this post was submitted on 30 Jan 2024

1 points (100.0% liked)

Privacy

31263 readers

380 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

Chat rooms

[Matrix/Element]Dead
Discord

much thanks to @gary_host_laptop for the logo design :)

founded 4 years ago

MODERATORS

[email protected]

Lemmy instance admin snooping at votes (monero.town)

submitted 7 months ago* (last edited 7 months ago) by [email protected] to c/[email protected]

76 comments fedilink hide all child comments

So I was going through /all and this admin is snooping at vote counts for posts in his instance and then posting it publicly.

Just a reminder that these kind of petty people exist. Pick a trustworthy instance or better yet, host your own.

Archive: https://archive.md/oybyL

top 50 comments

sorted by: hot top controversial new old

[–] [email protected] 0 points 7 months ago* (last edited 7 months ago)

You would think adversarial actors would find this problematic in their own way. Does no one remember anymore way back when reddit was exposed as being an American state apparatus? Reddit owners its earlier more naive era used to share site metrics. They inadvertently revealed that large amounts of activity comes from a US military base. Then they wiped evidence and disavowed all knowledge that any of that ever happened. And now the narrative on there is that other state actors are the ones in control of that platform. How convenient.

White hat actors could be using such open access to data to reveal whats in the data. That's what the big social platforms are so scared of themselves. Not only is it their financial bread and butter. Contained within is who know how many skeletons piled up over the years.

Everyones privacy these days is basically long gone. There's illusion that internet platforms are in any way shape or form fair or balanced because of the paper thin concept of internet votes == democracy or something. Yet a lot of people stubbornly persist. It's past due time to shine a light on the adversarial actors run amok. Show us the anomalies in data that reveal how the typical real human user is powerless against adversarial actors.

I'd like to think it would be the last straw for the whole concept of social platforms at least the way that it is now. Who knows though. It's also shown us how dumb people are. They could very well just "meh" and go back to mindlessly infinite scrolling.

[–] [email protected] 0 points 7 months ago* (last edited 7 months ago) (1 children)

From what I understand votes are publicly available data, Lemmy just chooses to hide them to prevent the "chilling effect" where people feel afraid to vote honesty for fear of repercussions. Then they reintroduced it for admins so they can do their duties in stopping vote manipulation, for example people who go onto your profile and downvote literally every comment you make (it's already happened to me like 3 times) or those who use all of their alts to try and sway momentum on a comment their main makes. There's also times where there's no justification for a comment being upvoted; perfect example is when a nazi says "based" in response to an article about someone being racist and it gets like 20 upvotes. I don't think anyone reasonable would be against a banwave on something like that.

Obviously admins can see everything that goes through their servers for what should be obvious reasons, so this is more of a convenience thing.

[–] [email protected] 0 points 7 months ago (1 children)

perfect example is when a nazi says “based” in response to an article about someone being racist and it gets like 20 upvotes. I don’t think anyone reasonable would be against a banwave on something like that.

I would absolutely be against that. Voting should not be bannable outside of vote manipulation itself. If the content is offending, remove that (and possibly ban the user), but not people who vote on it. That's just stupid "guilty by association" nonsense. And besides, voicing stupid opinions (in moderation) is still better than suppressing free speech.

Lemmy just chooses to hide them to prevent the “chilling effect” where people feel afraid to vote honesty for fear of repercussions.

I find that kinda stupid as well. It leads people to think that their votes are private when literally anyone can view them with a bit of work. Sure the chilling effect sucks but it's better than misleading people. At the very least they should be warned when they sign up.

[–] [email protected] 0 points 7 months ago* (last edited 7 months ago) (1 children)

... really? You think that upvoting what amounts to "hey any fellow nazis here?" should be allowed...? 😒

[–] [email protected] 0 points 7 months ago (1 children)

I think that if you allow that question in the first place, voting on it should not have any consequences either.

Besides, despite what most people instinctively think it's better to see what you disagree with so that you can keep your eyes on it rather than forcing it into hiding and knowing nothing (again, in moderation - you probably don't want to run an actual Nazi instance, so if it does bother you you should moderate that post/comment).

And mistakes still happen; it's easy to accidentally upvote/downvote something by mistake, to misunderstand someone, etc. So yes, I do think banning people based on what they up/downvote is a bad idea.

[–] [email protected] 0 points 7 months ago (1 children)

Your argument is "we should keep nazis around just make sure they behave" which is not a point i'm willing to entertain.

[–] [email protected] 0 points 7 months ago (1 children)

Man, please, learn to read. My whole point is that you should not care about what people upvote.

So once again: if you are okay with the original comment/post - which means you are fine with keeping Nazis on and what they have to say on your platform - then you should be okay with people who "react" on that content.

Or maybe you aren't fine with it, so you should delete the offending post or comment, and then you won't be bothered by the reactions either.

[–] [email protected] 0 points 7 months ago* (last edited 7 months ago)

Because you can't also ban the person who posted it. For god sake this is the level of faith we are on. Go outside, this thread ended yesterday.

