Update: Thanks mateys for participating! Our instance was really split down the middle on this vote - 49% in favour, 51% against.
After reading all the comments, it honestly seems unlikely to me that private voting will ever be a viable option for Lemmy in any meaningful way, because voting data gets federated out all across the fediverse, so I think on balance the best way forward is just to accept that reality and work under the assumption all votes are public. At least then nobody is lulled into a false sense of security.
Having said that there’s an argument to be made for both sides and I don’t think there’s a “right” answer necessarily. Its more down to personal preference about whether you want/expect private (to the users) voting, or you want to embrace public voting. But until Lemmy can guarantee the privacy of user votes then simply pretending they are private seems like the worst of both worlds.
We might revisit the topic of public/private voting again down the road if Lemmy’s developers provide privacy enhancements in that area though.
Cheers, Unruffled.
Hi again mateys!
As most of you are probably aware, since the development of Lemvotes Lemmy votes are no longer private for users.
The way lemvotes works right now afaik, is it uses an admin level account to collect voting data from all federated instances, thus enabling the identification of every voter. This method effectively bypasses the guardrails the developers put in place to keep this info more restricted.
However, the developer of lemvotes has recently developed an “opt out” for instances that don’t want their user data collected in this way. So now we have a choice of whether or not to continue. For total transparency, I asked the developer to create an opt out because I wanted to give our users the option to choose that path without defederating from the lemvotes instance.
I think there are (at least) two schools of thought on this topic, which I will attempt to succinctly summarize below:
-
Votes should be kept private to users as they were only ever meant to be viewable by instance admins. Making votes public to everyone via lemvotes, when users have a reasonable expectation of privacy when it comes to voting, is a betrayal of user trust. It also leads to arguments and a lot of unnecessary drama, caused by users trawling though each others’ vote histories.
-
It’s good that voting is transparent and that users have the same tools available as admins to conduct their own investigations into other users. This creates a level playing field and helps hold everyone accountable for their voting patterns.
So now you have some of the context, I’d like to ask our community what are your thoughts on lemvotes… is it a social good or a bad idea?
Personally, I quite like it from an admin perspective - it’s a handy tool, and a pretty cool project. But I also have an expectation (mainly from other forms of social media) that users’ votes should be kept private from other users, so I still think it’s problematic from that perspective.
Proposal: To opt out of lemvotes, so that our users’ voting data is kept (at least somewhat) private.
- To vote FOR the proposal to succeed, upvote the post.
- To vote AGAINST the proposal, downvote the post.
This will be a simple majority vote. Similar to the last governance topic, I have no clue what the instance sentiment is towards lemvotes, so let’s find out! Feel free to add your comments below.
Acknowledged governance topic opened by https://lemmy.dbzer0.com/u/flatworm7591
This is a simple majority vote. The current tally is as follows:
- For:
- Against:
- Outsider sentiment: Sympathetic
- Total: +2
- Percentage: 100.00%
This vote will complete in 6 days
Reminder that this is a pilot process and results of voting are not set in stone.
Waat the hek du thees emoji signifie? (si, soy Nederlandishe)
It’s the instance’s voting system that classifies users according to their description upon registration and/or their donation to the instance, see this thread: https://lemmy.dbzer0.com/post/35557475 (it’s linked in the sidebar)
- For:
I use it for moderation, so having less data will severely hamper my ability to work.
Not having enough surveillance seems adversarial to db0 values, or maybe I’ve misunderstood the community.
How would you fix ActivityPub for db0 then? Seems like we need to start talking about that more than whether people can spin up their own instances
seems adversarial to [dbzer0] values
this is an anarchist/GLOSS/pirate instance; freedom of information is tied closely with anarchism and the hacker ethic.
for me: it’s less about whether this type of information should exist (it shouldn’t) and more that i reject privileged information conceptually. i don’t think this type of information should just be available to admins and people with the technical resources and expertise.
i would prefer (in my uneducated opinion) that this information only be visible to the user (on their own posts), community moderators (in their own communities) and admins (on the voter’s home instance), and anonymised elsewhere (for example, only showing a source instance).
but since that is not how it works, then i would rather have access to the same level of information that anyone else has over me. i also feel more in control of my own data when i have access to my own voting history. thus, i think that’s why there’s a sentiment that there is a different approach to this problem, and it won’t end with just blocking one tool.
i would prefer (in my uneducated opinion) that this information only be visible to the user (on their own posts), community moderators (in their own communities) and admins (on the voter’s home instance), and anonymised elsewhere (for example, only showing a source instance).
That would also be my preference. It’s a shame we can’t have that in Lemmy without that info leaking out all over the place.
but since that is not how it works, then i would rather have access to the same level of information that anyone else has over me. i also feel more in control of my own data when i have access to my own voting history. thus, i think that’s why there’s a sentiment that there is a different approach to this problem, and it won’t end with just blocking one tool.
