I recently learned that voting on lemmy is not anonymous. Anyone can get information about who has upvoted and downvoted a post or comment.
In combination with your IP, this is a massive privacy (maybe even physical security) risk. Also, people can target you for your votes.
Sadly, this is something where I would prefer Reddit over Lemmy. Big tech scrapes data from both places anyways, at least Reddit is safe.
at least Reddit is safe.
Lmao, what!? Reddit tries their best to know exactly who you are, where you live, your education, where you work, etc… And then they sell that data to anyone.
A lot of people here still refuse to understand that Lemmy, as it currently exists, is a privacy nightmare, and the voting thing is just the top of the iceberg. There are several de-anonymization attacks possible involving dynamically serving different content to different users. This, combined with the public voting makes it possible that someone can dox an account and expose a lot more information than other forums where that information is more private.
Public votes also open the fediverse up to much worse astroturfing IMO. It’s incredible feedback for bots and trolls to see exactly who is interacting with their posts and comments. It’s frustrating that a bunch of people here have convinced themselves of the opposite, and insist that public voting is the only way to combat brigades and trolls, which is an incredibly shortsighted stance which doesn’t scale nearly as well as it does in the other direction.
I want you to know
I’ll downvote everyone here if I damn well please it!!!
Don’t tell anyone, but your posts and comments are also public.
Only you can see this comment Daniskarma. The Leering League of Lemmy SEES you Daniskarma and we have taken notice. Cease your efforts to spread information about public posts and comments, or ELSE Daniskarma. We’re watching you.
Why is this comment completely empty?
Iunno, weird.
I know you are being sarcastic and edgy but point is that voting is assumed to be private by the average person because it is anonymous in elections, it is anonymous on the closest social platform Reddit and popular websites like youtube.
I don’t know how to break this… But voting in Lemmy is not choosing a president.
Voting is like booing or clapping in a public agora. It’s not private. If you assume is private that’s on you.
Not even on your beloved reddit. Reddit admins know all your votes.
Admins know but users don’t.
That’s precisely your issue before. Voting in reddit is not private as admins know that info and can share with anyone so the “bad voter” could get prosecuted. But users, like you, think it’s private because they don’t see it.
Be consistent with your argument at least.
I will disengage here. Bye!
How likely is an admin to share something with someone else vs something being already public?
Mods can also see them for their communities iirc.
But it’s part of the activity pub protocol and how things work between federated platforms. Some platforms display the votes in public for everyone
And reddit also has a problen where you can use bots to farm upvotes and because you cant see that information means you cant tell if posts are legit or propaganda
Anyone can make multiple accounts and vote farm here too.
No shit, but if you’re getting 1000 upvotes from the same bangledeshi or Russian IP you can a least figure it out, hey its prolly not legit…
Thing is votes are federated. if someone makes an instance and farms votes by making bots on same instance, only instance owner has info about IPs. Every other instance thinks the votes are legit.
It’s a federated platform. How could voting have been anonymous?
Besides, nothing requires you to vote on posts. If you’re not comfortable voting, then don’t vote.
I am okay with votes being public but then it should be made explicitly clear to users.
The people I trust the least on these platforms are the admins and owners of them. Your voting wasn’t anonymous on reddit to those people either.
True but it is very less likely that admins will target a specific person when they know that information is private and they will get caught easily. Here, other than admins, every user can easily target someone.
The IP address thing is not real, though
Just choose a nickname that is random word+4 random digits and don’t reuse it on other services
If you’re an instance admin, for any post, you can just click “view votes” and see everything tied to usernames, even outside your own instance. Moderators can too, but it’s restricted to the communities they moderate.
Sir, this is the Fediverse.
It is nowhere explicitly made clear to users that voting is public. It should be made clear if it is going to be
It’s the other way around here: Everything is public except where it’s made clear that it won’t be (e.g. email address, password).
For what it’s worth, your instance of choice is particularly negligent in regard to informing its users. Compare lemmy.today/legal to lemmy.world/legal, or their respective signup pages for examples. There’s little that Lemmy itself or the community at large can do about that 😞
It needs to be fixed. Every user is having a different user experience during account creation but everyone’s information is being federated equally.