[–] [email protected] 0 points 7 months ago (1 children)

Guys. The person running the website you use always can do and see everything

This has nothing to do with lemmy

[–] [email protected] 0 points 7 months ago (1 children)

In Lemmy, anyone can spin up a website and passively collect your invisible data without your consent.

Which is a Lemmy problem.

[–] [email protected] 0 points 7 months ago* (last edited 7 months ago) (1 children)

No. A simple website won't help, it needs to be a Lemmy instance. Moreover, it needs to be a federated one.

And then, that "invisible" data being available to other admins, is a problem with federation, not with Lemmy.

Now, there could very well be efforts made to make the cleartext data of each instance users available only to the admins of that instance (and only share aggregated data with other instances), but that would also require a lot more consideration wrt mutual instance trust in the network.

Right now, since votes and other actions are public (to the federated instances admins anyway), it is doable to detect and assert foul play. The downside of this is that it allows abusers to malevolently collect data and do the same bad things that you are so certain the alternatives to Lemmy don't do (yeah, as if).

If the instances shared only aggregated data with one another, it would be much harder for abusive small instance owners to spy on any user on the network (still possible, but it would essentially would be as hard as for anyone else, as it would involve heuristics and lots of intelligence, to interpolate the missing information); but it would also be much harder for legit admins trying to enforce moderation to inspect what happened on federated instances. They would have to take those instance's admins at their words.

As an additional note: that "invisible" data that other platforms allegedly don't share, is for sale. That's what surveillance capitalism is all about... At least with Lemmy, the barrier of entry to get our data is "federation", not "money".

Edit: ~~WTF bro, a day and a half before writing this wrong comment I'm answering to, you wrote a properly worded, technically correct (top level) comment... Were you half asleep on this one??~~

Edit 2: nah, the reason why your other comment was technically correct and properly worded is that you stole it. SMH. 😮‍💨

[–] [email protected] 0 points 7 months ago (1 children)

Off day 😉

I should have been more specific when I said website, as... If you scan my other comments, you might have the hint that I have access to one such Lemmy instance. And they federate with minimal effort. I don't know how to automate it yet, but it wasn't hard to do so manually.

[–] [email protected] 0 points 7 months ago* (last edited 7 months ago) (1 children)

I'm actually curious to know if federated instances share the data of their federated instances... if so, there is a proper reason to be actually alarmed, as ACLs would essentially be cosmetic only.

[–] [email protected] 0 points 7 months ago (1 children)

Can you be more specific? I might be able to hunt down answers.

Recently, federation vulnerabilities got exploited by an ex-Truth Social employee who apparently believes consent is only when someone shouts "no" at him, so pretty much anything is possible (without even going through the effort of spinning some kind of proxy server, if I'm reading this correctly).

[–] [email protected] 0 points 7 months ago (1 children)

Well, as in let's say instance A is federated to B, B federated to C, A blacklisted C.

So, clearly, A isn't getting data about C. It will drop it on ingress (I expect).

But, will C have access to the exact same data about A, through B, that it would have access to from A if not blocked by A?

[–] [email protected] 0 points 7 months ago* (last edited 7 months ago) (1 children)

"Indirect federation" (what I ended up eventually trying to find info on" appears non-existent.

That answered the question, I think, but it caused me to ask a few more, like this one:

What happens if a community is on Server A and Person C wants to check out how Person B is interacting on it. I think, in that case, that Person C can check out Person B's profile and see comments left on a Server A community, but they cannot navigate to the post itself because Server A would not send the content to their server.

It's relatively easy to switch servers, by clicking the little rainbow icon next to a particular comment to see the server where it would have been viewed in Person B's context, but servers on their own are not running around scraping missing data... At least, not as they are currently designed.

ETA: More background on the major defederation in question (mostly political, not technical)

[–] [email protected] 0 points 7 months ago

Thanks for digging and reporting on this, but I'm gonna take a break with my phone (the main way I interact with Lemmy), since it is such a steaming pile of shit.

I'll try to find a way to use Lemmy on a proper OS without using the horrendous web interface (hopefully there are cool clients out there), and then I'll see. 👋

[–] [email protected] 0 points 7 months ago (1 children)

Oh good, Lemmy had no privacy. Not like that ability isn't going to be abused.

Either make it public right from the start everyone sees everything. Or make this crap not possible.

You're going to get echo chambers that start witch hunts. Someone is going to dox someone because they don't like how someone votes... Yadda yadda someone gets swatted or someone just shows up... Then someone's going to start cheering "We did it Lemmy!"...

Honestly at least with Reddit you had one single evil entity that would abuse their power and trust of users.

[–] [email protected] 0 points 7 months ago

That's an interesting point. One company, like Reddit, might see human beings as nothing more than content mills, but that created incentives to be a little private at least.

Lemmy servers are run by anybody, including Facebook, and you don't even have to accept someone else's server rules for your data to transfer onto it. The process occurs passively.

[–] [email protected] 0 points 7 months ago

I wish more admins would make votes public on their instances, so the whole community could work together to identity bad actors

[–] [email protected] 0 points 7 months ago

Ok. These votes are not about picking presidents, so...

load more comments