Upvotes seem to just federate as likes and dislikes.
The whole concept of the Fediverse as social media is that all the data is public. Stop acting like these servers are giving out private data.
You can see who upvoted and downvoted a post by viewing it in friendica.
Submitted 2 months ago by Irelephant@lemm.ee to fediverse@lemmy.world
https://lemm.ee/pictrs/image/ba84db7c-fc00-4eef-ba59-c5a14d2a509c.png
Comments
Draconic_NEO@lemmy.world 2 months ago
Irelephant@lemm.ee 2 months ago
I know, but some people assume votes are private.
smeg@feddit.uk 2 months ago
If you’d only ever interacted with Lemmy and not read up on how ActivityPub works then that’s a reasonable assumption, it’s not like anything (that I’ve noticed!) actually tells you that your votes are public, and they don’t look to be public in the places you’re likely to see!
Draconic_NEO@lemmy.world 2 months ago
It’s not good practice. Really one shouldn’t be assuming anything is private or some entitlement to privacy on a service where all content you post is made publicly available to any and all linked instances. They miss the point of a federated public forum. If one wants privacy, data must be kept locally only. That’s why Lemmy has local-only communities, the “private” community aspect that many people want just won’t be federated, because you can’t make something like this private otherwise.
TacoSocks@infosec.pub 2 months ago
I don’t think everybody knows that and at least here on Lemmy, it doesn’t show it by default like friendica. The fediverse doesn’t necessarily mean that all data has to be public. It’s just that it’s way harder to have a sense of truth without public data.
asudox@lemmy.asudox.dev 2 months ago
Or you can be an instance admin. In the next lemmy version (1.0.0), mods will also be able to view votes in their communities.
fxomt@lemmy.dbzer0.com 2 months ago
mods will also be able to view votes in their communities.
You can already do this using tesseract, by the way (not tesseract.dubvee.org, strangely?)
On t.lemmy.dbzer0.com i can see both upvotes and downvotes (for all my modded comms):
asudox@lemmy.asudox.dev 2 months ago
I guess the feature was already merged in one of the past versions then?
Irelephant@lemm.ee 2 months ago
You can already do it with a database query iirc.
fxomt@lemmy.dbzer0.com 2 months ago
I’m not sure about the downvotes part (i failed to recreate this lmao) but you can already view upvotes with mbin. Piefed solves this problem with a option to make your votes private (but from my tests it didn’t work? weird)
wjs018@piefed.social 2 months ago
IIRC, piefed's private votes are disabled for "trusted" instances. You can see which instances are trusted here.
fxomt@lemmy.dbzer0.com 2 months ago
Ah, well that sucks :( i thought it just used a different strategy to do so if it was trusted, not outright disable it.
Will correct it, thanks
flamingos@feddit.uk 2 months ago
Damn, so this is how I find out we’re least trustworthy part of the commonwealth.
socsa@piefed.social 2 months ago
That is stupid and defeats the point and makes me rethink my decision to support piefed.
SocialMediaRefugee@lemmy.world 2 months ago
Petty mods or users would abuse this
Kitathalla@lemy.lol 2 months ago
It’s already possible to see if you really want to look. Friendica is just another way.
Draconic_NEO@lemmy.world 2 months ago
Mods can already see voting data, at least through the API on the latest version of Lemmy.
driving_crooner@lemmy.eco.br 2 months ago
How can I see this in the community I mod?
steal_your_face@lemmy.ml 2 months ago
I think lemmy instance admins can see this too. Doesn’t even have to be a friendica instance
Sunshine@lemmy.ca 2 months ago
Any instance admin can see the vote history.
merthyr1831@lemmy.ml 2 months ago
I get this is obviously intended behaviour on part of actpub but I’d love for there to be a pseudo-anonymous voting system too. Maybe an option to hash user credentials when added to likes to ensure that they’re unique whilst obfuscating the original user.
