’s little that Lemmy itself or the community at large can do about that 😞
It needs to be fixed. Every user is having a different user experience during account creation but everyone’s information is being federated equally.
They don’t seem very active, but you can try reaching your instance admin at https://lemmy.today/u/mrmanager
It is not the problem of my instance per se. It is a problem for all instances because everyone has to agree to instance terms but they kind of are agreeing to all instances’ terms.
An EU resident could sue for emotional damages under the GDPR. Or maybe just complain to data protection authorities.
One day it will happen.
I hope it does. Lemmy should not get benefit of the doubt just because it is open source
deleted by creator
It is made clear because there is an option to see all the votes right next to the like button. Similarly, many sites allow you to go through activity of people you follow.
deleted by creator
I can see the number of votes but not who voted. This gives the impression that this information is not available publicly. However, it can be accessed by anyone on third party websites.
deleted by creator
I think its a fair assumption that most people make that whatever data which isnt explicitly displayed to a regular user is not public. Having likes be public but hidden is misleading.
I like piefed because it lets you see at a glance if someone is a serial downvoter. On each piefed user profile is a thing called “attitude” and it’s a ratio of your upvotes vs downvotes.
100% means the person doesn’t downvote people. 50% means they downvote and upvote equally. 0% is only downvotes.Edit: I saw someone today with negative % so it must be 100% is all upvotes. 0% is half upvotes half downvotes. -100% is all downvotes.It shows up for people outside piefed too so i see you too lemmy angry people.
I would never downvote cereal.
Unless it was grape nuts. That shit is like eating gravel.
Here’s how you Grape Nut:
Pour a small pile (like a cup or so) in a bowl.
Take a spoonful of peanut butter and use the backside of the spoon to mix up the PB and GN. Smash it together for longer than you think until it’s well mixed.
Top with a drizzle of honey and then pour milk over it.
S-tier breakfast.
Raisin bran gang!
This just sounds like Reddit account karma score all over again? But with a percentage displayed instead of total.
Reddit karma is how others feel about what you say. Piefed’s attitude is how you feel about what other people say.
Slightly different but i see your point.
oh no. I should upvote more. I’m really bad about voting at all 😓
Why would you let others police your behavior?
Others influence many things about my life. I don’t see it as policing if I’m trying to choose to bring more positivity to the table.
What is mine?
90%
Now do me, please.
Hang on, doing your mom.
Come on, dad. Those jokes are lame.
Thanks! Cool feature.
Russia really should just leave Ukraine, though. (Sorry, I just saw the context for this a few minutes ago and can’t help myself).
Dont care who knows but I too agree with this.
It is not the context for this post, people have made it the context. It is the reason for this post.
Maybe context is the wrong word.
E: how about catalyst.
this is why i vote at random, like two-face doing his quarter thing
I did this last night putting my son to bed, said heads you go to bed, tails we stay up. Jokes on him though, double heads. And he fell for it, what a sucker. Hope it works when he’s not four, or I at least don’t need to do it.
you’re raising a future supervillain
You get 3 accounts. Say you want to upvote something. You downvote in 1 account (randomly selected), upvote on another, and upvote on the third. So it’s net +1 and the only way to see how you voted is to piece together all 3 of your accounts voting history. Need more privacy? No problem, just use 5 accounts instead of 3.
/s
wait, so what do i do with the first shell again?
In combination with your IP, this is a massive privacy (maybe even physical security) risk.
Your IP would only be seen by your instance (which is inevitable, you gotta connect to it after all). But there’s no way for anyone else to look up your IP.
I read that since images are hosted on the instance they were posted to, any instance hosting pictures you load, even if they’re DMd to you can get your ip. So someone could just DM you a picture from their own instance if they wanted it for whatever reason. I have not personally verified, but just adding it here because this comment seems to be the most succinct and accurate one I currently see.
even if they’re DMd to you
Really only if they’re DMs. Because a publicly posted picture yeah, they’ll see your IP loading it but they will also see everyone’s, with no way to tell who is who.
And a fairly recently Lemmy was updated to not show embedded images in DMs so that wouldn’t even work. (This depends on your client, but on the most recent official web version external images are blocked)
image proxying may become (more of) a thing in future.
In combination with your IP, this is a massive privacy (maybe even physical security) risk. Also, people can target you for your votes.
No.
It would be unusual to be able to exactly identify someone purely from their IP, but let’s say someone posted from their work IP in a small company. It would substantially lower the bar to dox them.
Let’s go further and ponder if an authoritarian regime setup an admin and started coorelating dissent ip’s collected from user when they did things like paying parking fines, or signing their online tax forms.
Let’s say that they collected all that and trained an LLM on it, then when you go to get a passport renewed or are stopped for a traffic violation and ask the LLM if you’re a dangerous person based on their criteria.
