Lemmy devs are considering making all votes public - have your say
submitted by
Rimu
edited

github.com/LemmyNet/lemmy/issues/4967
Probably better to post in the github issue rather than replying here.
No thank you. I've already had one person go off on me because of some perceived offense: https://lemm.ee/comment/13768482
This is exactly what worries me about this idea.
Same, that is my worry as well.
Hard no from me
I don't want some nutjob with too much time stalking me because I upvoted something about climate change or downvoted some bigoted shit. We all know those fuckos are out there
Voting on Reddit-like platforms is soft moderation by a community, and if you disincentive that, the whole model kinda falls apart IMO
I agree with you. I remember arguing about this a year ago when people first discovered votes were public on Kbin. I don't want to obsess over who up- or downvoted me and I don't want anyone else doing that either. Discussions are healthier when voting is anonymous (or at least obscured as is currently the case).
If bots become such an overwhelming problem that all regular users need access to voting records to better report all the bots I'll maybe revisit my stance. But right now the gains seem dubious.
Your votes are already public. It’s a matter of (a) do we want to make it *slightly* easier for the people who aren’t technically inclined to see them too (b) do we want people acting with the awareness that they’re public.
(a) doesn’t have a clear answer to me. The answer to (b), though, is *clearly* yes.
People say this all the time, but it's not really the case.
I don't think privacy is a binary thing that one either has or does not - there are degrees of privacy. Currently what we have is mostly private, requiring either technical skill or admin access to circumvent. This is a pretty high bar which 99% of people would not be able to reach. You're proposing removing the bar entirely because it is not high enough.
Incorrect. I said that I see no obvious answer as to whether to remove the bar -- that's the (a) part. What I'm proposing to do is definitely to educate people about the existence of the bar and the fact that they shouldn't be voting on porn, or contentious political topics from an account with their real name, or etc etc like that.
More than 1% of the currently active Lemmy users *are* actively running a server (it's 1.4%, 649 active instances out of 45k MAU), so I think the number is definitely less than 99% of people who wouldn't know how to do it in the first place (or find an mbin or Friendica server or etc).
The broader point about it being fairly difficult / fairly rare to have the knowledge, I can agree with, but I wasn't saying necessarily that we *should* make it easier for the 98.6% of people to do; just that everyone should be aware that it's possible so they can make their voting decisions with that knowledge in mind.
Except that it is, people with the skills already bridged that gap for everyone.
https://kbin.earth/m/fediverse@lemmy.world/t/267356/Lemmy-devs-are-considering-making-all-votes-public-have-your/favourites
Hmmm I see a bunch of my friends have not upvoted my post. I will contact them to ask why not and ensure that they do.
Yeah, just like rglullis actually dragged downvoters into the public on a few occasions, to pressure them to explain their downvotes.
Deleted by moderator
How is the data public? I’m asking in the most technical sense?
This informs an issue I’ve had lately with a group of three people or bots following along my comment chain (All my comments, for a while, were dropping consistently to -2 score in all contexts).
It’s my understanding that votes are not public. Am I wrong?
All votes are public, they're literally broadcast to the Fediverse writ large. You vote on something on your server, your server then tells the server owning the thing you voted on and that server then tells anyone who is interested (subscribers on other servers). That way everyone knows that this comment was voted on, but that information is indelibly tied to you - an entity on the Fediverse.
Lemmy devs just chose not to a) show that information in a UI (plenty of other software out there does) and b) not inform people that was the case. Which leads to the whole point of the thread, hiding this from users merely gives a false sense of security.
They already can. This information is not locked away.
They'd get defederated.
Deleted by moderator
How do you know who you're defederating with? When I set up my instance, the list of federated instances was thousands. How do you know which one is scraping the data?
Your idea of a nice world and mine are very different.
Your world does not correspond to reality given that mbin already shows individual votes.
Head over to your comment on fedia.io and see who voted on your own comment.
Do you want to only vote on instances that defederate all mbin instances, and commit to keep doing so in the future?
You say that, but you simply have to be using something that isn't Lemmy and that information is there (doubly so if you're an admin on any of these systems)
I agree with the general point that privacy isn't a binary thing, but I don't think the bar is nearly so high, as it simply takes opening the post in the right kbin(/mbin?) instance. This requires neither technical skill nor admin privileges.
Admin access means nothing if you can set up your own instance in an afternoon, federate with everything, then get all the votes copied to your database. I have done this just to prove it could be done, btw.
piefed is already extremely redditty maintaining behind-the-scenes 'karma' and 'attitude' for users whether they signed up for it or not. why shouldn't this info be public instead of in the hands of admins only?
https://join.piefed.social/2024/06/22/piefed-features-for-growing-healthy-communities/
Oof, I'd rather just stick to Lemmy and let people see my votes rather than deal with karma.
that's kind of the point, other instances are already aggregating and rating your votes given and received, why shouldn't lemmy show this to you?
Summed up my whole sense of humor in half a throwaway sentence ;-)
Seriously though, interesting read, thank you kux… you can really feel the author’s frustration and yet I can’t help but feel that they are interested in a certain kind of idealistic online community. Reddit but with a really restrictive HOA where everyone has the exact same color mailbox.
the author almost certainly has more experience in managing online communities than me (i have none) but it seems counterintuitive to see a dumb take, downvote *and* bother to leave an argumentative reply rather than just downvote and scroll past. downvotes in this case would defuse potential arguments rather than start them, but i'll defer to the author and assume that's not what happens
Technical people can struggle when a choice isn't a zero or a one.
(b) will just lead to fewer up and down votes, i.e. less engagement. That in turn could lead to slowly bleeding out.
I would like a (c) where my instances collects all the votes on the post, and then transmits an anonymized aggregate.
That would require a major change to the ActivityPub standard, which is not easy or trivial. This is at worst infeasible to impossible, at best something that is 5+ years away.
This is not true, the piefed admin implemented pseudonymous voting agents in around 48 hours
Piefed's experimental mechanism isn't *truly* anonymous. For instance I'm pretty sure you're the downvote from PieFed on my comment.
You can still figure out who is behind votes by examining the proxy voting actors and their voting patterns. But it's probably close enough.
If you wanted to share only an aggregate with other instances, that would require activitypub changes.
My votes on piefed are not public. This dev took the obvious idea of a dedicated voting agent and implemented it in about 48 hours.
Mod-admins are already doing this, even if you vote and don't comment on something.
Isn't the obvious thing to just have it be an option that admins can enable or disable? Maybe have a third option for only showing upvotes? Then it's up to each instance to decide, and users can decide to go to instances with the option their prefer.
Yep. Same for me.
What might be interesting would be to have it displayed, but grouped by instance. That way we could see some data and potentially uncover troll instances or attempts to brigade the conversation without opening ourselves up to personal attacks.
It's already public, it's just lemmy users who don't see them.
If they're a serial downvoter, then it's easier for you to track them and block them as well. Double edged sword i think
I thought blocks were one way - you can't see anything from the person you blocked, but they can still see your stuff?
Hmm, i haven't have experience with that, but even then you achieve your peace of mind and whatever they do means nothing.
I downvoted SO much more on Reddit than I do here. The comment quality here is leagues better.
I don't see the benefits but I see drama this would cause.
So the annoying neckbeard i downvoted for being an annoying neckbeard is gonna DM me?