AdrianTheFrog@lemmy.world 2 months ago
Hash them with the post ID appended, so a user can’t be identified across posts
nednobbins@lemm.ee 2 months ago
There is already a foolproof method that is immune to any abuse of trust by admins; create an alt account.
merthyr1831@lemmy.ml 2 months ago
True, but there are other benefits too. Bots can’t crawl through your likes for example. Maybe you want a feature on lemmy or mastodon or whatever with anonymous polling? Maybe you’re implementing anonymous polling into an app for a trade union that needs total anonymity even from admins? It’s not totally unusual!
IMO it makes sense to do this at a platform level just because there’s a unified implementation of obfuscation across all the fediverse for any platforms that want to use, rather than a bunch of unique solutions that would be duplicated effort.
Lumiluz@slrpnk.net 2 months ago
I mean, seems pretty pseudoanonymous to me, unless Musk had another kid he named apj2k36 or something.
merthyr1831@lemmy.ml 2 months ago
People have really weird usernames sometimes
Irelephant@lemm.ee 2 months ago
I was thinking that it would make sense to federate upvotes, but with the hash of your username instead of your actual handle. Would this work?
m_f@discuss.online 2 months ago
The userbase is small enough that hashing would be easy cracked by a determined person. Even with salting, iterating through the entire userbase and hashing each username+salt to check for a match would probably not take long
rglullis@communick.news 2 months ago
Replace “hashing” with “encrypted” (perhaps just using a symmetric key that the admin sets up) and then it gets impossible to know for any outsiders who is the real user behind the vote.
I for one just wish people understood once and for all that anything you do on social media is public.
If you are not comfortable backing up your opinion or action, then don’t do it.
Irelephant@lemm.ee 2 months ago
What if a uuid is generated every time a user signs up, and every upvote iterates through the uuids?
RobotToaster@mander.xyz 2 months ago
One of the advantages of votes being public is that it keeps instance owners honest and, perhaps more importantly, means they know other instance owners are honest.
If they weren’t public it would be easy to modify your lemmy instance to send 10 votes with fake hashes for every real vote. There would be constant accusations of brigading and faking votes.
Rogue@feddit.uk 2 months ago
I’m honestly surprised it hasn’t already become rampant.
rglullis@communick.news 2 months ago
How long until it gets abused, and trolls start brigading though instances that hide their votes?
queermunist@lemmy.ml 2 months ago
Nothing stops defederation, though.
Maeve@midwest.social 2 months ago
Or mentally unwell people stalking.
Valmond@lemmy.world 2 months ago
Just make a rainbow table and get the usernames back.
iltg@sh.itjust.works 2 months ago
this is an icky issue because lemmy sends votes with empty addressing, so remote instances should count them but not show them to anyone. however mastodon (and *key) sends likes with empty addressing too, but considers them public. lemmy is (surprisingly) right here and should request that the rest of fedi respects the protocol and hides stuff based on its addressing. maybe open issues on mastodon and friendica
also this issue probably exists when seeing lemmy posts on any microblogging instance
driving_crooner@lemmy.eco.br 2 months ago
I mod a small community with like 6 monthly users, I’m the only one who post or comment and the average post have 3/4 upvotes and 1 downvote. And I always ask myself who is downvoting my submissions, because it’s make no sense to me that someone take the job of pressing the downvote button on a link to a EDM set. Couldn’t they just block the community?
Blaze@lemmy.dbzer0.com 2 months ago
Use tesseract.dubvee.org/home/all/scaled to show downvotes
Assess whether banning makes sense for someone who only downvotes content
viking@infosec.pub 2 months ago
How exactly can I see who downvoted? Can’t seem to find it in the regular view, and the debug info only shows the vote count, not the voter.
AceTKen@lemmy.ca 2 months ago
I’ve gone to my community and to specific posts, but can’t work out how to show downvotes. Can you shed a little light on how to see them please?
SpaceCowboy@lemmy.ca 2 months ago
It’s not about blocking, it’s about sending a message.
AceTKen@lemmy.ca 2 months ago
No, sometimes it is about blocking.
