Edit: obligatory explanation (thanks mods for squaring me away)…

What you see via the UI isn’t “all that exists”. Unlike Reddit, where everything is a black box, there are a lot more eyeballs who can see “under the hood”. Any instance admin, proper or rogue, gets a ton of information that users won’t normally see. The attached example demonstrates that while users will only see upvote/downvote tallies, admins can see who actually performed those actions.

Edit: Obligatory RIP my inbox.

  • Wander@yiffit.net
    link
    fedilink
    English
    arrow-up
    505
    arrow-down
    4
    ·
    edit-2
    1 year ago

    To anyone surprised at this: welcome to the fediverse, please treat everyhing you do or say as public.

    The way to achieve privacy around here is by following the long forgotten arts of the old internet before Facebook was a thing: use a Nick name and don't tell strangers on the internet your real identity.

    Your home instance will act as a proxy and only they have access to your email and IP address. That does stay private.

    So, as long as you trust your home instance to not leak or disclose your connection or sign up data (which would be illegal in EU countries), just sign up with an alias.

    A very positive aspects of this is that it should allow us to detect voting manipulation by correlating the activity of certain potentially malicious actors. If Lemmy instances take vote manipulation seriously and do their best to block bots this has the chance to make Lemmy / Kbin much more transparent and credible than Reddit ever was.

    • abbadon420@lemm.ee
      link
      fedilink
      English
      arrow-up
      150
      arrow-down
      11
      ·
      edit-2
      1 year ago

      Lol. kids these days would psot their bank info online if the banks didn’t prevent them from doing so.

    • BitOneZero @ .world@lemmy.world
      link
      fedilink
      English
      arrow-up
      16
      arrow-down
      1
      ·
      1 year ago

      Your home instance will act as a proxy and only they have access to your email and IP address.

      Your home image typically doesn’t proxy image loading, those are hotlinked to the Lemmy server that the image was uploaded to. So your IP address and browser string are going to other Lemmy servers.

    • DogMuffins@discuss.tchncs.de
      link
      fedilink
      English
      arrow-up
      12
      ·
      1 year ago

      I whole heartedly agree with this perspective.

      Additionally, and this is an unpopular opinion, but trying to maintain a Nick or online identity over many years is folly. You end up with a huge repository of personal information, increasing the risk that it can be connected to you personally.

    • kaba0@programming.dev
      link
      fedilink
      English
      arrow-up
      6
      ·
      1 year ago

      No, an alias will only give you pseudo-anonymity. Even trivial analysis like counting which words occur together frequently in your writings can reveal with very good accuracy any other alt of you, so the available information of you is basically everything you have shared online with enough accompanying self-written text.

      • deweydecibel@lemmy.world
        link
        fedilink
        English
        arrow-up
        2
        arrow-down
        2
        ·
        1 year ago

        Also, it’s not just about privacy, it’s about retaliation. It will be the easiest thing in the world for people to put together bots that will track the downvotes on every post they make and automate adding those people to block lists. Suddenly a whole fleet of alts is invisible to the people that would disagree with them.

    • Yaxoi@lemmy.world
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      The thing is, there is really no way to know is trustworthy as a home instance…?

  • booty_flexx@lemmy.world
    link
    fedilink
    English
    arrow-up
    114
    arrow-down
    1
    ·
    edit-2
    1 year ago

    To illustrate op’s point I’m going to spin up an instance, federate with everyone, and not tell anyone what that instance is.

    Then I’m going to feed all that data into my new website, called Open Lemmy Stats, where anyone can query the user data ive accumulated. The homepage will be ripe with insights, leaderboards and all kinds of data on prolific users.

    Additionally, I’ll display a snapshot/profile of a random user by feeding that users data to GPT4 to make inferences about the user’s political affiliations and display the results.

    Worst of all, I’m not going to out my instance for everyone to know it as the one to defederate. In fact I’m spinning up a few instances that will host innocuous communities that I plan to mod and support to give my instances cover for their true purpose: redundant fediverse datastreams for my site, Open Lemmy Stats.

    I’ll also have a store where anyone can buy my collected fediverse data for a handsome sum.

