Nothing is stopping you. Apart from laws that regulate data collection maybe. IANAL.
Removed by mod
Indeed if it’s not a mage corp then it’s a government. There is no winning here.
I appreciate the illustration (and even warning) here. I predict things like this will just lead to more people having throwaway accounts. Now instead of just having throwaway accounts for posting shameful stories, you’ll also find people with their “commenting” accounts separate from their “voting” accounts.
The more I see kbin users calling people out for downvoting them, the faster I expect the votes to just become gamed instead of natural. Anything that’s used to draw attention to the way people vote will make this worse.
We’re in the early stages, but as soon as we start seeing communities that ban users based on their voting records, people will just find other ways to obscure things, which will make it even harder for instance admins to address massive misuse of the voting system.
Removed by mod
I think the biggest concern is getting all participating instances to agree on how to handle the issue.
We’ll start to see more fragmentation of the Fediverse as different instance owners have different views on what should be done. But many of the measures to fight this will only work if all participating instances do the same, whether actively, or by using a new version of the federation standard. Some instances may think the way is to be more transparent, while others may think the way is to obscure the votes more. Now you’ll have the “transparent” fediverse and the “obscure” fediverse with fundamental disagreements with each other on the way things work.
It’s interesting times ahead. Personally, I don’t think federation is the simple answer to all our social media woes like some folks around seem to think. There’s a lot that needs to be addressed, which will be uncovered as more companies like Meta try to get in on it.
Removed by mod
Capitalists gonna try and capitalise. I’ve seen lots of people try and create services like this for mastodon.
Great post BTW.
Removed by mod
Useless fearmongering if focussed on Lemmy only.
This could be done to any twitter, mastodon or reddit user
Could any random Reddit user see what I up or down voted?
So after getting a an AI analysis of all your comments, them selling your data. You only worry about upvotes?
That’s a small difference. This example takes a small difference and blows it up to the extreme.Well yeah. First of all that’s another data point that marketing and AI companies can utilise.
Secondly on Reddit only admins could see how you voted and it was communicated that that is the case. In a federated network anyone who is or can pose as an instance can get that data. The Problem is that people assume Lemmy and kBin are more or less just like Reddit and are not considering everyone can get their voting record they assumed was not public. Better not have liked that kinky adult content or that politically controversial post.
Does the instance owners read your DMs? Does Reddit read your DMs? You never really know.
Jokes on them. I already know what’s in my DMs. /j
Just post everything in public and never have to worry about it in the first place.
Wait… the Lemmy logo is a Lemming?? I’ve spent the last 6 days thinking it was a gerbil. And this whole thing was referencing the Lemmiwinks episode of South Park.
I was told it was a lemur…
Just kidding I’m not doing any of this.
Aw, I was looking forward to seeing my profile and having you save me the trouble of compiling some of that data for myself.
I’m not going to out my instance for everyone to know it as the one to defederate.
Should be fairly straightforward to figure out, if I was interested. I’d create an instance of my own and have it present slightly different information to each of the other instances that federate with me, probably creating a different fictional user to send a few votes from to each of them. Then just check to see which of those fictional users shows up in your data and your data-collection instance’s identity is revealed.
Removed by mod
I guess it’ll become a standard feature for every default installation of Lemmy or Kbin to create a random “trap user” (analogous to the fake “trap streets” in maps used to detect whether someone copied them) for each federated partner, then. You’ll have no idea which ones are actually paying attention to who’s harvesting their data, just that everyone potentially could be.
Personally, as I said, I have no particular qualm with a service like this existing. I’d find it handy and if you really think that you’ll be able to sell the data it collects I expect a dozen competitors would spin up immediately to soak up whatever profit potential it had. But I think the advantage lies with those who are trying to spot your “watcher” instances, they’re going to have to federate and subscribe with everyone so they’ll be pretty prominent in the Fediverse.
I think you’d do much better if you dropped the “muahaha, I’m so evil!” Act and just provided the service. There are plenty of Reddit analogues and nobody cares about them.
