this post was submitted on 19 Aug 2024
693 points (97.5% liked)

Fediverse

28248 readers
869 users here now

A community to talk about the Fediverse and all it's related services using ActivityPub (Mastodon, Lemmy, KBin, etc).

If you wanted to get help with moderating your own community then head over to [email protected]!

Rules

Learn more at these websites: Join The Fediverse Wiki, Fediverse.info, Wikipedia Page, The Federation Info (Stats), FediDB (Stats), Sub Rehab (Reddit Migration), Search Lemmy

founded 1 year ago
MODERATORS
 

Currently, almost anyone in the Fediverse can see Lemmys votes. Lemmy admins can see votes, as well as mods. Only regular Lemmy users can't. Should the Lemmy devs create a way to make the votes anonymous?

There is a discussion going on right now considering "making the Lemmy votes public" but I think that premisse is just wrong. The votes are public already, they're just hidden from Lemmy users. Anyone from a kbin/mbin/fedia instance can check out the votes if they are so inclined.

The users right now may fall into a false sense of privacy when voting because the votes are hidden from Lemmy users. If you want to vote something and not show up on the vote list, please create another account to support that type of content and don't tell anyone.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 120 points 2 months ago (8 children)

Wait a minute, so any admin can see which posts do I upvote/downvote?

[–] [email protected] 8 points 2 months ago

Yep and they ban people as they see fit, across different communities, based on votes anywhere

[–] [email protected] 6 points 2 months ago

yes, and any instance owner on any federated instance. Oh, and anyone on Kbin.

[–] [email protected] 22 points 2 months ago (1 children)

For what it's worth, admins/employees on Reddit (or any other website) can also see upvote records.

[–] [email protected] 9 points 2 months ago

this is different, oc is talking about "any admin". Anyone can make a lemmy server and become a server admin from which they might be able to see the voters

[–] oleorun 174 points 2 months ago (2 children)

I'm an instance owner and mod. I'll describe what we see.

Like anyone else, I can check a post or comment and see the upvote and downvote counts. If I click on a specific menu item by a post or comment I can also see who voted which way.

I check it often and to date have only banned two users, out of thousands, who were consistently downvoting posts. These bot accounts were literally voting within seconds of the post going federated.

It's a useful feature on my end and I think others should be able to see it.

[–] [email protected] 1 points 2 months ago

I agree! I believe seeing who upvoted or downvoted a post aids in identifying rabid downvoters and bots. However, I personally use mobile Lemmy apps and am unable to access that data.

[–] [email protected] 23 points 2 months ago (5 children)

Thamk you for the insight, instance administrator views are valuable and unique.

At the risk of sounding like I'm presenting a bad faith argument, why ban them? I don't like the whole "free market" analogy but surely it's one of the liberating features of federated servers, being able to to largely express your votes or content as you see fit within the legal framework of the host nation. Wouldn't the odd one or two mass downvoters/upvoters/theyvoters ultimately be a statistical abberation or is the fediverse still small enough for this sort of shit to carry weight?

Open criticism of my view welcome, as always!

[–] [email protected] 1 points 2 months ago

Lemmy downvotes really have no consequences though, besides user ego.

[–] [email protected] 4 points 2 months ago

why ban them?

They were describing someone who downvoted everything seconds within the post arriving.

[–] [email protected] 17 points 2 months ago (1 children)

Admin of a small instance, I have banned 2 accounts for another instance that were downvoting almost all content in a threads without any other interaction. They were being disruptive to the flow at the time, much like @[email protected] describes.

[–] [email protected] 5 points 2 months ago (1 children)

Oh man, this is awesome - it's wonderful hearing from the practitioners of the art!

I'm just trying to figure out what driver establishing the tipping point for breaking or the ban hammer - is there any empirical data to drive these decisions, or is the fediverse user base small enough that you act on "feel" or "professional instinct"?

Managing emerging technologies fascinates me so any input - including the germs you've already volunteered - is very much appreciated 👍

[–] [email protected] 8 points 2 months ago

For me and my (very - it may be down to just me logging in, but a couple of the communities have a few people that read/vote) small instance it comes down to feel ("Don't be a dick"). Dave, the admin of lemmy.nz (about 80 users per week) has the same in their side board as their "Rule". Dave and I set up our *nz instances in the same week and we chat often. He might not be quire as quick with the ban hammer as I might be though.

When you are this small even a small outside problem can have huge effects on your instance

[–] [email protected] 28 points 2 months ago (1 children)

If votes are anonymous and federated, it's very easy for me to add or subtract 900 votes from whatever I want.

You should consider anything you do on social media to be public. Even if Facebook tries to claim that it's not.

[–] [email protected] 6 points 2 months ago

Oh I like a pessimistic view - partly because it makes a discussion spicier, but also because it's important for a user to understand the power that an instance owner wields!

[–] [email protected] 60 points 2 months ago (1 children)

They're purposely disruptive to the community, they are not part of the community.

[–] [email protected] 4 points 2 months ago (2 children)

That's a strong viewpoint and I appreciate where you're coming from, but how many votedicks does it take to derail a post? I appreciate the fediverse is reasonably small in comparison to othe headline social media sites, but does banning one or two bots or people do enough to save posts from getting bombed?

[–] [email protected] 9 points 2 months ago

with *nz content on my instance, very few

[–] [email protected] 41 points 2 months ago

If it’s early? One.

[–] [email protected] 36 points 2 months ago

Furthermore, anyone can spin up a Lemmy server if they want to see people’s votes. It’s not very hard or load the same post in kbin/mbin.