    Just kidding I’m not doing any of this. But someone absolutely will or already is.

  • czech@no.faux.moe
    link
    fedilink
    arrow-up
    112
    arrow-down
    1
    ·
    edit-2
    1 year ago

    Activities are public and easily viewable on kbin. It’s been interesting. Seems mostly positive other than people harassing those who down-vote them demanding explanations.

    • Muddybulldog@mylemmy.winOP
      link
      fedilink
      English
      arrow-up
      102
      ·
      1 year ago

      Knowing they’re visible on kbin made me realize that most Lemmy users probably weren’t aware, as it’s non-obvious.

      • czech@no.faux.moe
        link
        fedilink
        arrow-up
        32
        arrow-down
        1
        ·
        1 year ago

        Yea, good call. I wonder if kbin makes them viewable because the activity pub protocol does not allow them to be easily hidden.

        • PixelPassport@lemmy.myserv.one
          link
          fedilink
          arrow-up
          50
          ·
          1 year ago

          Seems to be Ernest’s attitude about that sort of thing, he doesn’t like to hide things from the average user that someone more technically inclined would still be able to access

            • PixelPassport@lemmy.myserv.one
              link
              fedilink
              arrow-up
              6
              ·
              edit-2
              1 year ago

              Yeah I think it’s great! I was on kbin originally but I’m a sucker for a nice app UI. I’ll definitely be using it more once the apps are here.

              I also can’t find my lemm.ee community through kbin and I think it’s some kind of federation issue, I’m sure it will get fixed.

              • Coelacanth@feddit.nu
                link
                fedilink
                arrow-up
                4
                ·
                1 year ago

                Kbin and Lemmy are having huge federation issues at the moment, with stuff from Lemmy commonly having a multiple hour delay before showing on Kbin and sometimes it doesn’t show up at all. It might be a bug so we’ll see how it works when the next Lemmy version comes out.

                • Dave@lemmy.nz
                  link
                  fedilink
                  arrow-up
                  1
                  ·
                  1 year ago

                  Let’s be fair, lemmy instances are having the same issues federating, especially getting posts from the big instances. I presume it’s a server load thing.

            • PixelPassport@lemmy.myserv.one
              link
              fedilink
              arrow-up
              2
              ·
              1 year ago

              Kbin is another open source link aggregation program with a different developer that uses the same protocol as Lemmy (ActivityPub), so kbin and Lemmy instances can communicate with each other. If you see anyone with “@kbin.social” after their name then that’s where they’re from. You can check it out yourself here as well kbin.social

        • XanXic@lemmy.world
          link
          fedilink
          arrow-up
          10
          arrow-down
          2
          ·
          1 year ago

          It’s apparently because it’s Twitter based and Twitter shows likes and such. Kbin doesn’t really have a like upvote downvotes thing. It’s like a favorite and a boost. It’s weird

            • JohnEdwa@kbin.social
              link
              fedilink
              arrow-up
              5
              ·
              edit-2
              1 year ago

              Currently yes, but before they started federating they didn’t. That’s why Kbin has both Boost (retweet), and the Favourite (like) is the “upvote”, which end up here https://kbin.social/fav - and until very recently, those didn’t increase your reputation.

              Kbin is (was) less like Reddit and more like Twitter with downvotes.

        • Muddybulldog@mylemmy.winOP
          link
          fedilink
          English
          arrow-up
          5
          ·
          1 year ago

          That’s a pretty reasonable hypothesis. I wouldn’t imagine the motivator was to deliberately create conflict.

      • theinspectorst@kbin.social
        link
        fedilink
        arrow-up
        30
        ·
        1 year ago

        Yeah, I had a good natured discussion with a Lemmy user on feddit.uk the other day where they were still inexplicably downvoting my responses each time, despite us both being polite and constructive.

        It made me realise that a) they use the downvote button quite differently to how I use it and b) they probably didn’t know that I, as a kbinaut, could literally see they were the one downvoting.

    • sab@kbin.social
      link
      fedilink
      arrow-up
      25
      arrow-down
      2
      ·
      1 year ago

      One thing I really like is that it makes it easy to identify users to block. If there’s a post stating that “Nazis are bad” and it has ten downvotes, it’s very easy to use that to block future content from trolls and people I’m not interested in hearing from.

