Edit: obligatory explanation (thanks mods for squaring me away)…

What you see via the UI isn’t “all that exists”. Unlike Reddit, where everything is a black box, there are a lot more eyeballs who can see “under the hood”. Any instance admin, proper or rogue, gets a ton of information that users won’t normally see. The attached example demonstrates that while users will only see upvote/downvote tallies, admins can see who actually performed those actions.

Edit: To clarify, not just YOUR instance admin gets this info. This is ANY instance admin across the Fediverse.

  • @Wander@yiffit.net
    link
    fedilink
    English
    213
    edit-2
    2 years ago

    To anyone surprised at this: welcome to the fediverse, please treat everyhing you do or say as public.

    The way to achieve privacy around here is by following the long forgotten arts of the old internet before Facebook was a thing: use a Nick name and don't tell strangers on the internet your real identity.

    Your home instance will act as a proxy and only they have access to your email and IP address. That does stay private.

    So, as long as you trust your home instance to not leak or disclose your connection or sign up data (which would be illegal in EU countries), just sign up with an alias.

    A very positive aspects of this is that it should allow us to detect voting manipulation by correlating the activity of certain potentially malicious actors. If Lemmy instances take vote manipulation seriously and do their best to block bots this has the chance to make Lemmy / Kbin much more transparent and credible than Reddit ever was.

    • @abbadon420@lemm.ee
      link
      fedilink
      English
      59
      edit-2
      2 years ago

      Lol. kids these days would post their bank info online if the banks didn’t prevent them from doing so.

    • @DogMuffins@discuss.tchncs.de
      link
      fedilink
      English
      72 years ago

      I whole heartedly agree with this perspective.

      Additionally, and this is an unpopular opinion, but trying to maintain a Nick or online identity over many years is folly. You end up with a huge repository of personal information, increasing the risk that it can be connected to you personally.

      • @NorwegianBlues@sh.itjust.works
        link
        fedilink
        English
        32 years ago

        This has come up as part of those requests to migrate accounts between instances. “I want a persona that stays with me for years”… Is that actually a good idea though!?

    • @kaba0@programming.dev
      link
      fedilink
      English
      62 years ago

      No, an alias will only give you pseudo-anonymity. Even trivial analysis like counting which words occur together frequently in your writings can reveal with very good accuracy any other alt of you, so the available information of you is basically everything you have shared online with enough accompanying self-written text.

      • deweydecibel
        link
        fedilink
        English
        12 years ago

        Also, it’s not just about privacy, it’s about retaliation. It will be the easiest thing in the world for people to put together bots that will track the downvotes on every post they make and automate adding those people to block lists. Suddenly a whole fleet of alts is invisible to the people that would disagree with them.

    • BitOneZero @ .world
      link
      fedilink
      English
      52 years ago

      Your home instance will act as a proxy and only they have access to your email and IP address.

      Your home image typically doesn’t proxy image loading, those are hotlinked to the Lemmy server that the image was uploaded to. So your IP address and browser string are going to other Lemmy servers.

      • @azuth@lemmy.world
        link
        fedilink
        English
        02 years ago

        The posts just contain a URL which doesn’t include the uploader’s ip address or their browser string.

        • BitOneZero @ .world
          link
          fedilink
          English
          32 years ago

          When the browser loads that URL, hotlinked image, that server has to have your IP address to return the results. Just browsing posts those images are being loaded.

          • @azuth@lemmy.world
            link
            fedilink
            English
            12 years ago

            Of course. They dont get any info to associate your IP with your lemmy account. You could even not have a lemmy account at all.

          • @azuth@lemmy.world
            link
            fedilink
            English
            12 years ago

            Of course. They dont get any info to associate your IP with your lemmy account. You could even not have a lemmy account at all.

  • @booty_flexx@lemmy.world
    link
    fedilink
    English
    94
    edit-2
    2 years ago

    To illustrate op’s point I’m going to spin up an instance, federate with everyone, and not tell anyone what that instance is.

    Then I’m going to feed all that data into my new website, called Open Lemmy Stats, where anyone can query the user data ive accumulated. The homepage will be ripe with insights, leaderboards and all kinds of data on prolific users.

    Additionally, I’ll display a snapshot/profile of a random user by feeding that users data to GPT4 to make inferences about the user’s political affiliations and display the results.

    Worst of all, I’m not going to out my instance for everyone to know it as the one to defederate. In fact I’m spinning up a few instances that will host innocuous communities that I plan to mod and support to give my instances cover for their true purpose: redundant fediverse datastreams for my site, Open Lemmy Stats.

    I’ll also have a store where anyone can buy my collected fediverse data for a handsome sum.

    Just kidding I’m not doing any of this. But someone absolutely will or already is.