Yes
No joke, if I start getting harassed over votes on this site ill probably just leave. Its already pretty toxic.
You should be reporting and then blocking a user that harasses you in that manner. Those tools are available to you for a reason.
It hasn't even started yet and somebody is pulling the 'why aren't you just blocking them' shit.
Okay, well, what are your expectations for an (edit: public) online space? What makes blocking unreasonable people an unreasonable option for you?
To be clear, I'm not trying to lay the responsibility exclusively on users here. Trolls and agitators have been around as long as the Internet has. But moderators are volunteers and don't have the bandwidth to diligently police their spaces 100% of the time.
Reputation, whether informed by a voting system or not, has always been an important component of excluding bad behavior in pseudonymous communities. I don't think it is a reasonable expectation that you can participate in a space without spending any effort in keeping it clean for yourself and others (not that I think your position is necessarily that severe.) Reporting bad behavior should be the minimum expectation, and I see the block list as a fallback for when moderation efforts are insufficient or don't align well with the user's expectations.
I rather not. If it does happen, I’ll just rss Lemmy and stop using my account. I like Lemmy the way it is because there’s not much focus on votes and more on actual discussion.
Every single one of your upvotes on lemmy is already public due to how the protocol works, it's just currently obscured by a bit of work to get them (have to run your own instance, assuming there already isn't some online tool to easily look them up)
Making them publicly and easily visible would only remove the *illusion* of privacy we currently have, not actually make your upvote logs less secured in any way
For me, personally, it’s more about the focus of votes vs actual discussion. I’m worried it would turn the tides and make people much more focused on the votes than actual discussion. It might make it echo chamber-ish.
I recently disabled showing votes on my side (through Voyager app). Even if I get downvoted a hundred times over, if I just get a respectful discussion with links to (trustable) sources. I’m all alright with that.
I think it's a bad idea. It's just going to start harassment and witch hunts when someone gets a downvote they don't like. Stalking is going to be a thing, people are going to aggregate all the votes you've done to make assumptions about you to then bully you. Once public, sources outside Lemmy will start gathering and cross referencing data about you.
In the US, when you vote, the vote is private to protect the person. Making votes public will only empower those that would abuse it. It very well could end Lemmy due to massive bulling, harassment, and the decline of activity.
i already have had multiple weirdos harass me on lemmy for not being leftist enough. i've blocked dozens now, and really kills the experience to have some crazy people go around and brigading your comments because you disagree with their political viewpoint slightly.
way too many people take the internet comments/points WAY too seriously...
I agree. I already tend to get tossed into a category because I don't agree with a majority of the user base. If people can get categorized more by how they vote, and lemmy users are already pretty savvy, I can see a scenario where people get tagged.
Exactly. We need counter views. One of the problems with any type of social media has been echo chambers and the lack of healthy debate/conversation. People have forgotten how to have a civil debate/conversation with someone else. And people tend to act like, if you don't 100% agree with me, than not only can we not be friends, but you're actively an enemy. That shouldn't be the case. We do not need everyone to agree on everything, it should be acceptable to have a different opinion.
With everything public, we're going to have no healthy conversation since people will use previous votes (up or down) against someone. One of the issues is, an up/down vote by itself doesn't give much insight into anything. It's not like the vote itself is quantified. We already see people try this with digging into post history to make assumptions of someone and bring it up as "evidence".
Man it doesn't even need to devolve into a debate. You get berated just for having an opinion on something more and more. That's the problem with the voting system anyways. People that don't share an opinion with you shouldn't even have an option to down vote. Just don't vote at all. Up votes are for shared opinions. But even then the biggest gripe I had with reddit was the system has the up voted "popular" comments as the most viewed as well, leaving the opinions of people unseen without looking for them.
People are impressionable. If they see everyone agreeing with a comment they feel they need to skew their opinion towards the common dissent or risk being alienated. We're communal creatures. And social media screwed with our heads with the need to fit in.
I thought the whole argument was the internet was an echo chamber *because* of it being anonymous. Look at right-wing groups that employ masks where they can hide their true intentions behind "just being normal citizens". It's the groups like "Moms for Liberty" that are outed for their corruption because they have to use a public face during council meetings and such where you can't be anonymous.
I'm having trouble seeing how downvotes being public would lead to more harassment. You would have to make sure you're comfortable with putting your opinion forward just like with commenting. If there's someone going around downvoting someone relentlessly it will be brought to light for all to see, not hidden like it is now. That would encourage more people to speak up because their detractors would have to do so publicly and without explanation they seem like they're not bringing anything to the table in the discussion (returning downvotes to their true intention in the process).
edit' format, grammar
It's not just downvotes. Upvotes could be used as well.
That works unless your opinion is the minority. What if there's someone's gay in say a location that might put them to death for being gay. And now they can't even upvote/downvote safely because any action they take could be used against them. Swap out gay for any really where people can be punished IRL for something online.
To what end? What benefit does that bring other then further harassment/bullying? If I actively know someone is downvoting me because I said Batman sucks and they decided to go through my entire post history to downvote everything, what, if anything should the response be? Do we form up a council to start handing out punishment and review cases?
There's a huge disconnect already from view count, posts/replies, and votes. If you're going to require that a vote must come with an explanation... you're going to see engagement drop to 0. This really sounds like the "if you have nothing to hide" that's thrown around on why governments/police feel the need to pry into everything. Which you might agree with, but I very much don't. And frankly, I don't think it's going to encourage more people to speak up, simply because people just don't have the time. It's easy for a person to just upvote/downvote something without saying something, especially if they have nothing to add.
Throwaways / burner accounts remain a thing that are available for both positive and negative use cases.
In case you're not aware, all your activity via the ActivityPub protocol is already public - it's just that the details are hidden by some front ends. It is already possible for anyone motivated to check your post from a federated instance that displays full vote details, or to host their own instance and receive the raw voting information from places they're federated with.
Yes, you can have communities with higher moderation standards, Beehaw is a great example -- but those are local moderation standards, it does not stop the general public from seeing what's going on as onlookers.
IMO it's no different than most message boards in the earlier days of the Internet. You are pseudonymous, not anonymous, and when you consistently participate on an account, that identity is going to develop a reputation based on how you participate. Upvotes and downvotes just cut down on the kind of low-effort "this", "love this post", "fukkk u omg" replies that would add noise to threads in those days.
Gah, way to take it to extreme. You are not private or anonymous on here, if your actions on this platform put you in danger than do not continue to interact thinking it's completely safe! These things can already be seen, this discussion is about making it show up in every UI by default instead.
If someone is going through your history and downvoting in a harassing way, just block them. They're not there for discussion and the problem is solved. Without seeing a repeat offender you'll never know and the harassment can continue. I see discussions being more open honestly, you actually have to take a second to think about your downvote instead of just gut reacting it.
The problem is its already pretty public, just for mods and admins, and non-lemmy instances.
While I agree its not ideal to have everything be public, given it functionally already is, this just makes it easier for users to see. Right now its a minor hurdle, but still a hurdle - but your votes are not really private/anonymous to start with.
I personally think it should be locked down and votes should be kept under a very tight lock and key.
I posted this already as a response, so I'll sort of post it here. If we start mapping users to their IRL selves, and agencies can start capturing what someone votes on, you have a few problems. 1) Marketing agencies selling your data again. 2) Governments can start using someones posts against them. You're might not, but there are several that will. And Lemmy is a global platform.