      • deweydecibel@lemmy.world
        link
        fedilink
        arrow-up
        5
        ·
        edit-2
        1 year ago

        Yeah, and guess what? They can do that to you.

        Effectively, every single person can use a bot that will automate the blocking of any user that ever downvotes them ever.

        Like if I made a post that says I like Nazis, and then waited for the downvotes to pour in. Add every single one of those names to a block list, share that block list with all of my alts and all of my friends, and suddenly you have a whole army of Nazi sympathizers that are invisible to the users that would downvote them.

        These hand waving excuses about votes being public are really lacking imagination. This is extremely abusable information, and cursory tools can will be put together to make abusing them simple.

        • sab@kbin.social
          link
          fedilink
          arrow-up
          2
          arrow-down
          1
          ·
          1 year ago

          I think there are some problems about voting being public. I don’t think this is one of them.

          I don’t mind people blocking me, and if I don’t appreciate the type of content people provide I’ll block them liberally. It’s not necessarily anything personal, I’m just cirating my experience.

          Furthermore, I strive to be on instances where nazi sympathisers would be banned, and where instances tolerating them would be defederated. The only issue is identifying and weeding out troll accounts.

          • sauerkraus@lemmy.world
            link
            fedilink
            arrow-up
            1
            ·
            1 year ago

            You wouldn’t know that your instance is infested with tankies and fascists. You can’t see their posts because you’re on the block list.

      • newIdentity
        link
        fedilink
        arrow-up
        2
        ·
        1 year ago

        Depends on where it’s posted in. Also this example is pretty low effort. I would downvote it too

  • kennydidwhat@lemmy.world
    link
    fedilink
    English
    arrow-up
    119
    arrow-down
    8
    ·
    1 year ago

    There’s something amusing about people feeling violated by their activity being made public, but not necessarily by corporations hoarding and capitalizing on that activity & data. I mean, one of them is out in the open. The other is pure abuse.

  • Bill@lemm.ee
    link
    fedilink
    English
    arrow-up
    75
    ·
    1 year ago

    I downvoted the beans and I don’t care who knows about it. I’d do it again.

    This is useful to know though, thanks. I guess assume everything is public short of your password (unless your admin is particularly nefarious and has altered the code to store passwords in plaintext for some reason).

  • FinalFallacy@kbin.social
    link
    fedilink
    arrow-up
    75
    arrow-down
    7
    ·
    edit-2
    1 year ago

    Isn’t that kind of the point? You don’t get very far hiding in a social setting. You’re on a public website talking to other people. Your posts should be public, comments, etc. At least people should treat all websites or apps they didn’t develop personally like they’re public. I mean you don’t really have a right to privacy in public.

    And I’m not trying to say this with some malicious tone or anything but it’s just my view on it.

    • Album@lemmy.ca
      link
      fedilink
      arrow-up
      60
      arrow-down
      2
      ·
      1 year ago

      Posts and comments is one thing… It’s inherently public. But I think being able to see up and down vote publically is a tough pill. If you don’t realize your votes can be seen you risk your vote being held against you. If you do know it disincentivizes you to use the vote system to protect yourself from something that should be rather benign.

      • mookulator@lemmy.world
        link
        fedilink
        English
        arrow-up
        10
        arrow-down
        1
        ·
        1 year ago

        At least you know the instance host isn’t selling your data right? The advertisers already have it 🤪

        • mookulator@lemmy.world
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          I was kind of joking, but now that I think about it isn’t that better? The problem isn’t really advertisers having your data, it’s companies doing skeezy things to be able to make more money with your data.

          This way, instance hosts are free from that incentive and can just focus on making a good website.

      • donut4ever
        link
        fedilink
        arrow-up
        0
        ·
        1 year ago

        That’s my only concern. I don’t mind my comments to be public. That’s what a public place is, unlike other social media platforms who claim to be but they’re not. It’s, like you mentioned, the upvote/downvote system that I’m worried about and will refrain from using. Because it is public, too, it feels like it lets people read your thoughts. So, I’ll refrain from using it until it’s fixed.