If you run a small community like several of us do, even a small amount of downvotes can completely shut down a discussion from ever being seen by anyone else. It’s a way of shutting down conversation.
If someone neither wants to contribute nor lurk, and merely drag down a community, they shouldn’t be part of it.
Irelephant@lemm.ee 2 months ago
Some people just downvote for the sake of it.
Bloomcole@lemmy.world 2 months ago
I wish I could see what scummy lemm.ee mods removed my comments and got me banned
Draconic_NEO@lemmy.world 2 months ago
Bloomcole@lemmy.world 2 months ago
Thanks but doesn’t work if you’re site-banned.
kazaika@lemmy.world 2 months ago
I don’t know this name, I read its part of the Fediverse… Does this affect us?
ubergeek@lemmy.today 2 months ago
Yes, it is probably the oldest or second oldest server suite in the fediverse (diaspora is maybe older).
It was an early supporter of statusnet and pump.io, which are the earlier versions of ActivityPub.
It originally used it’s own protocol to talk to other friendica instances, but a lot of plug-ins came out adding support for everything, even Facebook support for a while.
electric_nan@lemmy.ml 2 months ago
There are some instances that disable downvotes altogether!
douglasg14b@lemmy.world 2 months ago
Oof, hell no. That’s some Facebook level cancer right there when they removed downvotes.
It’s just a form of white washing that makes the same people who made up being offended by “black lists” and “master branch”.
electric_nan@lemmy.ml 2 months ago
Some people seem to really hate down votes. I don’t give a shit either way.
Kusimulkku@lemm.ee 2 months ago
That’s pretty cool. Sometimes in an argument there’s that (1/-1) thing going on, would be funny to see how both are downvoting each other.
Saltycracker@lemmy.world 2 months ago
I wish friendica had a mobile app. I spend more time on my phone
breakfastmtn@lemmy.ca 2 months ago
Raccoon for Friendica is great if you’re on Android.
Irelephant@lemm.ee 2 months ago
Its webui is responsive (i think), its compatible with the mastodon api.
trk@aussie.zone 1 month ago
Who cares? If your upvote or downvote or any other activity you deliberately perform on a public platform is something you’re embarrassed about and wouldn’t be willing to do in a face to face engagement you probably shouldn’t be doing it.
Irelephant@lemm.ee 1 month ago
I agree, and if you absolutely must, then maybe make an alt?
The main problem is most people assume their votes are private, as they are private on reddit.
serenissi@lemmy.world 2 months ago
How to fo that?
Irelephant@lemm.ee 2 months ago
Asumming you meant “do”, go to friendica (friendica.world) and paste the fedilink (press the rainbow button) into the searchbar.
schnurrito@discuss.tchncs.de 2 months ago
Yes, after all other servers need this information in order to prevent double voting, you can’t just have servers sending each other information “somebody upvoted this” and also tell when servers are allowing users to vote more than once.
So upvotes and downvotes aren’t actually private, never have been, some servers may display them publicly even if most don’t.
PeriodicallyPedantic@lemmy.ca 2 months ago
The server hosting the post needs it.
It only needs to tell other servers the vote count, and the votes of people on that other server.
schnurrito@discuss.tchncs.de 2 months ago
Yes, but then you can have malicious servers sending fake numbers without other server operators being able to check whether this is at all plausible.
(It’s still possible for malicious servers to send fake votes, but server operators can see which users they are stated to originate from, then block that server if that looks like it’s doing that. At least that is my understanding.)
Wooki@lemmy.world 2 months ago
Over thinking.
Only the instance needs the username to register the vote, the count can then be updated by the instance. Simple and lightweight
clutchtwopointzero@lemmy.world 2 months ago
Hashing exists for this use case
socsa@piefed.social 2 months ago
There are plenty of ways to handle double voting without plaintext user strings. The fact that it's done this way is just lazy and poor design and doesn't actually so anything to prevent a rogue instance from vote spamming with fake users.
MDCCCLV@lemmy.ca 2 months ago
They should be.