Lmao I was wondering if this will be the beginning of the new era of karmawhoring in lemmy because now you could figure out your total karma without busting out a calculator.
WefWef already displays point totals, as will many other 3rd party apps I’m sure. It’s also public in Kbin so you can just view your account from there to check your “Reputation” as they call it there.
Thanks for mentioning wefwef. I just installed it in my instance.
That YSK thread from yesterday inspired me to create a new account with an anonymous relay email, instead of my personal email. I’m not sure how much I would’ve actually had to worry about if I kept using my personal email, but I figure it’s better to be safe than sorry.
I also probably could’ve just changed the email in my first account instead of creating a brand new account, but I don’t really know how data is persisted or anything. That was another case of better to be safe than sorry.
Well nothing is stoping you from doing both. It’s not an issue to get another relay email.
This was the first time I personally used a relay email and I’m glad I did. I also made a mastodon account using the same email but I’m curious if I change my mind on that or not. Personally I think you did the right thing just making a whole new account. Chances are you didn’t use the first account long enough for it to matter.
Skip gpt4 and go with something else
I actually think something like that would be great. Not only for Reddit but also for the data your internet provider, email provider, WhatsApp, Google, Apple, etc. has. People don’t realise that these companies have all kinds of sensitive data. And with “companies” I don’t mean some abstract organisation but literal employees, as in people.
I am more shocked about people being shocked that Lemmy instances can see your upvotes.
Frankly, I think someone should actually do that. Except maybe use open source AI instead of ChatGPT.
The fact is, in a federated setting all this data will be accessible. For example, if lemmy tried to hide who made each vote, and just federate totals, that would allow my malicious instance to report 1M upvotes for my post.
When lemmy tries to hide this data, all this does is instill a false sense of privacy with users. IMHO the best thing is to make all this de facto public data, officially public, so everyone knows and can act accordingly.
As for privacy, I’d say the best thing to do is, keep your account anonymous.
Can your instance not do that as is? Just spin up a bunch of fake users and make them all vote on something?
True - but it’ll be much easier to detect.
I’d wager a fake vote count would be much easier to detect than the same amount of fake users
It’s actually a real problem on reddit where people spin up fake users to manipulate votes. Reddit hasn’t published how they detect that exactly, but one way to do that is to look for bad voting patters, like if one account systematically upvotes/downvotes another. But you pretty much can’t without knowing the votes.
I guess you forgot to link it? Here we go
By seeying most reactions ro your post, I can only think that most lemmy users don’t care about privacy at all. Or, at least, didn’t fully understand the implications.
Removed by mod
I like the idea too, but I’d prefer to wait and see what the official devs think about it, and if adding privacy measures is part of the roadmap. Lemmy is still too new and things are still unstable.
For myself, I’ve already just assumed this stuff is public. I don’t know why I’d assume it was private, in fact. I have a few different accounts and I use them for different things, but anything I want to keep off the public internet doesn’t go on the public internet, on Lemmy or Reddit or Facebook or anywhere. It’s 2023, I think most people have some understanding of this already. Threatening to out data I already assumed no privacy on is not terribly threatening.
Assuming everything is public, on one hand, can help develop better practices, but, on the other, can lead us to stop fighting for our privacy, so I’m always cautious with it.
About the upvotes/downvotes, they give a lot of information about you, and your pattern can be so unique, that a new account could be identified by it. It can also be used for doxing. Having public votes can also lead to metadrama, just like happens in places like facebook with their like system. And don’t forget that it takes just a small mistake to have your identity leaked, and then you have this data available and tied to your person, exposing your psychological behavior and positions on every theme.
Another thing worth mentioning is the email used to join lemmy. This is basically public, eliminating the expected anonymity from a lot o people (remember, most people aren’t tech-savy enough to create a fake one). In time, bots and trolls will become more common and most instances will probably ban fake or temporary emails, forcing the users to use real ones.
It all might not be a great issue now, when we’re small, but if we expect to grow, I think these things will need to be addressed at some point.