      • Vlyn@lemmy.ml
        link
        fedilink
        English
        arrow-up
        0
        ·
        1 year ago

        I mean I didn’t upvote or downvote porn on Reddit either. It’s all personal information.

        On Reddit there were plenty of people with access and the data was sold to advertisers.

        Here it’s public, not great but not terrible either. Also makes it easier to battle vote brigading?

        • deweydecibel@lemmy.world
          link
          fedilink
          English
          arrow-up
          0
          ·
          1 year ago

          It also makes it easier to profile users and weed out anyone who disagrees about literally anything.

          Like, you guys need to consider not every admin is a paragon of virtue.

          • Vlyn@lemmy.ml
            link
            fedilink
            English
            arrow-up
            1
            ·
            1 year ago

            But that has always been a thing. Just like Reddit mods banning you from their subreddit just because you posted in another subreddit they didn’t like. It sucks, but it’s nothing new.

            If either a server admin or a community mod doesn’t like you for what you’re doing, they can kick you out. It’s the same as if this was an old time forum and you pissed off the admin.

            With lemmy you have to watch two things:

            1. Trust the instance admin you sign up with, this is where your account data lives, the admin can read everything on your account. Hell, even your password if they manipulated the instance code, so use a random one

            2. Trust the moderators of the communities you interact with. If you interact with a community and the mods there don’t like you, they can just remove your posts for example. Same as with Reddit

            A random person outside of your instance or communities you interact with can’t do much. They can “steal” your posts and comment data and see your votes. But that’s it. They can’t block your account or kick you out of your favorite communities. They could obviously harass you (just your account, not your email), but then you can block them. Or ask the admin to block their entire instance.

    • pistachio@lemmy.ml
      link
      fedilink
      arrow-up
      24
      arrow-down
      1
      ·
      1 year ago

      Still unexpected. And that’s the problem.

      Comments are obviously public because I can read them. But there is no “upvoted by xx people (and downvoted by xx)” link I can click to see the list of people who interacted this way with the post. It’s only with API calls or similar that I can access the information.

    • Kirpy@le.weme.wtf
      link
      fedilink
      arrow-up
      5
      ·
      1 year ago

      Don’t think people should be expected to be developers to consider their right to privacy on websites where contents meant to be private. Like online banking, instant messaging. Let’s not strip devs of these services of their responsibility.

    • pistachio@lemmy.ml
      link
      fedilink
      arrow-up
      2
      arrow-down
      2
      ·
      1 year ago

      Still unexpected. And that’s the problem.

      Comments are obviously public because I can read them. But there is no “upvoted by xx people (and downvoted by xx)” link I can click to see the list of people who interacted this way with the post. It’s only with API calls or similar that I can access the information.

      • floofloof@lemmy.ca
        link
        fedilink
        arrow-up
        2
        ·
        1 year ago

        In case of pitchforks: I downvoted this comment because it’s a duplicate, not because it’s bad.

  • TimewornTraveler@lemm.ee
    link
    fedilink
    English
    arrow-up
    72
    arrow-down
    4
    ·
    edit-2
    1 year ago

    Edit: Obligatory RIP my inbox.

    Can we leave this kinda stuff behind? It is NOT obligatory.

  • s4if@lemmy.my.id
    link
    fedilink
    English
    arrow-up
    60
    ·
    1 year ago

    Nothing private in fediverse except when you are selfhosting yourself.

    • vinnymac@lemmy.world
      link
      fedilink
      English
      arrow-up
      19
      arrow-down
      6
      ·
      1 year ago

      If post views are public that’s a fairly poor implementation on the developers part. I’m sure it will change over time.

      E.g. someone using your account to view illegal content in a community you are not a member of, and you being held accountable.

      • s4if@lemmy.my.id
        link
        fedilink
        English
        arrow-up
        19
        ·
        1 year ago

        I think the in the current implementation, your post views is not public. But any data you have is still accessible to your instance admin.