Good points, and I agree with your conclusion.
This is something I have never understood. How would you use this for moderation? I’m a moderator of the biggest community on this instance, c/piracy, and not once have I needed to look at people’s voting behavior. What do you assess by looking at their votes? Which benefit does it provide for your moderation work? I find it quite weird that this feature exists in the first place. It just leads to mods behaving completely erratically, leading to cases like this https://lemmy.dbzer0.com/post/50067209
Removed by mod
Without a searchable list of votes, I’d have to check posts individually for activity. That would slow me down a lot.
Removed by mod
In favor: activity pub shouldn’t have votes from my perspective.
Against.
User votes have never been private as it seems. Lemvotes only made this loophole mainstream. This has to be fixed by lemmy devs, an opt out would give a false sense of security and leave the other lemvotes type tools that are not known yet untouched.
It’s not even a loophole, this is how ActivityPub is designed
ITT people not understanding that their votes are basically public no matter what. This tool might as well be one of a thousand and we’re just playing wack-a-mole. Kind of a waste of time to bother with it, instead lemmy should get better.
I wonder how many people will up vote the post without reading it just because it’s what your supposed to do for discussions you want promoted. Some people might say, oh a public announcement for the instance, up vote and move on.
Judging by the previous vote in c/governance, not very many imo. I think most of our users who take the time to vote have already formed an opinion one way or the other, and judging by the quality of the comments, they are informed about the topic. It’s also nice to see some undecided folks reading the comments and being swayed one way or the other.
I’m trying to stay out of the debate and act as a (fairly) neutral arbiter so as not to influence the outcome. But it seems so far that around 2/3 of our users prefer votes to be kept (somewhat) private. The other 1/3 prefer public votes, for a variety of reasons.
As someone else mentioned in the comments, a lot of us came over from Reddit, so that might partially explain why the sentiment is skewed towards private voting - it’s simply what most folks are used to. But I can also see an argument can be made for transparent public voting, as a means of keeping everyone honest and accountable to each other. I haven’t completely decided which way to vote yet.
voting for. i understand the info is available either way, but im in favor of raising the hurdle for this data to be collected.
FOR
Yes the data is available to anyone, but at least it involves some technical prowess.
The amount of times i have seen people discuss some users votes and what they interpret into it is just weird. let them at least dig for the stuff a little bit.
from a privacy standpoint it would be great, if the data could even be hidden from admins. while still allowing to do some verification (like in these governance threads). but that is a problem for the lemmy devs.
Votes are public on kbin and mbin too. Without even logging in.
Regarding hiding votes from admins, that’s impossible without crippling moderation tools and allowing vote spam to happen freely, because admins would not be able to investigate. And that’s just not how ActivityPub works. Votes are public.
i don’t know activity pub well enough to say what is possible to do on it. i was just saying what would be cool, to avoid tyrading users, based on what sometimes seems to be one or two votes.
IMO vote spam is just buildt into lemmy. spinning up your own instance and pretty much nuke any post, user, community, … you want is not that hard. i thought of writing my on POC for a 1 click script like that - but did not end up doing so, as i was too lazy.
i guess that is my main motivation behind being against easily accessibly insight into votes: most ppl are too lazy to do it themselves. it is good to know anyone can access it. but they have to put a little effort into that.
you and i will probably not agree on that, but that is fine.
Hi, Lemvotes dev here. As you can imagine, I believe votes on the Fediverse should be public, because that’s just how ActivityPub works. Votes are sent out to every subscribed instance, which can then do whatever it wants with them.
We need to stop pretending votes on Lemmy are private, they’re not. By letting anyone view votes (well, they can do that without Lemvotes by setting up their own instance, Lemvotes just lowers the entry barrier), users can see, for example, who’s serially downvoting their posts or a community’s posts.
Also, I don’t think votes being public ruins Lemmy. They’re public on bluesky and (virtually) no one is complaining. Additionally, platforms like kbin and mbin, which are part of the Fediverse, already make votes public. So even without Lemvotes, people can view the votes on posts. Lemvotes just makes it a bit more convenient.
The way lemvotes works right now afaik, is it uses an admin level account to collect voting data from all federated instances, thus enabling the identification of every voter. This method effectively bypasses the guardrails the developers put in place to keep this info more restricted.
Just a technical nitpick, this is inaccurate. Lemvotes queries the Lemmy database directly, so instance admins can plug it into the db and Lemvotes is running. I was considering making Lemvotes its own Fediverse actor, so that (1) setting up an instance of Lemvotes would be easier, and (2) opting out would be simpler by simply defederating lemvotes.org (or wherever the instance is running), but after working on it for a bit (the results of my work are on this git branch), I realized I don’t know enough about ActivityPub, and that I don’t care enough about Lemvotes or Lemmy to spend my time on this, as I have other projects to work on. In case anyone wants to develop that themselves, they’re free to do so! Lemvotes is open source.