    • @agoramachina@lemmy.world
      link
      fedilink
      English
      28
      edit-2
      2 years ago

      You know, I came in here with the mindset that the topic of discussion here isn’t a bad thing; I’m largely pro information-should-be-open-and-available. But you’ve argued a very solid point, and I’ve changed my mind on the issue. I appreciate you sharing this perspective!

      • stevedidWHAT
        link
        fedilink
        English
        32 years ago

        With all due respect, figuring out who you are based off what you say in a public setting is already what people do irl

    • stevedidWHAT
      link
      fedilink
      English
      132 years ago

      Lmao the internet finally realizing what companies and the govt have been doing for decades on the internet

    • @Reliant1087@lemmy.world
      link
      fedilink
      English
      102 years ago

      I think your comment clearly illustrates what might go wrong with it. If they need this data for sorting or something else absolutely, then I would be happy if they just hashed the usernames/instances or used some other form of UID.

    • deweydecibel
      link
      fedilink
      English
      3
      edit-2
      2 years ago

      And just think how much data you can gather by sending out puppet accounts on various instances, accounts that will serve only to publicly state an opinion, such as “I support this candidate”, so the data on the people who upvote it can be harvested and categorized more easily. There is so much data harvesting potential here with a little imagination, and with a little more, a lot of ways to use that data to influence the way average users engage with the fediverse.

      That site would also be a great advertisement for Lemmy. Come here to our decentralized platform, where you can vote…but you better not, lest you end up on the site. What social network wouldn’t grow when users are peer pressured into not using one of it’s basic underlying mechanics that makes the whole thing work?

      • @HamSwagwich@showeq.com
        link
        fedilink
        English
        12 years ago

        Lemmy is not a decentralized platform. It’s a federated one. Lemmy is very much centralized.

        We need a decentralized system. Lemmy isn’t it.

    • @pfr@lemmy.sdf.org
      link
      fedilink
      English
      2
      edit-2
      2 years ago

      I’m almost willing to bet that big tech companies are already doing this. They got the motive and the means. No doubt Meta or Google have dedicated some of their servers to mining our Lemmy data in this way.

      • @Zackyist@sopuli.xyz
        link
        fedilink
        English
        12 years ago

        With only around 100k users and most people using anonymous usernames that cannot be connected to their identity it would hardly be worth the effort, time or money.

        • @Quinnel@lemmy.world
          link
          fedilink
          English
          32 years ago

          You’re looking at this from the wrong point of view. The fediverse is not just lemmy: Threads, Tumblr, even BlueSky (albeit with their own protocol, but anyone could just modify their fediverse enabled app to convert their data to be applicable to BlueSky’s protocol) are quickly setting the stage for a new norm. The more websites integrate the fediverse into their stack, the more data outside the immediate sphere of influence of these major corporations can be harvested. To what ends they’ll use it, I don’t know – but I don’t trust them with it.

    • @Smk@lemmy.ca
      link
      fedilink
      English
      12 years ago

      They will know the user but not the person in real life. Even if you know that my user is more conservative on some points or more liberal on others, how can you use that for nefarious action ? Unless you know where I live and who I am, the data is useless.

      People need to be aware that sharing your personal information on the internet is never a good idea.

      • @GenderNeutralBro@lemmy.sdf.org
        link
        fedilink
        English
        72 years ago

        It’s very difficult to both A) have meaningful conversations in a public space, and B) conceal your identity from a dedicated adversary. Once a person has a long post history, it’s likely that an observer could narrow down their identity to a very small group, if not a single person. Every post you make reveals something.

        Even if you don’t ever explicitly state it, your age range and gender can likely be guessed with high probability by your writing style and/or little tidbits of info you leak without thinking about it. Same for political leanings. You might casually mention the brand of car you drive, or your favorite foods, or just reference something you experienced as a child that is not universal. All of these things leak information, and while each one seems insignificant, in aggregate they can tell a detailed story. Just knowing that you’re a Canadian who speaks both French and English eliminates about 99.8% of the world’s population as possibilities.

        Back on Reddit I used to create fresh accounts all the time, but then I’d go and join the same subs, post with the same writing style, and generally express the same worldview. If anybody cared, had a good grasp of statistics, bothered to collect the data, and put in a stupid amount of time to it, they could likely match all of my accounts together. I was never too worried about this because…well I just didn’t care. But I did have a cyberstalker at one point and it made me think.

        I wouldn’t be shocked if someone could match me to one or more of my Reddit accounts just from this one comment, tbh. I’m leaking information here like a sieve! Not many people have the skills to do that, and the few who do are unlikely to give a rat’s ass about me. HOWEVER, as AI becomes more advanced, anyone with computer literacy will be able to do analysis in minutes that might currently take an expert days or weeks.

        • @Smk@lemmy.ca
          link
          fedilink
          English
          12 years ago

          I get what you’re saying. I’m not sure if it’s something that is fixable giving that we participate in a public forum. Maybe the federation isn’t a great idea after all, or maybe we overthink it. I don’t know.