          • chris@l.roofo.cc
            link
            fedilink
            English
            arrow-up
            8
            ·
            1 year ago

            Nope. Everything you do is sent to all other instances. If you upvote your instance sends that upvote to the instance where the community lives and that instance broadcasts your vote to alle instances that subscribe to that community. Every instance operator can see the upvotes.

            • s4if@lemmy.my.id
              link
              fedilink
              English
              arrow-up
              1
              ·
              1 year ago

              At least your password hash not accessible by anyone but you… and your dm is also only accessible by your recipient and his/her admin… 😅

              • ninjan@lemmy.mildgrim.com
                link
                fedilink
                English
                arrow-up
                5
                ·
                1 year ago

                While you’re 100% correct Lemmy would feel pretty slow running on your normal computer unless you keep it online and powered on 24/7. Since Lemmy fetches new content continuously and being offline causes a big backlog which will take time to process. It also presents a few extra challenges since you need a domain and cert and a home static IP isn’t super common which means you need dynamic dns and have to set that up. Any restart where you get a new IP will be even slower since you need your updated A host record to propagate before your Lemmy instance can fetch the backlog. Those issues aside though you could absolutely just run it like any dockerized application on your normal computer.

                • HTTP_404_NotFound@lemmyonline.com
                  link
                  fedilink
                  English
                  arrow-up
                  3
                  ·
                  1 year ago

                  If your lemmy goes offline- there is a good chance it WONT catch-up.

                  Servers only retry sending content so many times. ActivityPub PUSHES, rather then pulls mostly.

        • vinnymac@lemmy.world
          link
          fedilink
          English
          arrow-up
          5
          ·
          1 year ago

          Not too bad then, at that point it just depends how they handle log storage on the instance you are visiting.

          Thanks for clarifying.

      • Wander@yiffit.net
        link
        fedilink
        English
        arrow-up
        5
        arrow-down
        1
        ·
        1 year ago

        It’s not possible to make votes private is your care about no manipulation happening. Otherwise any self hosted instance could just communicate any made up amount of votes.

        • WIPocket@lemmy.world
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          Cant they? Sure, they would have to make up new users instead of simply saying a number, but what is actually preventing that?

          • Wander@yiffit.net
            link
            fedilink
            English
            arrow-up
            2
            ·
            1 year ago

            We can monitor actual active users that an instance has. Anything artificial in volumes enough to have an impact would be noticeable in some way to other instances.

            • lightrush@lemmy.ca
              link
              fedilink
              English
              arrow-up
              1
              ·
              1 year ago

              Can’t someone talk ActivityPub directly and do this? If the instance is responsible to authenticate the users, the instance can just directly talk ActivityPub to the rest of the network and tell it users and votes on the fly, without even Lemmy running there.

      • CmdrShepard@lemmy.one
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 year ago

        E.g. someone using your account to view illegal content in a community you are not a member of, and you being held accountable

        Can you explain what you mean here? How would someone else be using your account without your knowledge?

    • DrQuint@lemmy.ml
      link
      fedilink
      English
      arrow-up
      20
      arrow-down
      1
      ·
      1 year ago

      In fact, I’m tempted to say I WANT people to know I’m not the one downvoting them when I disagree.

      • May@kbin.social
        link
        fedilink
        arrow-up
        13
        ·
        1 year ago

        SAME its happened on Reddit where I would have a back and forth w someone where we disagreed but it was respectful, and then in the middle of it I’d notice the other person’s comments being -1 even new ones. Meaning someone who isnt in the convo would start downvoting the other person, and I’d be like ‘what if they think I did it? What if that damages a mutual understanding they were close to reaching? What if that turns them off from considering a different point of view bc they assume I’m doing it and that I’m hostile?’ Then sometimes I’d be like “sorry someone is downvoting you its not me”

        • Corkyskog
          link
          fedilink
          arrow-up
          1
          ·
          1 year ago

          Funny enough that was actually a trolling method discussed at one point on 4chan. Basically the troll was to find new back and forth between two people and quickly downvote the person after someone replied so it seemed like they were doing it. Not sure if it ever became a thing or not, but trolls are aware of the psychological aspect of it.

    • sadreality@kbin.social
      link
      fedilink
      arrow-up
      19
      arrow-down
      1
      ·
      1 year ago

      People might ask you to provide context for your down vote.