I absolutely agree that its a problem. The problem is there is nothing stopping companies/governments from doing that *now*, and I don't know if its feasible to make them actually private on Lemmy.
Right now, they aren't private, you just need a few extra steps to see it all.
Agreed. I've never liked that it's already as public as it is. I remember when Lemmy was taking off and there was a discussion and to me it seemed like people were in favor of Lemmy stepping up user security, but seems that never happened. If user security isn't critical, than the Fediverse is a complete failure and should NOT be used by anyone for any reason.
If you are particularly concerned that you're going to be identified IRL based on your participation online, you should be changing your identity frequently rather than using the same account for a year+.
Data is not suddenly public just because some people have access to it. Data is public when it's available for anyone to look at. Privacy is almost always going to be a trust issue on some level, and very few things are possible to do truly anonymously. Some data will always be available to someone in a position where it's possible to abuse. Instance admins can see your IP address. Should that be available for everyone to see?
Anyone can stand up an instance though. So its available for anyone to look at right now.
I don't think it should be made easier, but I don't think its fair to suggest its currently private in any way, shape, or form today.
Because it is decidedly not.
Y'know, that's fair. I think I misspoke, and meant to say that the admins of *your* instance can see your IP but not the admins of another (assuming you're not self hosting on your home PC without a VPN), but I'm not 100% sure that's true because I've never looked at the protocol.
*If* every interaction is already public on the backend/API level, then simply not showing the info to users is just a transparency issue.
The more I'm thinking about this, the more I believe it's a cultural/expectations thing. On websites like Tumblr, all of your reblogs and likes are public info, but it's very up front about that. Social media like Facebook, IG, and sites like Discord, it's the same; you can look through the list of everyone who reacted.
As far as I know right now, IP and such details are your instance only.
Votes, however, are visible across any instance. I agree its a transparency issue. Right now I think a of of folks believe their votes to be anonymous (or only visible to their instance admins at most), but that's not true at all.
I am fan of Swiss Appenzeln Innerrhoden voting system. In public and with hands up. It's supporting the civic courage values. It's easy to ostracize people for no reason when you're anonymous
I would hate to have to deal with "why did you downvote me?" comments, but I'm also not sure I would have the self control to abstain from leaving such a comment myself.
I think that making vote identities easily accesible to every user runs the risk of increasing harassment and decreasing discussion quality.
*downvotes your comment* *leaves*
I disagree with the decrease in discussion quality. Votes inherently create echo chambers. We have low effort conversations where we all downvote someone whose opinion is different and it makes them feel whatever kind of way, and they act accordingly. Whether it be leave, lash out, or discuss. If it wasn't built in and someone wouldn't already know I would say it is a bad idea, but since it will exist, making it so people learn to be civil is probably best.
This would probably escalate a lot of arguments that break out in comment sections.
I fear this, too, but I'm not sure what that'd look like. Would people tag someone who downvoted them and act like they're entitled to an explanation? That would probably(?) earn a block from me.
Edit: never mind, that's exactly the kind of thing that happens, it seems.
I'd go for the block and move on approach as well. Nobody is entitled to an explanation.
It helps people and discourse, so it's appreciated. Stalking and tagging downvoters is probably going too far, though.
I’ve already seen admins go through the federated votes on their instance to call out anyone who disagrees with them.
I don’t have a strong opinion either way but I don’t think it will be healthy for discourse to unlock that power for everyone
That is excellent behavioral information to have when deciding whether one's instance should stay federated with those admins, for what it's worth.
Deleted by author
Kbin/Mbin show votes too.
Edit: But I think downvotes are hidden by default now.
No need for a Lemmy server, kbin/mbin put it in their interface
https://kbin.earth/m/fediverse@lemmy.world/t/267356/Lemmy-devs-are-considering-making-all-votes-public-have-your/favourites
Saying the fediverse is good for privacy is just plain false, that's the kind of information anyone can acquire, even an ad company. All they have to do is federate a silent instance and see all you do.
That's way too much work. I just logged into my original account on kbin.social and tapped on the activity button to see votes before that instance went down. If I want to see votes again I can set up an account on any kbin or mbin instance in less than a minute and do the same thing.
This is not the case. What percentage of the population could set up a Lemmy server, do you think? 1%? 0.1%? Of those, what percentage have the time to set up a Lemmy server? 1%?
Deleted by author
Yes I know. Mbin and Kbin should be encouraged to change this. We're currently in a fairly benign environment so it doesn't really matter but if the threadiverse ever got big then this could become serious enough to be a cause for defederation.
Who are you to impose how others run their instance? Clearly this should be an option that each instance can set by itself. You are of course free to defederate, but that's kinda like an instance that has downvotes disabled defederating from instances that have downvotes enabled. You can do it but it's kind of arbitrary I would say.
I understand that this information is already basically public but there is a thin barrier to the average nitwit user accessing such information and going in a rampage screwing with people who have downvoted them. I'll say this, if they make it more public I think I will just simply stop voting. I will continue to use Lemmy but only as a passive user.
I don't even run with votes enabled(I can vote but can't see scores) on my clients, but like yeah this will definitely make me second guess any type of interaction with voting for both directions because I don't want to become a target for harassment. It defeats the purpose in my opinion of having the system in the first place if someone can't truthfully vote the way they want.
I think in one sense it can be good. Sometimes it is counterproductive to downvote someone from 1 to 0. I think this would prevent that, as the first downvote is probably the most important one.
But I agree that making any data public will allow everyone to be categorized easily. "This person dislikes this content and likes other content."
Remember, you are giving this info to everyone. Mark Zuckerberg will be able to see what you like and dislike in all public votes.
ActivityPub is designed to be public though. Lemmy's current choice not to display the details of voting information does not prevent Zuckerberg or anyone else running a compatible instance from receiving all those details and looking at them.
As an aside, I currently prefer mbin's style of keeping the vote totals separate. I think it provides more useful context to be able to tell the difference between a post with 0 upvotes and 5 downvotes, and a post with 35 upvotes and 40 downvotes, rather than having them both display -5.
Also, not sure if this is different on Lemmy, but a fresh post is at 0/0, it does not start off with an upvote from the user who posted it. I kind of like that, but I'm not sure how much it matters
Do not make votes public. It will lead to personal attacks.
They're already public if you look via kbin or run your own instance.
The experience of kbin and mbin users say otherwise, however.
I guess all 6 of them can be trusted. Lol
Well, there are other problems too of course, but you can check the rest of the thread for that or check my comment history.
Because the fediverse isn't as big as you think it is and so the number of crazies aren't a problem yet.
It leads to an even bigger echo chamber, people with unpopular opinions will get ostracized not just for their comments, but even for their voting. There's a reason why any real democracy has secret votes.
Comparing to democracy doesn't make sense, as democracy has mechanisms to ensure 1 person = 1 vote. The internet has no such mechanism. If we did, I'd be all for private voting.
Sounds like those people doing the ostracizing should get moderated if they can't handle being downvoted. Besides, if a dickhead wants to see the votes today, they can find them - votes are public, Lemmy just doesn't display them in the UI.
I know, it's an issue, but there are certainly ways to solve it, like having the vote identity split between multiple servers that can still confirm with each other that the vote is valid, but neither would reveal the actual identity to make it traceable back.