It’s not a direct problem, but it has slippery slope all over it.
IP addresses are not something that can be pulled from just any instance. You would need to be the administrator, and even then you’d only get access to the ip address of just your own instance users. AFAIK, at least - maybe they’ve made efforts to mask ips, too, but im not even sure how that’d work.
Federated posts and comments are copied from server to server. When someone from .world is looking at a comment from .dbzer0, what they are seeing is information that was synced from the dbzer0 server address, not the user’s.
There was a brief moment when there was a vulnerability with linked images sent via DM that could route you to an external server and log your IP address, but that has been patched now by most instances.
As with anything on the internet: assume your activity is not private at all times, or take active precautions to mask your identity, or both. No opsec is perfect and often the only thing standing in the way of a hack or dox is the endurance and motivation of the bad actor.
IP addresses are not something that can be pulled from just any instance.
That’s what I thought about votes too. I’d be very happy to know that you can’t access ips the same way you can votes on other nodes by simply being an admin on a given node. Honestly, I never would have guessed lemvotes could exist.
That’s just how a federated exchange needs to work, though. Without sharing which user is creating activity, there would be no way of verifying the legitimacy of activity without some convoluted blockchain process. On the other hand, sharing IP addresses isn’t just unnecessary but more involved.
There’s frankly no point in making votes private, anyway. Why should it matter who knows how you vote?
Let’s just say you don’t understand how IP or llms work.
ohh, so you can’t put train a small compendium everything a person wrote then infer things about that person based on their life. Good to know.
I’ve been dealing with IP’s for about 30 year now, also good to know.
Well I hope you have been, unless this is your first week going online.
Seems like a good thing to me. Should be a better known feature.
How would I go about seeing this information for myself?
Yeah, at worst it’s a necessary evil to prevent a rogue user on a second instance from mass downvoting. Your username is tied to your vote, because otherwise a rogue user could just spam downvotes at whatever they didn’t like.
Instance 1 has a post. Instance 2 has a user who disagrees with that post. User is able to spam downvotes, because instance 2 is not binding their username to the vote. So Instance 1 has no way of knowing if the votes are multiple different users, or all one user. The only real solution here is to disable external voting, but the entire point of the fediverse is cross-compatibility and self-hosting. By binding the username to the vote, instance 1 is able to detect repeat votes and disregard them.
Public votes do absolutely nothing to stop people from making a bunch of users on a bunch of instances and voting from those users. Voting agents are a simple solution to the issue, since you can still just ban the voting agent if it seems problematic.
But there’s a deeper context here, which is we are drawing a weird line between voting being a fundamental, if not critical part of the application, but also apparently grounds for imposing sanctions on users for doing it wrong? That’s a fundamentally flawed mechanic no matter how you swing it, since you can’t standardize any singular set of rules, and we are already seeing a rapid escalation of tit for tat vote bans. This is just unsustainable and is pushing things towards an obvious endpoint where there is such a chilling effect on voting that it negates the entire utility of the mechanic for sorting and content curation.
This is just further evidence that we just shouldn’t have a downvote option at all.
I agree, except we should leave the basic mechanic and just make it a placebo.
Why? I don’t see a benefit to the button at all. Even being able to register disapproval is better done via comment, anyway, and having to articulate it makes you far more likely to self-reflect and temper yourself than if you can just downvote every comment in a thread
No, downvotes are more important than upvotes
I legitimately don’t even know why someone might think this.
Disagreements are more important than agreements, otherwise it just forms echo chambers
You can disagree without a downvote option.
It’s more constructive to formulate a response for disagreement anyway.
Important to note here, too, is that ip addresses of users arent synced across instances.
This is only a problem for people who care about the reputation of their user account - which is something people should be rotating out anyway if they care about their privacy.
This always givea me a 404
Just tested your post here, your instance def opted out.
your instance may have opted out.
Or just buggy results.
I am not saying if it is good or bad but it is terrible that it is not made clear.
Freedom is a luxury and anonymity is a crime. After all, how can any slave think to hide his intentions from his masters?
It was something I had to learn, coming from Reddit.
But I made my peace with it. Let the mods* see my up/downvotes. If that becomes a problem then, well, the Lemmyverse isn’t right for me.
* I was told that anyone can see this, with a little effort.
But I have not heard about this applying to IPs.
Obviously someone running an instance (an admin, not a mod) can see who visits that instance; that’s just how servers work, and it’s valid for reddit as well. If you can’t live with that you must use Tor or VPN.So while I agree that everyone should be aware that up/downvotes + username are visible to anyone, I’m not sure about the IP argument.
IP thing is a risk but I don’t see an alternative as you pointed out.
Only your instance can see ips. They’re a fundamental part of how the internet works, so there’s no alternative to that.
Other instance admins can’t see your ip.