      Recently somebody got butthurt about being called out on it.

      I think the feature is nice because you can spot shill ops, as those accounts travel in packs.

      New articles for politicians are pretty obvious about it but so are generic karma farmers. Although I am not sure why farm karma on here.

      • RightHandOfIkaros@lemmy.world
        link
        fedilink
        arrow-up
        21
        ·
        1 year ago

        People can certainly ask about reasons for voting, but that doesn’t mean anyone has to provide the answer. Nobody is entitled to know a person’s reason for voting on posts except for that person themselves.

      • JesusTheCarpenter@feddit.uk
        link
        fedilink
        arrow-up
        1
        ·
        edit-2
        1 year ago

        People might also ask you to provide further justification of your comment. In both cases you can either engage in a civil manner, tell them to eat a bag of dicks or just ingore.

    • Kirpy@le.weme.wtf
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      That’s cool but I think the votes are more trustworthy (in any voting system) if all people feel comfortable voting without some sort of retaliation. Maybe there could be a toggle and you can see who voted that doesn’t mind the vote being public.

  • deweydecibel@lemmy.world
    link
    fedilink
    English
    arrow-up
    47
    ·
    edit-2
    1 year ago

    Reading these comments, seeing so many excuses, sarcastic responses, and handwaving, makes me realize a great deal of users really need to develop some imagination.

    This is not about privacy. It’s about data that can easily be used for targeting and profiling users, and how that creates countless avenues for targeted harassment and wide scale retaliation. It’s about all of the innumerable ways public vote information can and will be abused to manipulate scoring across the site with targeted/automated shadow banning and shared blocklists. Raise your hand if you trust every single admin to never abuse such a tool to curate the outward appearance of an instance to fit a narrative.

    For a different example: I could say something about how great Nazis are right now, and have a bot programmed to read every single person that downvoted me, add those names to a shared blocklist, and viola, I’ve made myself and all my alts invisible to the people that would challenge me on a massive scale.

    I promise you this is going to be a big issue as tools for this site get more sophisticated over time.

  • ScaNtuRd@lemmy.world
    link
    fedilink
    English
    arrow-up
    50
    arrow-down
    4
    ·
    edit-2
    1 year ago

    Not to sound harsh or anything, but those of you saying that it’s okay that all this data is public are insane. This completely goes against the entire philosophy of the Fediverse and FOSS in general. The reason we all are fleeing from Big Tech is because they collect so much data on us. At least, they keep it hidden from public view. This is a major issue in my opinion, and needs to be addressed ASAP before we can claim to have superior platforms on the Fediverse. Why can’t this data at least be encrypted?

  • JesusTheCarpenter@feddit.uk
    link
    fedilink
    English
    arrow-up
    42
    arrow-down
    1
    ·
    1 year ago

    For me, it makes so much sense. Likes and dislikes, besides serving as a means of sorting posts and comments, also serve as a shortcut for leaving a comment saying, “This^” or “I disagree.”

  • Margot Robbie@lemmy.world
    link
    fedilink
    English
    arrow-up
    39
    ·
    edit-2
    1 year ago

    Suppose there is someone who wants to maintain their anonymity and privacy on Lemmy so that it couldn’t be tied to their real identity, what do you think is the best way to do that?

    Hmm, I, famous Hollywood actress Margot Robbie and star of “Barbie”, sure am stumped.

    • Catch42@kbin.social
      link
      fedilink
      arrow-up
      7
      ·
      1 year ago

      I upvote my own posts too, I do try to avoid boosting my own posts. We’re from kbin though, I think on Lemmy self-upvotes are automatic.

      • Thelsim
        link
        fedilink
        arrow-up
        3
        arrow-down
        1
        ·
        1 year ago

        Yea, I automatically upvote my own posts and comments. I felt very self-conscious about it at first, but then I figured all other users do the same.
        So now I just mentally subtract one vote from every score :)

    • Hank@kbin.social
      link
      fedilink
      arrow-up
      1
      ·
      1 year ago

      I always upvote myself. But I have to think extremely highly about my contribution to even think about boosting it.