That's unfortunately not how it often works. Small, ostracized and vulnerable groups often get taken advantage of. As an example, imagine I want to make a good faight argument around, say, a political topic like Russia. Or a sensitive topic like paedophilia. Or about abortion or trans rights in a religious subreddit. Chances are I'd get downvoted to oblivion, even if the consensus (at least originally on Reddit) was that downvotes should not be used to simply disagree with someone. But at least I "opt into" that, by putting myself out there, knowing that the comment will be attached to my name.
But that's not really the standard with votes, and them being public has a chilling effect, makes it easy to harass people just for (dis)agreeing with something, etc. We should find a way to make votes more private, not less.
Yes, the votes are already kinda public, but there's still at least some barrier to it, and most people either don't know or care enough.
This doesn't solve it. I can still just make multiple accounts and vote multiple times.
The only way to solve it would be to actually verify that each account is associated with 1 real life person and then verify that each person only votes once on each post. But that requires essentially verifying a passport and documents for each user which is totally infeasible and has far worse privacy concerns than public votes do.
Enabling retaliation disincentivizes personal attacks
Should be a server setting, just like how some servers can choose to show combined votes or separate up/down votes.
I think people misunderstand. I too would prefer privacy, but theres a big BUT.
Due to how the federation works, anyone who is tech savvy enough can already see votes. One way is to run an instance.
This change doesn't lower privacy, it aligns expectations with reality. A false sense of privacy, which people obviously show here in the comments, is way more dangerous.
I accept if a dozen people can see my votes.
That's not what you're saying.
Ultimately I'm not invested in this decision. If the instance wants to watch people vote then people stop voting truly or at all.
Except, if you're using *anything* other than Lemmy at this point that information is already about. The Likes/Dislikes are considered public information by the protocol. Lemmy devs probably just didn't get around to building out the UI for that before the Reddit APIcolypse.
If anything, Lemmy devs should work on methods to obscure user identities, not expose them.
One of the biggest issues with the fediverse is very specifically how much user information can be exposed outside your home instance. As has been pointed out in this thread, it is very easy for rogue instance admins to set up quiet data mining instances.
It seems like it should be relatively straightforward for certain activities, like votes and telemetry, to be anonymized/tokenized for the purposes of federation, since that information all propagates outward from the home instance anyway.
Lemmy actually marks votes as private for federation, but it seems that kbin/mbin ignore that.
Ahh, didn't even know there was a flag for that. I don't suppose you could link to the relevant w3c or FEP for it?
https://www.w3.org/TR/activitypub/#public-addressing
Next time try reading the spec before asking.
I read about that. In my opinion is that what should change, if possible. There are good reasons why votes a secret in democracies.
Then again, private votes would be private for mods and admins too. So no more moderating vote brigading or downvote abuse or anything like that.
Good point. Would it be useful to somewhat anonymize them by giving every user a unique code? So admins would see these codes but not easily know what users they represent.
I'm afraid this may enable a malicious instance to use this mechanism to manipulate votes while making it much harder to detect. I think transparent voting is much preferable.
If we look at any of the big social media platforms with public votes, that has not prevented voting abuse through bots and the like. Rather it has served to fuel online harrassment campaigns and value of influential individuals votes (ooh Bill Gates liked X, Kamala Harris disliked Y etc.)
Aggregating votes rather than having individually visible votes serves the purpose of shifting focus to how the community values of the content. It's the same reason that we follow communities rather than people.
That would be great. I'm not sure how to solve the problems that arises though. If i can send an anonymous vote to an instance, what stops me from sending 100? Maybe there's some smart cryptographical solution here that alludes me, but it seems hard, if possible.
You could just hash your username+instance combo, right?
hmm, how would the receiving instance verify? what happens if I send 100 random hashes?
This is literally already a problem. I can easily set up an instance and write a simple bot which just spams votes with randomized user strings. There are generally a bunch of these functional vulnerabilities in the AP trust model which are only mitigated by the current lack of scale. Work needs to be put into reworking the trust model, not exposing user telemetry to even more people.
Each instance could store a static private key used to encrypt all usernames in that instance maybe?
Even on github they are public. Lol
If this is a hard requirement for federation, then I guess federated services are not for me, as I value my privacy more than I care to use them.
No, votes should not be displayed public.
Blocking those who downvote creates further polarisation, echo chambers and an environment more hostile to discussion and honest exchange.
Following those who upvote creates personality cults and nepotism and devalues the content.
Deleted by moderator
Redditors did that, rather than reddit I'd argue. Still the same result of becoming a far less useful heuristic though.
Not really sure how to "fix" a system like that, which depends on the masses to do something correctly. They... don't.
If users are the problem and the platform encourages/enables them to behave like that, then the problem is the platform. Redditors act that way because the system incentivizes it.
What alternatives to votes would you propose to handle this better? Because I have no doubt the same thing will happen here too...
It's just how people work, especially when things get heated. That said, perhaps that's a poor example as a heated discussion isn't necessary a helpful/constructive one...
I already said: upvotes only, remove downvotes, votes are public. If we don’t have downvotes public voting is not as important. But if we insist on keeping them, then yes it should be public
We also need people to be more accepting of stricter/heavier-handed moderation, which is a hard sell.
Deleted by moderator
Or some self entitled 3rd party admin would do that just because they'd feel like people owed them explanations.
Deleted by moderator
But... we had those on reddit. I didn't see many actual examples of the "moderator gone power crazy" stereotype that is so often echoed there (especially by people who fully deserved the moderator action they received).
The issue wasn't that the rules were clear. The issue was that people refused to read them in the first place, and became hyper-defensive and obstinate whenever they were called out on it, even by moderators.
(Score: 5, Insightful)
Maybe the upvotes should only be available to the person who owns the comment or post. Maybe to the mods and admins, too?
This is an interesting conundrum. On one hand it would help locate foreign agent bots/bad faith actors faster and recognize vote manipulation by bot farms. On the other it will lead to even more account-stalking problems, user drama, and would further enable vote dogpiling if you see certain known users voted a certain way.
I'm inclined to say no. They are already "public" if one wants to put in the effort to admin a standalone instance or run alts on multiple services they can see if they care- I personally don't really care
Hard no. I'll move on like I did a year ago from Reddit, and I was on that site for 14 years.
Just from a political/nation-state viewpoint, it would needlessly expose information to make it easier for countries and political parties to keep some kind of "social score" and decide when to do something to you. China already does this kind of stuff.
We need to make it easier for everyone/anyone to do this? Think about all of the super-divisive issues at hand. People can already get a sense of your views from your responses, and that should be it.
Deleted by moderator
Man I would have assumed that information would be cryptographically obfuscated while still being verifiable, like monero.
Deleted by moderator
Like monero. However monero does it is the strategy I propose.
For the same reason it’s not readily available already.
Deleted by moderator
Votes are already public, lemmy just doesn't let you see them in the interface.
Just so you're aware
https://kbin.earth/m/fediverse@lemmy.world/t/267356/Lemmy-devs-are-considering-making-all-votes-public-have-your/favourites
I'm not sure what this is supposed to tell me, sorry man.
That yor votes are already public.
If you open via browser, it linked to this post but in Kbin, there you can find your comment and click "More" then "Activity", click the "Favorite" tab and you can see the people who voted your comment.
