Question I'd like to hear everyone's thoughts on possibly making votes public. This has been discussed in a lot of other issues, but here's a dedicated one for discussion. Positives Could help figh...
Probably better to post in the github issue rather than replying here.
The problem is its already pretty public, just for mods and admins, and non-lemmy instances.
While I agree its not ideal to have everything be public, given it functionally already is, this just makes it easier for users to see. Right now its a minor hurdle, but still a hurdle - but your votes are not really private/anonymous to start with.
I personally think it should be locked down and votes should be kept under a very tight lock and key.
I posted this already as a response, so I’ll sort of post it here. If we start mapping users to their IRL selves, and agencies can start capturing what someone votes on, you have a few problems. 1) Marketing agencies selling your data again. 2) Governments can start using someones posts against them. You’re might not, but there are several that will. And Lemmy is a global platform.
If you are particularly concerned that you’re going to be identified IRL based on your participation online, you should be changing your identity frequently rather than using the same account for a year+.
I absolutely agree that its a problem. The problem is there is nothing stopping companies/governments from doing that now, and I don’t know if its feasible to make them actually private on Lemmy.
Right now, they aren’t private, you just need a few extra steps to see it all.
Agreed. I’ve never liked that it’s already as public as it is. I remember when Lemmy was taking off and there was a discussion and to me it seemed like people were in favor of Lemmy stepping up user security, but seems that never happened. If user security isn’t critical, than the Fediverse is a complete failure and should NOT be used by anyone for any reason.
Data is not suddenly public just because some people have access to it. Data is public when it’s available for anyone to look at. Privacy is almost always going to be a trust issue on some level, and very few things are possible to do truly anonymously. Some data will always be available to someone in a position where it’s possible to abuse. Instance admins can see your IP address. Should that be available for everyone to see?
Y’know, that’s fair. I think I misspoke, and meant to say that the admins of your instance can see your IP but not the admins of another (assuming you’re not self hosting on your home PC without a VPN), but I’m not 100% sure that’s true because I’ve never looked at the protocol.
If every interaction is already public on the backend/API level, then simply not showing the info to users is just a transparency issue.
The more I’m thinking about this, the more I believe it’s a cultural/expectations thing. On websites like Tumblr, all of your reblogs and likes are public info, but it’s very up front about that. Social media like Facebook, IG, and sites like Discord, it’s the same; you can look through the list of everyone who reacted.
As far as I know right now, IP and such details are your instance only.
Votes, however, are visible across any instance. I agree its a transparency issue. Right now I think a of of folks believe their votes to be anonymous (or only visible to their instance admins at most), but that’s not true at all.
That’s really good to know, and not how I thought the system worked previously. I thought instances were responsible for all vote aggregation and simply reported totals to each other at regular intervals, plus submitting comments/edits from users which are more obviously public
Yup, all visible. The only exceptions are fully private instances (or mostly private, with limited federation) and local only communities.
kbin/mbin also make all these votes public, so you could even just be on an mbin server and see all the votes. So right now its like… jumping over an 8" high hurdle. Or doing the limbo under a pole at 5’. You have to do something, just not much. I wouldn’t call it completely non-trivial to do, but it isn’t rocket surgery either.
The problem is its already pretty public, just for mods and admins, and non-lemmy instances.
While I agree its not ideal to have everything be public, given it functionally already is, this just makes it easier for users to see. Right now its a minor hurdle, but still a hurdle - but your votes are not really private/anonymous to start with.
I personally think it should be locked down and votes should be kept under a very tight lock and key.
I posted this already as a response, so I’ll sort of post it here. If we start mapping users to their IRL selves, and agencies can start capturing what someone votes on, you have a few problems. 1) Marketing agencies selling your data again. 2) Governments can start using someones posts against them. You’re might not, but there are several that will. And Lemmy is a global platform.
If you are particularly concerned that you’re going to be identified IRL based on your participation online, you should be changing your identity frequently rather than using the same account for a year+.
I absolutely agree that its a problem. The problem is there is nothing stopping companies/governments from doing that now, and I don’t know if its feasible to make them actually private on Lemmy.
Right now, they aren’t private, you just need a few extra steps to see it all.
Agreed. I’ve never liked that it’s already as public as it is. I remember when Lemmy was taking off and there was a discussion and to me it seemed like people were in favor of Lemmy stepping up user security, but seems that never happened. If user security isn’t critical, than the Fediverse is a complete failure and should NOT be used by anyone for any reason.
Data is not suddenly public just because some people have access to it. Data is public when it’s available for anyone to look at. Privacy is almost always going to be a trust issue on some level, and very few things are possible to do truly anonymously. Some data will always be available to someone in a position where it’s possible to abuse. Instance admins can see your IP address. Should that be available for everyone to see?
Anyone can stand up an instance though. So its available for anyone to look at right now.
I don’t think it should be made easier, but I don’t think its fair to suggest its currently private in any way, shape, or form today.
Because it is decidedly not.
Y’know, that’s fair. I think I misspoke, and meant to say that the admins of your instance can see your IP but not the admins of another (assuming you’re not self hosting on your home PC without a VPN), but I’m not 100% sure that’s true because I’ve never looked at the protocol.
If every interaction is already public on the backend/API level, then simply not showing the info to users is just a transparency issue.
The more I’m thinking about this, the more I believe it’s a cultural/expectations thing. On websites like Tumblr, all of your reblogs and likes are public info, but it’s very up front about that. Social media like Facebook, IG, and sites like Discord, it’s the same; you can look through the list of everyone who reacted.
As far as I know right now, IP and such details are your instance only.
Votes, however, are visible across any instance. I agree its a transparency issue. Right now I think a of of folks believe their votes to be anonymous (or only visible to their instance admins at most), but that’s not true at all.
That’s really good to know, and not how I thought the system worked previously. I thought instances were responsible for all vote aggregation and simply reported totals to each other at regular intervals, plus submitting comments/edits from users which are more obviously public
Yup, all visible. The only exceptions are fully private instances (or mostly private, with limited federation) and local only communities.
kbin/mbin also make all these votes public, so you could even just be on an mbin server and see all the votes. So right now its like… jumping over an 8" high hurdle. Or doing the limbo under a pole at 5’. You have to do something, just not much. I wouldn’t call it completely non-trivial to do, but it isn’t rocket surgery either.