Edit: obligatory explanation (thanks mods for squaring me away)…

What you see via the UI isn’t “all that exists”. Unlike Reddit, where everything is a black box, there are a lot more eyeballs who can see “under the hood”. Any instance admin, proper or rogue, gets a ton of information that users won’t normally see. The attached example demonstrates that while users will only see upvote/downvote tallies, admins can see who actually performed those actions.

Edit: To clarify, not just YOUR instance admin gets this info. This is ANY instance admin across the Fediverse.

  • RyanHx@vlemmy.net
    link
    fedilink
    English
    arrow-up
    167
    arrow-down
    1
    ·
    1 year ago

    People raise a good point that in countries where political dissent can actually be dangerous, this would very much dissuade people from voting on things they believe in, or even coming anywhere near Lemmy period.

    A better approach I think would be to have the user’s host instance save their votes (the database obviously needs to remember what you voted on), but when federating those votes with other instances just hand over a cumulative total, e.g., “here on vlemmy.net we have +18 votes for this comment”, which the other instances can then add. There’s no need to send user information with that data.

    • Paradox@lemdro.id
      link
      fedilink
      English
      arrow-up
      23
      ·
      edit-2
      1 year ago

      Pretty easy to make an instance that would auto vote certain things with suspicious amounts of votes

      As it stands now, they have to fake the origin of some of those votes. Not much of a barrier, the fediverse generally accepts any user an instance says exists, but still, it’s a barrier

      And of course any instance thats blatantly manipulating votes is going to be defederated, but I’m more concerned with an instance that behaves normally until it encounters a keyword or user is been set to, and then gives their posts a -5 or whatever

      • Distributed@lemmy.world
        link
        fedilink
        English
        arrow-up
        10
        ·
        edit-2
        1 year ago

        This was my thoughts as well. I understand the need for an audit trail.

        Would be very easy to build up an interaction graph with this data that could be used for fingerprinting. If this is an issue for you, though, just browse without signing in/interacting

        Was just thinking about this more though, and unfortunately there can also be rogue instances that allow bot users to be created and interact with other instances posts, so this issue could still persist.

        • plumbercraic@lemmy.sdf.org
          link
          fedilink
          English
          arrow-up
          14
          ·
          edit-2
          1 year ago

          Could replace the usernames with UUIDs, and keep the username-UUID map back on the source instance? Then you get an audit trail, but not associated with user identity. There’s also no guarantee that people don’t use bob_jones as their username, and this is Personally Identifiable Information, which brings up some GDPR stuff too.

          • Muddybulldog@mylemmy.winOP
            link
            fedilink
            English
            arrow-up
            11
            ·
            1 year ago

            The problem with that is that every interaction that any user has with a post or a comment would require calls back to the home instance in order to lookup those usernames. That’s a LOT of extra load

              • plumbercraic@lemmy.sdf.org
                link
                fedilink
                English
                arrow-up
                4
                ·
                1 year ago

                Yeah I just meant for the votes. If you make a comment with your username it’s pretty clear you consented for the input and the username to be visible side by side.

          • shagie@programming.dev
            link
            fedilink
            English
            arrow-up
            3
            ·
            1 year ago

            Source instances can be seized ( https://kolektiva.social/@admin/110637031574056150 ).

            UUIDs aren’t “invested” enough. Interacting with a name rather than 08d86062-730b-4081-8c4c-b28bca1713b6 or c4e1261a-087a-448d-bd3f-5c3d8ab28aab is desirable.

            GDPR will be interesting in the fediverse as once it’s out there it is really hard to remove/redact on all the other servers that the post has been federated with. It is a problem akin to sending an email to a mailing list and then asking everyone on that mailing list to delete that email… and forward that deletion request on to anyone they forwarded your email to and ask them nicely to do the same.

    • Feirdro@lemmy.world
      link
      fedilink
      English
      arrow-up
      21
      arrow-down
      2
      ·
      1 year ago

      Agreed, especially because I believe we’re headed for a repressive regime here in the US in about 2 years.

      Places like this will need to get very careful if they want to remain bastions of free speech and places where people can come to find the information that will no longer be available in mainstream channels.

    • deweydecibel@lemmy.world
      link
      fedilink
      English
      arrow-up
      18
      ·
      1 year ago

      The problem that Reddit realized early on is that user voting is the engine behind the content aggregation. That aggregation is one of the main selling points of Reddit. The more users vote on what they see, the more information Reddit has for how to aggregate that content. That’s what keeps the front page fresh, that’s what keeps content moving up and down on the site. In a very real sense, the voting is the heart pumping blood through the site.

      So it behooves the site to not give any reason for users not to vote how they feel. Keeping votes private was part of that. It is one of the most basic tenets of democracy: the only way to give people the freedom to vote honestly and frequently is to give them the privacy to do it.

      The potential for retaliation against users, in any number of conceivable ways, far outweighs any benefits that come from making votes public.

      The voting information also makes it insanely easy to automate mass blocking of any opinion under the sun. Nobody in this thread seems to grasp all the things you can do with that data to manipulate user interactions on this site. If you think troll armies are bad, wait till those troll armies have a shared automated block list of every single person that has ever downvoted them.

    • astral_avocado@lemmynsfw.com
      link
      fedilink
      English
      arrow-up
      11
      arrow-down
      1
      ·
      1 year ago

      I think those users who live under oppressive governments should be used to using tools like Tor and accounts with a proton email to interact on the internet.

      • RyanHx@vlemmy.net
        link
        fedilink
        English
        arrow-up
        9
        ·
        edit-2
        1 year ago

        Fair point. Though if nothing else stripping out usernames from vote counts would maybe save some bandwidth or database queries for the instance.