Edit: to clarify, kbin already have that ability to see upvote(favorite) and downvote(reduce). I think admin also have the ability to set the visibility of downvote because i used to use kbin to check for random downvoter before admin here get the update for the function.
Please No
Every vote is recorded in activitypub and carries or else it wouldn't know you already voted. That information is public on other instances currently, so people you are responding to may have that information.
*Please Yes*
I would say no. I don't want some dumbass to interogate me about why I downvotes thia and why I upvoted that.
Ignore them?
They already can with effort. No reason not to add it.
If it's effort, virtually nobody does it. Convenience is king since the beginning of the internet.
Yes there is. They might not bother most of the time because it's annoying. Having vote information accessible at a glance might create a situation where people have more sterile discussion and create more drama about votes because they see it. And that sounds annoying.
I hope I'm wrong.
Not everyone has a github account and can comment or vote there.
But, agree. Don't think any good will come from making votes public. Any pro/con should be measured against who it benefits. If it's mods or devs, there are always alternatives
If it's end-users, consider the edge-cases and the repercussions of malicious actors having access to those individual preferences.
tbf, github accounts are free
I am kind of afraid that if voting becomes more public than it already is, it will lead exactly to more of the kind of "zero-content downvote" accounts mentioned in the ticket. Because some people are just wildly irrational when it comes to touchy subjects, and aint nobody got time to spend an eternity with them dismantling their beliefs so they understand the nuance you see that they don't (If they even let you). So it kind of incentivizes people to create an account like that to ensure a crazy person doesn't latch on to the account you're trying to have normal discussions with.
But I understand that they can technically already do this if they wanted to. So perhaps it will be fine as long as we fight against vote viewing being weaponized as a community.
Yeah I didn't realize votes were essentially public already. This will 100% change my voting patterns. The problem is, I'm an idealist who still follows old school reddit voting guidelines of "this adds to the conversation" or not..so I upvote stuff I don't agree with as long as it is well thought out, well said, or at least civil and trying to have a good conversation. When I remember to, I also tend to downvote vitriolic nonsense or pithy nothing comments even if I *agree* with the values, because I don't think it helps anyone to have annoying angry echo chambers. That's like...the entire Internet right now, and Lemmy is already bad enough with that. It doesn't need to get worse by making sure everyone is voting in lockstep lest they get brigaded (which there are no inherent protections against).
That's basically how I'd do it. I think it's super creepy to have voting public and I'm wary of people who insist that transparency involves weirdo shit like this.
Aren't they already practically public, given the federation?
Yup. Host your own instance and you could even write a browser plugin to make them visible to every user.
It should actually be made more private.
How? The ActivityPub protocol has no support for private votes. Also, private votes would be private for mods and admins as well, which would make downvote brigading and vote manipulation very hard to detect and moderate.
Hmmm ... is it not really possible at all? Just riffing here ... the identity of a voter isn't necessary, just a means to ensure the uniqueness of a voter so there's no duplication etc. So ... could a hash of the voter's ID be distributed with the vote to prevent duplication?
In ActivityPub, no, not at the moment.
How would you verify that such a hash is coming from a real user? What if an instance sends 1000 fake hashes as votes? Also you could still correlate hashes and figure out who is behind the hash by looking at voting patterns of that hash.
What's the difference from users though?
You'd give each user an anonymous vote ID that only the instance can link back to their username.
Imagine you have 500 users that consisently upvote each other and 500 users that vote randomly on different posts. If you jumble up those 500+500 in 1000 random hashes, it becomes impossible to distinguish who is part of the voting ring and who isn't.
Yea ... that makes sense. Thanks!
Still ... intuitively it feels like if the "threadiverse" platforms weren't so concerned with interoperating with the likes on microblogging platforms, they could come up with a system that involved only sharing total vote numbers from their instance without any idenfifying metadata.
Only sharing aggregate votes could also lead to a lot of issues with vote manipulation, as it is very easy to manipulate such an aggregate.
I agree that ActivityPub is biased around microblogging though. For all its flexibility and universality, it is surprisingly catered to that use case.
The last thing I need is people knowing I upvoted a nsfw post, so nope thanks.
Found the one guy who watches porn!
that sick bastard
That's disgusting! Tell me the nsfw instances that I should add to my banlist.
Most clients make having multiple accounts super easy.
Not that I'd know anything about that 🫣
mbin users can see that right now.
how?
Votes are public data, just not exposed by the lemmy UI
This makes things weird.
We know all your kinks now
By simply using the default mbin UI and clicking on two menu options for any particular post or comment.
But they know already, if they are on mbin or run their own instance.
Own your kinks.
And in turn teach not to kink shame.
Be a voice of change for the kind in this hateful world.
it should be a setting per instance to hide/show all, some or none
Probably for the best if downvotes remain less easy to access, at the very least. There's a myth that people who are suicidal will "find a way even if you take away some of the easier methods", which is explicitly false. If you take away the easy option, you are directly reducing the harm that easy option might have caused. https://gizmodo.com/why-have-people-stopped-committing-suicide-with-gas-5959303
If the admins take away the quick and easy option for seeing who downvoted your passionate comment, the mods are directly reducing the number of people who go on rants about downvotes and targeted vitriol.
It has nothing to do with privacy; this is a public forum that by it's very nature, *requires* that all activity be easily available to all the sites you federate with. There is not privacy in that.
This is about the type of community that forms around the software. Do we want to encourage, and make easily available, the list of people who disagree with you? Or do we want to to put minor barriers around that to help keep the number of people who do that low?
I'm not sure the comparison to suicide holds up. I could just as easily compare it with migration where it *is* absolutely true that people will find a way to migrate even if you take away the easier methods. It's simply completely different things.
Not sure what you mean about migration. People absolutely do move less when it is made harder to move. Mitigation isn't perfect, it never is, but for damn sure it helps.
Just because the wall is dumb as fuck doesn't mean it didn't stop at least a few people from crossing the border.
Let's create separate accounts for voting and for posting so to improve anonymity and freedom of expression.
I have been considering building it into PieFed, if votes became public. There would be a pool of 1000+ bot accounts which will vote on behalf of anyone who wants it. When a vote is cast one of the proxies would be randomly chosen to federate the vote instead.
Deleted by author
I don't know it's just a brain fart fantasy at the moment, haven't seriously looked into it. But afaik there is no voting ring detection in Lemmy.
It would still make it near impossible to audit voting behavior from any instance if such practices came into effect. A single instance using that mechanism in a malicious way could seriously manipulate votes and it would be very hard to tell it was happening.
User's votes anonymization through this system looks quite nice for me.
I have this brilliant original idea, scroll down, and here you & @A_A@lemmy.world are…
I was thinking an app like Voyager could help vote from a non-posting account. Maybe it’d need to route through a proxy to better obscure the connection between a posting and non-posting account. Seeing PieFed, suppose you could try that route instead but your idea might be more secure. Folks just have to trust you I suppose hehe. Maybe one could build greater trust with a Lemmy app (Voyager) than an instance (PieFed) if they proved the app kept stuff private locally, or am I wrong?
I like the idea - if the lemmy devs do implement public voting I'd definitely move over. Not only does it maintain the (current) state of voter visibility, but it also protects from the frequently cited admin and kbin/mbin exploits. Trusting one admin is far easier than trusting *every* admin.