Thanks for adding your voice here Lena, and for clarifying the technical details.
Also, I don’t think votes being public ruins Lemmy. They’re public on bluesky and (virtually) no one is complaining. Additionally, platforms like kbin and mbin, which are part of the Fediverse, already make votes public. So even without Lemvotes, people can view the votes on posts. Lemvotes just makes it a bit more convenient.
Having read through all the comments (thanks everyone), I’m voting against the proposal. But of course we will respect the voting outcome, whichever way it lands.
what we need to do is to stop federating the data. not make it more accessible.
I’m not exactly sure what you want here.
-
If you’d like votes to not be federated at all, that would mean instances would only have the local count of votes (i.e. only votes cast by users from that instance), which brings little benefit, and would make small instances unusable.
-
If you’d like only vote counts to be federated, but not who cast the votes, that would allow people to make accounts spamming votes, with admins from other instances being unable to figure out where the spurious votes are coming from. As in the previous example, it would bring little benefit (votes would be private, sure), but it would cripple moderation tools and make post and comment ranking untrustworthy because of potential (virtually) undetectable bots.
you dont need to federate vote specifics for moderation. that can all be handled locally. as such only federating counts is sufficient.
-
what is this supposed to be
A drunken sailor? I think anyways
Why did it decide to reply to me lol
It replies to all top-level comments
Removed by mod
Thanks for this insight, it swayed me to vote against the proposal. If votes are already semi-public through federation I’d rather it’s transparently public than giving the illusion of privacy.
I think this is a great write up and shows why it doesn’t make sense to opt out, votes on the fediverse like anything else shared over activitypub are public, an opt out doesn’t change that.
Personally I think that a service like Lemvotes should fight against this as much as possible, some people have and admins have made slanderous and outright evil accusations towards them as a result but it ultimately doesn’t matter. This place is open and public, all activitypub data is shared publicly. If someone running a server doesn’t like that, they should move to whitelist mode or turn federation off entirely.
Providing server admins with easy opt-out while still remaining public hurts the viability of a server like that and encourages decisions based on a false sense of privacy.
I dislike the comments I sometimes see which threaten people downvoting certain things and imply that the only possible reason anyone would downvote is because they are <pejorative identity here> and that they will be stalked and shunned for doing so. I see these kinds of comments in situations where something probably got downvoted because the person was being an asshole or an idiot rather than because downvoters are on the opposite side of their ideology. So it’s like they want to prevent criticism through chilling effects and bullying. I get that it’s tough to see that people don’t like what you have to say, and that sometimes this is not useful information, but that’s what options to hide vote scores are good for, just cut yourself off from this information if you can’t engage with it in a healthy way or acknowledge that you might not understand the unstated thoughts of the people clicking up or down.
Even if it is not ultimately concealable information, I think this kind of measure is good because it at least sends a message that toxic vote stalking is disapproved of.
voting for
I’d imagine the average .world brigarder will not spin up their own instance to harass people because of their voting patterns, so naturally I’m voting “aye” and for opting out of any such tools when they will eventually pop up
How does one opt out? I don’t see a mechanism on the lemvotes site for it?
Alternatively, what is the instance URL?
Just get in touch with the developer, Lena. Seems they just need to set an environment variable for you in lemvotes.
Thank you 😊
I’m for the opt-out. I am aware of the fact that anyone who has looked into the subject knows that it’s easy to get that info, but there’s a difference between “I need to actually put a small amount of effort into it” vs. “I just copy the URL”. If someone wants to look it up and jumps through the hoops, that’s fine by me, but it shouldn’t be an everyday thing. i personally vote on nearly every post and comment i read, and even tho i don’t want to push any agenda or discriminate any user, someone who i perceive as a bad actor or who regularly comments stuff that screams “i need to touch grass” might construe (wrongly) that i target them.
Against.
As it turns out, upvotes are public regardless! As that’s the case, I really just don’t care either way.
As others have said, it seems that comments and votes on Lemmy are public by default, and the issue of anonymization should be directed towards redesigning how Lemmy and even ActivityPub shares information.
That being said, we on db0 have less control over those softwares because they underpin our instance here on Lemmy. For what we do have control over, I’d expect this instance to preserve the privacy of its users as much as possible.
I also agree with others that opting out of Lemvotes means one more deterrent for bad actors to abuse the system. We don’t want to make it easier for people to spy on and stalk others, even if this opting out doesn’t fix the root cause.
I vote Aye for now, only so far as we continue this conversation to address privacy overall in the Fediverse.