They don’t seem very active, but you can try reaching your instance admin at https://lemmy.today/u/mrmanager
It is not the problem of my instance per se. It is a problem for all instances because everyone has to agree to instance terms but they kind of are agreeing to all instances’ terms.
deleted by creator
I think its a fair assumption that most people make that whatever data which isnt explicitly displayed to a regular user is not public. Having likes be public but hidden is misleading.
It is made clear because there is an option to see all the votes right next to the like button. Similarly, many sites allow you to go through activity of people you follow.
deleted by creator
I can see the number of votes but not who voted. This gives the impression that this information is not available publicly. However, it can be accessed by anyone on third party websites.
An EU resident could sue for emotional damages under the GDPR. Or maybe just complain to data protection authorities.
One day it will happen.
I like piefed because it lets you see at a glance if someone is a serial downvoter. On each piefed user profile is a thing called “attitude” and it’s a ratio of your upvotes vs downvotes.
100% means the person doesn’t downvote people. 50% means they downvote and upvote equally. 0% is only downvotes.Edit: I saw someone today with negative % so it must be 100% is all upvotes. 0% is half upvotes half downvotes. -100% is all downvotes.It shows up for people outside piefed too so i see you too lemmy angry people.
I would never downvote cereal.
Unless it was grape nuts. That shit is like eating gravel.
Here’s how you Grape Nut:
Pour a small pile (like a cup or so) in a bowl.
Take a spoonful of peanut butter and use the backside of the spoon to mix up the PB and GN. Smash it together for longer than you think until it’s well mixed.
Top with a drizzle of honey and then pour milk over it.
S-tier breakfast.
Raisin bran gang!
This just sounds like Reddit account karma score all over again? But with a percentage displayed instead of total.
Reddit karma is how others feel about what you say. Piefed’s attitude is how you feel about what other people say.
Slightly different but i see your point.
What is mine?
90%
Thanks! Cool feature.
Now do me, please.
Hang on, doing your mom.
Come on, dad. Those jokes are lame.
oh no. I should upvote more. I’m really bad about voting at all 😓
Why would you let others police your behavior?
Others influence many things about my life. I don’t see it as policing if I’m trying to choose to bring more positivity to the table.
Russia really should just leave Ukraine, though. (Sorry, I just saw the context for this a few minutes ago and can’t help myself).
Dont care who knows but I too agree with this.
It is not the context for this post, people have made it the context. It is the reason for this post.
Maybe context is the wrong word.
E: how about catalyst.
Are you sure about that? Reddit is a fucking cesspool.
I was unaware that it was unclear to anyone but children and the intellectually behind that anything you do on the Internet is traceable to you without significant countermeasures.
this is why i vote at random, like two-face doing his quarter thing
I did this last night putting my son to bed, said heads you go to bed, tails we stay up. Jokes on him though, double heads. And he fell for it, what a sucker. Hope it works when he’s not four, or I at least don’t need to do it.
you’re raising a future supervillain
You get 3 accounts. Say you want to upvote something. You downvote in 1 account (randomly selected), upvote on another, and upvote on the third. So it’s net +1 and the only way to see how you voted is to piece together all 3 of your accounts voting history. Need more privacy? No problem, just use 5 accounts instead of 3.
/s
wait, so what do i do with the first shell again?
In combination with your IP, this is a massive privacy (maybe even physical security) risk. Also, people can target you for your votes.
No.
In combination with your IP, this is a massive privacy (maybe even physical security) risk.
Your IP would only be seen by your instance (which is inevitable, you gotta connect to it after all). But there’s no way for anyone else to look up your IP.
I read that since images are hosted on the instance they were posted to, any instance hosting pictures you load, even if they’re DMd to you can get your ip. So someone could just DM you a picture from their own instance if they wanted it for whatever reason. I have not personally verified, but just adding it here because this comment seems to be the most succinct and accurate one I currently see.
even if they’re DMd to you
Really only if they’re DMs. Because a publicly posted picture yeah, they’ll see your IP loading it but they will also see everyone’s, with no way to tell who is who.
And a fairly recently Lemmy was updated to not show embedded images in DMs so that wouldn’t even work. (This depends on your client, but on the most recent official web version external images are blocked)
image proxying may become (more of) a thing in future.