I was actually having similar thoughts after reading the post (forking lemmy) but idk if I have the time to run an instance.
Please don't man, that makes matter even worst.
Literally what Ill do if this happens. One account that gets no notifications posts no content and votes, then another account where I comment.
Maybe make it possible for a server to only share aggregate votes on a given post?
Like a proxy vote, where only the server knows who it belonged too.
I actually like the idea of being able to see how many upvotes/downvotes came from specific instances much more than seeing the actual users. It would cover some of the positives mentioned in the github discussion:
-Could help fight bot and multiple-account voting (if we assume that people who make multiple accounts do it on the same instance) -Could help identify voting-patterns from specific servers (obviously)
And then if something looks suspicious, the admins can already see who voted, so they could check out whether some user is abusing the mechanics.
I find that this approach might be worth talking about, but making user votes visible to all seems very unnecessary.
Sure, but then you're trusting the server not to just lie about the totals.
I mean, that's already true and why the federation model is used in the first place. If another instance can't be trusted, you can disconnect your own from it (extremely easy if you self-host, if you are a standard member of a larger instance it might require convincing)
Also true.
My understanding is that admins already have access to see who votes. This feature is to make then visible to everyone.
I could go either way, but I don't think "other platforms have public voting" doesn't seem all that convincing. Who cares? I don't care who voted on what, and I doubt most others do either.
While there are workarounds, leaving it as is at least weeds out the majority of trolls who aren't technically inclined enough to go pull up A to see how B voted on C.
What will this accomplish other than facilitate brigading?
It will also strengthen the hive mind, exponentially.
I think part of the motive is to make brigading harder (show if users or bots are colluding to vote things up or down)
It is information provided to the instance runners, mods, and other fedeverse platforms such as mastodon. It inherently tracks such to know if a user has previously liked/up voted an entry.
So you may have a conversation on here, and some users will know who is downvoting, some will only know who's upcoming, and some will know none
Idk if I trust that some powermod won't send me to hell if I vote against something they strongly believe in, akwardtheturtle style
Deleted by author
Naw. Downvotes are invisible by default here on fedia, but we can see upvotes. Just gotta check the page for them.
I gotta say, I've known this for a while, and the lack of downvote transparency has always frustrated me in the moment, but looking back it's probably for the best. I would not have used it in a positive way.
Mods of communities can already see votes in communities they moderate. Admins of instances can already see votes on all content.
I moderate a few communities,
and I don't believe this is the case.Edit: It would appear that I am a little behind the times...
I think that's because your instance hasn't updated to Lemmy versions that add this yet.
Ah thanks, that would make sense.
Already happening
likes and votes should be anonymous and user names should only be displayed for comments.
Votes are public in the underlying protocol - mbin users and lemmy admins can see votes. They are not anonymous. This is only about whether votes should be displayed in Lemmy.
Yes I know, I said "should".
That would require a major change in the underlying protocol, and it could enable easy vote manipulation since there is no way for admins to watch out for malicious voting patterns.
they are already talking about major changes. welcome to the conversasion
This is not the conversation about the underlying protocol, which is ActivityPub. This discussion is merely within Lemmy. Lemmy does not have its own protocol, it uses the ActivityPub protocol. ActivityPub has no support currently for private votes. Lemmy's GitHub repository is not the place to suggest ActivityPub changes.
I don't want votes to be public, but they already are, so.
Someone can easily host a website to leak this information and people should know, instead of believing they are private
Anyone with a kbin account see them by default, no need to create a special website for it
You don't even need an account to see upvotes. Just look it up on an mbin instance
Fedia displays details on up votes but not down. Which is slightly a shame because I'm mildly curious if the single down vote I get on ~70% of my comments is from like one guy I pissed off at some point. At the same time I don't care enough to work around the system, so maybe it works?
"easily" lol. It's orders of magnitude more difficult than just pressing a button on someone's account page. If people really want to jump through those hoops to see them then that's fine. If that becomes a common occurrence then we should look into making votes more private or more public (so at least those site owners couldn't lie about your votes). But now? I think it's fine.
Have you SEEN the drama that happens in this place? I feel like this is just asking for weird nobodies to harass anyone who quietly disagrees with them.
If this passes then I'm outta here.
Please be aware that votes are effectively already public, just not shown in the Lemmy UI.
I was unaware of that. I thought it was only accessible to instance admins, and I think that's how it should be.
In Lemmy, only admins and mods can see votes. But most other ActivityPub implementations show votes freely and there's nothing in the protocol that makes votes private. Votes are inherently public - they are only hidden behind a curtain that is very easy to get around in Lemmy.
I mean, this starts to get moot if no one is aware doesn't it. You might dismiss the design as merely artificial obscurity, but if no one is pulling up the data, then the obscurity is working. The "curtain" you cite isn't trivial for the vast majority of users, which is what this is all about. Starting an instance and extracting the desirable data is a pretty tall hurdle where just the effort alone is prohibitive and enough to give someone a chance to calm down.
You don't need to start a whole instance to find votes, you just need a user on any of the services that show votes publicly.
Also, if someone is getting angry about downvotes in a bad way, moderators should just step in. People should learn that votes is just part of the system and accept them.
I forgot other fediverse platforms interact with this place. So upvotes translate to likes on mastodon and other platforms? I still feel like this should be anonymized, but I also get how that could be exploited since likes aren't auditable in that case.
Yes, upvotes are in fact just a Like object in ActivityPub and downvotes is a Dislike object. This translates to various other concepts in other ActvityPub apps, depending on what they choose to call it or how they handle them.
There is no mechanism for doing this in ActivityPub at the moment. Also, you may not want that because it would then also be hidden from admins and mods, who would then be powerless to discover vote manipulation or downvote brigading and other nasty behavior. Having the votes be transparent is probably better as it allows people to discover this kind of behavior much more easily.
Why would this encourage harrassment? It would just expose harrassment.
There are bots that exist solely to downvote specific users and instances. If you and JacobRimJob downvote each other every time you see each other and eventually argue about it until it devolves into passionate lovemaking, tbats not what harrassment is.
It would also expose upvote bots promoting propoganda.
It would encourage harassment the same way comment history does: someone goes looking for it, sees it, and attacks the person over it.
If I say some shit you disagree with then feel free to engage with me. I'm literally here for discussions. What are you here for?
You should not be ashamed of your vote history.
I agree, people shouldn't be ashamed of their vote history unless they are trying to harass a person or community with a pattern of downvotes.
I still don't want to be harassed for my voting though, nor will I be pressured into defending my votes if a user brings it up.
I want to apologize for my needless aggression earlier. I spent the morning arguing with CCP propogandists and its got me seeing red. (see what I did there?)
They can come at me, I downvote every single hexbear post in the feed regardless of content.
Or just block them.
Yeah, blocked users cannot see or vote on your content.
Are you sure? I thought blocking a user just prevents you from seeing their responses.
I am not 100% but I am like 98.9%
While I don't necessarily think that votes should be made public, it would be nice if you could see your own votes. There have been a few times I wanted to find a post that I had seen, but didn't save, and I couldn't find it.
If you are on Android, Voyager shows what posts you upvoted and downvoted in the profile page.
I agree, would be nice if this was standard in web version.
What's the benefit?
