In addition to that, I guarantee you that meta and the like are already running data mining instances on here. Being publicly tied to votes is just more telemetry for the machine. I don’t quite understand why people seem to think that is no big deal.
Awesome! This is the exact stopgap implementation I was arguing for, and I’m surprised how many people kept insisting it was impossible. You should try and get this integrated into mainline Lemmy asap. Definitely joining piefed in the meantime though.
Yes, that is why I am arguing in favor of an additional layer of pseudonymous voting.
But not my votes.
For starters datamining my voting patterns for building a deeper interest profile. It should be pretty obvious how this works in terms of user fingerprinting, and the ultimate monetization of Lemmy data. It would be super naive to think that Lemmy will be the one web space immune to this kind of thing. I guarantee you meta already has an army of silent instances doing this.
Worst case scenario, legit state actors use it to target deanonymization attacks at dissidents. I would not be shocked if the …usual suspects… Are engaged in this kind of thing.
The current trust model already relies on a user’s home instance accurately reporting user activity and not injecting fake activity. Hiding real user votes behind pseudonymous tokens doesn’t change that at all.
As far as I can tell, the activity ranking algorithms don’t actually differentiate between up and down votes anyway. All votes are considered engagement.
Even for delusional tech bro bullshit, the idea that public voting on an anonymous forum will do anything other than create drama is pretty fucking detached from reality.
On Lemmy the concern isn’t even mod abuse - it’s just how much user telemetry is pushed around in plaintext which makes me uncomfortable. I’m sure there are already instances which do nothing but listen to AP traffic actively building activity and interest profiles on Lemmy users. Say what you will, but at least on reddit they have to buy that shit. And if such a rogue admin is even a little bit enterprising, there are a bunch of potential IP deanonymization attacks possible by serving up content targeted to specific users during specific times of day. And probably a bunch of other shady shit I haven’t thought of.
Honestly it’s more than a bit suspicious to me that AP and Lemmy has put seemingly zero effort into mitigating this sort of thing.
Agreed. 10/10.
And you don’t even need real crypto here to start. The home instance can just send vote actions as fixed unique tokens. The way the trust framework currently works, this is literally a drop-in replacement and introduces no new spam/brigade vulns which don’t already exist from a rogue instance. It would be imperfect, and may still make it possible to correlate and infer vote patterns for a sufficiently motivated adve, but it would raise the bar for protecting user telemetry by a huge factor with very minimal effort. I’m honestly a bit surprised it hasn’t been done already.
It isn’t true. As far as I can tell there is nothing right now which prevents me from sending a fixed, unique token for any give action from my test instance instead of the user string itself. Only comments would require the real user string, for obvious reasons. Likewise, another instance could ban that token, or the user or both. This actually does nothing to change the trust model, but would significantly enhance privacy and reduce the propagation of user telemetry.
Yes, and this would be fairly easy to make them at least pseudonymous without even needing to modify activitypub itself.
That said, I still don’t support anything which lowers the friction of vote stalking like exposing votes in even more places. Technically people can look up my address from my license plate number if they really care to, but that doesn’t mean I want to list it in bold letters on my windshield.
Right now votes really don’t matter in terms of post sorting so I’m not sure if there’s really a point to this. As far as I understand it, any vote is engagement in terms of making a post active/hot/whatever
How in the ever loving fuck would being a supportive and loving parent to your child be “extremely stressful?”
Bro holy shit, you are so close to realizing that you might just be wrong, and instead you double down?
No, it won’t, because it has never not been creepy. People should be allowed to go into public without constantly being approached. The part you don’t get is that being asked out for coffee once is novel, twice is fun, but after that it gets old really fucking quick. I do not want to have to deal with that every time I just want to do some fucking laundry.
And 90% of the people who do/did this are legitimately creeps.
I will go to theaters which don’t allow kids or minors at all.
I have legitimately never met a single person in real life who has anything positive to say about bazel, and I assume it it because they have all killed themselves.
This thread is wild, I’m here like “cmake is by far the simplest way to cross compile to ARM and x86, with and without Cuda build targets” and y’all are talking about IDEs for some reason.
Manual makefiles don’t scale though and you end up needing some other bootstrap framework pretty quick.
You don’t even need to message an admin. You can just ban the agent doing the voting.