[–] [email protected] 6 points 2 months ago (1 children)

Yes, by looking in the DB or the data that's federated as it comes through

[–] [email protected] 14 points 2 months ago

There's now a UI feature that allows admins to see votes without needing to manually query the database

[–] [email protected] 17 points 2 months ago (1 children)

Yep. On kbin I think any user can too.

[–] [email protected] 4 points 2 months ago (1 children)

On mbin users can only see who upvoted a post. An admin can of course still go into the db and look there, but for users and mods there is no way to see who downvoted a post

[–] [email protected] 2 points 2 months ago* (last edited 2 months ago) (1 children)

There is a "Reduces" tab on mbin, which shows downvotes

[–] [email protected] 2 points 2 months ago (1 children)
[–] [email protected] 3 points 2 months ago (1 children)

Then maybe it is still around on some instances?
Either way, it is only a matter of time for another fediverse software to show downvotes, or someone to spin up a vote info page which gets its information via undisclosed legitimate fediverse instances so you cannot defederate them.

[–] [email protected] 3 points 2 months ago (1 children)

I was actually the one removing it. I implemented the support for incoming downvotes and because I and others had concerns to keep showing remote users downvotes publicly we / I removed it.

[–] [email protected] 2 points 2 months ago (1 children)

That's a pretty reasonable compromise, and probably explains my confusion.
Why didn't you do the same for remote upvotes?

[–] [email protected] 2 points 2 months ago (1 children)

Upvotes were already implemented when we did the fork. I guess we just never really thought about it. I honestly just have no opinion on whether upvotes should be public or not, so I don't mind them being public, but I basically never check who upvoted my posts anyway, so might as well be removed... If people care about this I'd say it is just up for discussion...

[–] [email protected] 2 points 2 months ago (1 children)

In my case I would like them to be private, but currently they are not. I don't think it is good to try to hinder the visibility into a fundamentally transparent system.

I don't see a technical way to make votes private either, that doesn't prevent bad actor instances abusing the vote system. As an admin of an instance I could just add 5-10 votes to all of my interactions whenever I feel like it, and noone would be able to tell it didn't come from legitimate users on my instance. The accounts of vote origin are needed as proof, hence moderators on lemmy having access to them.

Do you perhaps have any idea how this could be accomplished?

[–] [email protected] 2 points 2 months ago (1 children)

You cannot make votes completely private, one instance has to have the authority over which votes do exist. This instance should be the origin of a post or comment.

At the moment it works like this: you upvote a post, this upvote gets send to the author of said post AND the magazine and that magazine then broadcasts your upvote to all subscribers of said magazine.

I could imagine that the process looks a lot different: you upvote a post, this upvote gets send to the author of said post, the author of the post then sends an update to the magazine saying how many people have now upvoted their post and the magazine then broadcasts this info to every subscriber of the magazine.

With that you would of course have new limitations concerning moderation and maybe there are trust issues regarding the correct reporting of that upvote count, but only the author of the post (and their instance ofc) could technically know who upvoted their post. As in everything here this is a compromise and whether the gained privacy is worth the other limitations, I don't know

[–] [email protected] 2 points 2 months ago (1 children)

This would solve some of the problems. If only 2 instances know about the votes, post instance and sublemmy instance, you can reasonably expect to get most instances to never release that info. It would allow either the sublemmy or post instance to manipulate around in the votes, but most manipulation would be detectable by the respective other instance.

It would open the door however to manipulating around with internal posts made from the instance in a sublemmy on the instance. And it would allow the post instance to drop votes selectively, though I think that is possible currently all the same.

Votes being sent to both the sublemmy and the post instance simultaneously would make manipulation a lot harder. And for cases like internal posts, you could add another involved "judge instance" that receives the vote details directly from source, and is merely there to confirm the total. Instances that hand out non-independent "judge instances" could be labeled as untrustworthy in the lemmy community.

So you end up with a list of instances per post that votes are reported to, to which you add the post instance, sublemmy instance, judge instance, and maybe some more.

In terms of implementation, I think the activitypub protocol needs an origin for votes, right? I would say an instance can just report the votes coming from a stock of obviously fake accounts, like "masked_upvote_1" to _999999 ... and "masked_downvote_1" to _XYZ.
About the votes, I am not sure. It could be done as a lemmy-internal feature where lemmy instances and other instances knowing of the lemmy protocol send the info to all the relevant instances, while any votes from external instances only arrive at I guess the post instance and that then forwards it on to all other instances. This way the checking doesn't work for software unaware of that lemmy specific vote implementation, but everything is still compatible.

You could then even for those lemmy-external votes add an interface on the judge instance, that would confirm via pm if your vote has arrived.

Do you think this could work?

[–] [email protected] 2 points 2 months ago

We can look at PeerTube for an example of a system that could be shaped into what I meant: when you look at a post (video) from peertube it links lists for likes, dislikes and shares (so basically upvotes, downvotes and boosts). These collections contain a totalItems property, but also list the peoples identities, but just imagine that it wouldn't be there. When a user now likes the video, the creator of the video now sends out an Update acitivity to all subscribers. Now all subscribers can update the counts for likes, dislikes and shares. Only the "home instance" of the creator account knows about all votes, nobody else does, but nevertheless everybody else can now how many likes, dislikes and shares there are.

If we compare that to mastodon the first part of the statement is still true:

Only the "home instance" of the creator account knows about all votes, nobody else does

But that means that most instances just show 0 likes for most of the posts, because your instance only knows about likes originating from your instance...


As for your proposition: I couldn't follow for some of it. However I think the risk of an actor abusing the creation of fake accounts and fake upvoters is not really a risk, that is what defederation is for... I would argue very much agains a lemmy specific protocol and some judge instances simply because then big instances would just have pretty much all the data again and it would definitely hurt interoperability because lemmy devs can then just take the easier route instead of implementing something according to AP spec