Like, what's the actual user experience gain from seeing someone else's votes? Is it just so the average joe can profile users, like for identifying bots or whatever? That's not rhetorical, I'm genuinely curious, as I don't see what I'd gain from this as a Lemmy user.
Bit as I see it, I really have no desire to do this. Maybe if I was a a pseudo mod on a spammy community I guess? But comments are already a decent indicator.
Yeah, I'll be honest, never have I took a look at somebody's likes on Twitter or Mastodon.
Sir Elon Epstein Musk already removed the ability to see likes... I wonder what his motive was.... 🫤
My answer is yes to the original question. I speak with my votes, my comments, and my engagements. If I wanted to be separated in anyway from this I would just use an alt. Hell though, I even gave up on having a porn alt on twitter and I just own it if I like something. 🤷♂️
He removed the ability to see likes made by some profile on the profile page itself.
Gathered some thoughts here
Potential positives:
Potential downsides:
People will report voting activity that they don't like, even if it's not malicious.
It's another option for abuse, similar to bringing up past comment history
Both could be dealt with but it would make moderation somewhat harder
Likely bad:
Bad
either way id still shit out my ass
There... There aren't a lot of things that would change that...
Boosting a Lemmy post in Mastodon shows up as an upvote in Lemmy. So the two concepts seem to be coupled in the activitypub substructure. I don't see how upvotes would be secret then, as I don't think it's possible to boost something privately on Mastodon.
You are exactly right - the underlying protocol (ActivityPub) has no concept of private votes. Making them private would only hide them in Lemmy's UI, but still make them accessible to other users using other apps.
Looks like PieFed is experimenting with a potential workaround.
Lemmy is already a privacy nightmare, in some way. There was a comment showing the screengrab of those peiple who upvoted and downvoted a post. Basically, if you self-host an instance, you'll have access to these. This can easily be weaponized by certain organizations that want to create profiling of lemmy users, e.g NSA and Intelligence agencies.
Lemmy was never designed to be private in that way, nor was ActivityPub. You should expect the things you post publicly on the Internet to be *public*.
I expect that for posts but not for votes. Inherently, we don't want our votes to be public - that kind of defeat the purpose.
I'd be curious to know where that expectation is coming from. On average I'd expect a majority of folks have that expectation carried over from Reddit. Another poster somewhere mentioned that there are several other social media platforms that don't have private voting, and I wonder if the expectations would be different from people who came from those.
Personally I think the transparency on votes here has been refreshing and am sad to see platforms pushing to make it private. But then, I grew up in a time before Facebook, when it was understood that you used a pseudonym, not your real identity, and needed to be careful about what you chose to share on the Internet. If you had concerns about being judged for a specific opinion or a hobby or whatever, you could just make a separate account for those topics. Kind of like how some folks only keep a Reddit account around these days for porn.
Public voting is much more of an political and self-conscious act. There is a reason voting in democracies is private.
And there is also a difference if I have to deploy special measures to see who votes how, or if it is made very easy to see and use. Ultimately there should be some kind of crypto algorithm that hides how a user voted from activitypub.
I have to disagree. It should not be a consequential or self-conscious act if you aren't using your real identity. (If you *are*, the expectation that you should be very careful with how you participate remains unchanged. This isn't LinkedIn and it shouldn't be trying to be.)
Commenters on the GitHub issue have put it better than I can:
Different tool, different purpose.
If you're afraid of triple letter agencies you probably shouldn't engage in social media at all.
The privacy concerns are about coercion from the user base. The bar to spin up a private instance to get to the voting data is far too high for 99% of the users.
No, as it would create a lot of excuses for targeted harrassment and just increase toxicity
Excuses are only that, especially if your instance has already implemented robust server rules against harassment.
I think the real sign of toxicity is weighting (perceived) anonymity over accountability for your actions on any platform. I'll vote for transparency any day.
Accountability, really? Okay, what's your full legal name and address? If you're totally fine with your idea of accountability, why not tell us all?
Nice cherrypicking. Don't get a bellyache from that fine harvest.
Edit for context: as I wrote elsewhere, "Anybody using the fediverse is ensured pseudonymity already, the privacy issue should be whether your account(s) can be linked to your real life identity against your will."
I'm perfectly happy with being accountable for what I say and do *within our pseudonymous community* here. Our bad faith friend above doesn't get to pull his infantile whataboutism, sorries.
Nice dodging. Here's hoping you get doxxed someday, I think that would be hilarious.
the vote history of your lemmy account is visible
vs
your real name and address are exposed
how the fuck are these things similar
The larger question is when will votes be private?
There are reasons democracies vote in a concealed ballot box
Enable admin access to which server it originated but more and you’re just hurting more than helping.
I saw some other's commenting about "private ballot boxes" but I think that's a false equivalency. You Vote in a democracy on policy and representation, not discourse. You're basically saying your upvote/downvote is being used to police conversation and who you think best represents you.
It has similarities though, as pointed out in orher comments. For one, a user might be more careful with downvotes if they are afraid of negative consequences e.g. harassment. With piblic votes, there would therefore be a bias towards upvotes and and people abstaining from downvotes, i.e. less interaction in total.
Downvotes serve a purpose today, letting us quickly scan which comments are controversial or even harmful to the conversation. I, for one, usually sort most threads by votes and then skip the comments with many downvotes but for controversial topics, I instead seek out the comments that have both many upvotes and downvotes.
These would be harder to find given the above bias.
I agree it would lead to less interaction, but the interaction lost would only be downvotes being used *as* a disagree button. No one is going to get harassed for downvoting a bot posting an ad or someone just completely off-topic, that which the downvote is suppose to be used for. In your scenario you point out that the comments you seek out have so many upvotes-downvotes because it's controversial, not that it doesn't add to the discussion.
One of the things I liked back in Kbin was being able to see who upvoted. Some people were lurkers who didn't comment, but it was still nice to always see them take an interest in the material. Felt more like they were a regular in the community.
I thought they were already???
Like how/why wouldn’t they be public? Even if the data isn’t readily accessible via a gui it’s gotta be somewhere so that federation works. Unless you’ve been thirsty in your main it shouldn’t be a problem?
Am I missing something?
You are not missing anything. They just aren't shown in the Lemmy UI
which aren't? btw, this post has 7, now 8.
I'm seeing lots of comments here saying that server admins can already see vote data, and therefore it is not private.
But from my point of view, having a handful of people able to extract voting data using their position of trust on the lemmy network is very different from broadcasting voting data to everyone on lemmy. And although you can argue that it is possible to create a new server and federate and blah-blah-blah to view votes; that argument sounds to me like "don't bother locking your front door, because that type of lock can be defeated by a lock-picking tools."
And even aside from all that discussion about who can access what; there is another key point that I think is overlooked: Making voter information public makes it 'normal' thing to monitor and discuss. Currently there is an expectation that people *won't* look at or discuss that information (even if they hypothetically could get access). But by making it public, the expectation then is that everyone *will* look at that information. That would create a change in tone and meaning of votes and discussion around votes.
Being a lemmy admin is not a "position of trust" - anyone can fire up a single-person instance for themselves and be a lemmy admin. You can also just view a post on mbin to see votes.
Not only admins can see the votes, but anyone on Fediverse (except regular Lemmy users) can see them.
Security through obscurity is prone to failure when it is used by itself. If people want their votes to actually be private then another method of securing their privacy should be created.
We aren't talking about security though. We're talking about what information should be presented on lemmy.
Let me put it this way: have you personally ever tried to see who upvoted or downvoted a particular lemmy post? And if you did, did you talk about what you saw?
My point is that currently basically no one sees the data. The expectation is that no one is looking. And it is not socially acceptable to discuss who is voting for what. But if the votes were changed to public then everyone would see it, the expectation would be that it is common knowledge, and so obviously it will be discussed. Is that what we want on lemmy?
I sure don't, let the mods see it for their communities but not for everyone
Your first comment expands on both privacy and security. There is no privacy without some type of security.
Now to answer your questions: Yes and yes. Users from c/all were downvoting posts from a small community I'm a part of because they don't agree with. I couldn't see the posts from small communities that are important to me because of that. Now we have the possibility to sort by "scaled", which fixes that. Sometimes there are discussions that are very relevant as to who is voting for what. But that discussion has nothing to do with privacy, which was your first point and went unacknowledged on your second comment.
But this isn't *security!* No one is claiming that not making vote history visible through the UI is a means to keep things *secure!*
I was really confused seeing this post, because I always assumed that Lemmy votes were public. Because how else are instances going to sync them? And indeed, the API exposes them completely, this change will just make it easier.
Then I was really confused when I saw so many comments being against it. A lot of "I'll leave if votes become public" in here. That's a lot of people who somehow assumed Lemmy was private. Aren't we all supposed to be Linux nerds in here?
No! :) The most Linux I use is a Steam Deck.
I feel votes should be visible to admins but otherwise anonymized and private, or else I fear vote-harassment could become a forever-problem on Lemmy. As a woman who has been harassed on Twitter and Reddit in the past, I strongly urge the Lemmy community to embrace privacy on this issue. If there's any way to make votes more private between users, we should do it.
If we don't and users get harassed, they might leave. Lemmy needs more women. And you all are great but Lemmy also needs people who aren't Linux nerds! Lemmy needs diversity.
I very much agree with your diversity sentiment, but this part is just not possible right now. The underlying protocol (ActivityPub) just has no mechanism for private votes.
Yeah. I guess we shouldn't expect that to change any time soon?
If that's the case, maybe public votes is the best way to go.
As far as I know, there are no plans or proposals for private votes at the moment and most implementations don't seem to mind that votes are public. So no, I don't think ActivityPub will have any support for private votes in the foresseable future.
Kinda same. I also have an Ubuntu homelab server, but I feel like I use my Steam Deck more often than I spend an occasional 3-day all-nighter to get something working on the server over SSH.
But my joke premise was obviously flawed anyway. We are supposed to be, but we clearly aren't.
And to address your point regarding votes being viewable only by admins, it's sort of pointless cause anybody can become an admin, just make your own instance. This just makes your statement to be "let only the more technically advanced people see the votes", which just makes it unfair.
True, anybody can become an admin, but most people won't. I think that a slight barrier to viewing vote identities is a good thing, and reducing that barrier to zero would result in more harrasment and unproductive discussion.
I still think it's just unfair. You can lookup votes and harass people only IF you know enough about computers. Anybody persistent enough to harass other people will put a little bit of work into being able to look up votes.
In addition, as we can see, this "semi-privacy" confuses a lot of people. Better that all users KNOW that their votes are visible, instead of them thinking they are private.
After the meltdown that occurred when Reddit ultra monetize their API Lemmy acquired a lot more casual users. Especially when makers of Reddit apps switched over to making Lemmy apps instead.
I was one of those people. But statistically, even the people who migrated from Reddit to here are not "normies". My "normie" friends (which is all of them 🥲) just kept on using Reddit and didn't notice anything. They weren't even using 3rd party apps.
Blows my mind that people just deal with ads.
What truly blows my mind is the amount of requests the 1st party Reddit app sends home. Back when I was using Sync I still had the app installed, but then I set up AdguardHome and saw that my phone was spamming requests. Checked the logs and found out that the 1st party app, which I wasn't even using for months, was "phoning home" literally every 10 seconds! Besides privacy concerns, that can't be good for battery life. Nuked the app then and there. I'll take the nagging, thank you.
My point is just that Lemmy is no longer made up of just Linux nerds. Over the course of the last couple of years the user base has diversified quite a bit.
So the API does disclose who upvotes and downvotes, however since the major front ends themselves don't show to everyday users, it's walled off to finding a frontend that is able to view them and to mod/admins of the instance.
Currently it takes someone to be somewhat savvy to be able to do that, this proposal is making everything public period, which would remove that wall
Yes. And I think better make it obvious that votes aren't private, instead of people wrongly assuming that they are.
VOTES ARE ALREADY PUBLIC.
If you are using Lemmy because you want privacy, you've already missed the boat, everything is wide assed open for datamining and advertising fingerprinting.
I'd hoped for an open system with open APIs and open implementations that allow everyone equal access to the system and bring equal accountability.
If people just want Reddit style fiefdoms with no real public accountability possible, then make a blackjack and hookers fork.
I'm really not interested in a system that bakes in more authoritarian secrecy and control, which could very well be an unexpected outcome of backlash to how this has been presented.
The source code for Lemmy is free for all to view and modify, there will be no authoritarianism... And if it were to happen all of Lemmy administrators would either refuse the upgrade and stay retrograde, or quickly fork. The devs don't really have total control of thousands of servers to have free reign to do stuff like reddit corp does.
I'm all for vote privacy in the UI. There are just too many downsides to public votes, and not as much weight to the positives in my opinion. People should not be afraid of backlash from down voting if a post does not contribute, it'll only create echo chambers/ unchallenged groupthink.
Absolutely not.
This will like lots of other people say start witch hunts and people will absolutely develop bots and websites which scrape all that information and classify all users based on that. Like those Reddit sites where you can search for a user and see where they are active and all that. But this will be worse.
This data is already public. You can just create a kbin account and see who's voting. Anyone wanting to scrape it already can, the only difference proposed is the Lemmy client showing it.
It should then be unpublicised.
This is not possible with how the underlying protocol (ActivityPub) works. It has no mechanism for private votes.
Deleted by author
You're misunderstanding what the developers are asking here.
Votes are public in the underlying protocol. There is nothing Lemmy can do against that. Lemmy currently doesn't show the votes, despite the fact that they are public. However, other ActivityPub implementations, for instance Mbin, do show the votes. So the votes are only slightly more complicated to get but not really private at all.
With that in mind, the devs are asking: Should the votes continue to only be shown to mods and admins or should everyone see them? Considering the fact that all users on other implementations see votes anyway. They are not asking your opinion because they want to implement changes to make votes more private than they are right now - that is not up to Lemmy to decide. That would require a change in ActivityPub, which would be a lot more complicated and it's not certain that it would ever happen.
Nah. Votes are already visible to people using other applications than Lemmy, so let people use those if they want to see how people voted. It's fine as-is.
They are? Where? I mod a Community and I've never seen anything that isn't explicitly for Admins that can see them.
I'm not sure which ones, I only use Lemmy.
If they are shown to mods and admins then all the positives from the list are already included no?
What do users have to do with detecting „patterns” and bad accounts?
Witch hunting mostly. Big 'we caught the Boston Bomber reddit' moment.
Already had one person today mention my down votes .
It didn't validate their argument at all and without context it can be interpreted in any fashion to make it seem malicious