    • Gpt has to small of a context window to get someone’s entire post history in. U have to embed everythibg they have said then u can make queries against their knowledge base or grouping user content embeddings and comparing to known data points. Not that i have the compute to do this at any kind of scale.

    • @EurekaStockade@lemmy.world
      link
      fedilink
      English
      02 years ago

      Honestly, why not? The data is already being recorded. At least this way it’s public and the rest of us get to interact with it. It might even scare a few people into paying attention to the information that they disclose about themselves and increase their digital hygiene.

    • @NotMatt@lemm.ee
      link
      fedilink
      English
      312 years ago

      I’m going to start throwing “edit: thanks for the gold kind stranger!” on the end of my comments just to induce some nostalgic cringe.

    • @Cheems@lemmy.world
      link
      fedilink
      English
      72 years ago

      This.

      EDIT: Thanks for the awards kind stranger!

      EDIT 2: Rip my inbox

      This is all examples of reddit shit that is really dumb. We don’t need to bring it over here

  • deweydecibel
    link
    fedilink
    English
    35
    edit-2
    2 years ago

    Reading these comments, seeing so many excuses, sarcastic responses, and handwaving, makes me realize a great deal of users really need to develop some imagination.

    This is not about privacy. It’s about data that can easily be used for targeting and profiling users, and how that creates countless avenues for targeted harassment and wide scale retaliation. It’s about all of the innumerable ways public vote information can and will be abused to manipulate scoring across the site with targeted/automated shadow banning and shared blocklists. Raise your hand if you trust every single admin to never abuse such a tool to curate the outward appearance of an instance to fit a narrative.

    For a different example: I could say something about how great Nazis are right now, and have a bot programmed to read every single person that downvoted me, add those names to a shared blocklist, and viola, I’ve made myself and all my alts invisible to the people that would challenge me on a massive scale.

    I promise you this is going to be a big issue as tools for this site get more sophisticated over time.

    • zeus ⁧ ⁧ ∽↯∼
      link
      fedilink
      English
      3
      edit-2
      2 years ago

      alternatively, if votes were private, you could spin up a bot network to mass upvote your comment; making it far more influential as most people are more inclined to believe statements they think others also feel. thankfully, votes are open, so you can’t

      as long as there is a system, people will try to game the system; and when there is a new system, people will come up with new games

    • @Darkassassin07@lemmy.ca
      link
      fedilink
      English
      12 years ago

      While I agree this shouldn’t be so publicly accessible, I’m curious about the possible benefits of limited sharing between instances to give spam/bot detection tool’s more power.

      Users on A vote on a post on B. The admins from A and B can see the fine details of who did what, but the admins of C (and all of the general users regardless of instance) just see totals of up/down votes.

      • @QuadratureSurfer@lemmy.world
        link
        fedilink
        English
        02 years ago

        Ideally, detecting bots should be up to the Admins. They should have access to the vote information, and they can share the tools with other admins to detect it. But the average user should not have unrestricted access to this data.

          • @QuadratureSurfer@lemmy.world
            link
            fedilink
            English
            22 years ago

            Let me be a little more clear, the Admins of your account’s particular instance should be the only ones that have access to your votes.

            Now the question remains about when your account posts/comments into a different instance, who should have access to those votes? Perhaps your instance has a way of obfuscating the votes of any user coming from your instance, or else only the admins of the community that you’re posting into will have access to your votes?

            The problem really comes down to how we avoid the problem with duplicating votes. Currently this is easy as each vote is public so every instance can verify the correct vote count. But implementing either of the solutions above will need a way to verify the correct number of votes.

            To top it off you would also need a way to detect if a malicious instance had come along and started lying about how many votes had been cast.

            One thing we can look at under the hood would be how cryptocurrency works as they have solved both the problem of duplicate values as well as the ability to trust those values being sent. All of the code is free and open source so we can pick out the parts that we need and reuse it. (And no, I’m not telling people to go out and buy crypto).

            Z Cash would be a particularly good one to look at as it ensures a “zero knowledge” (or “zero trust”) method of sending the values across “nodes” (or in our case “instances”). Using this, who is voting on what would be hidden, but we could ensure that the values are correct.

            Additionally you could probably throw out the second hashing algorithm altogether and just keep the Blake2b hashing algorithm as this one is far more efficient and quick to compute (and that second algorithm was mostly thrown in to prevent people with specialized hardware from being able to come in and beat anyone else running on just a GPU/CPU). https://github.com/zcash/zcash

            However, using this particular method would make it so that not even the instance admins would be able to view the details of anyone’s votes (which may be a good thing after all if we decide that any random instance admin is not to be trusted).

  • @ScaNtuRd@lemmy.world
    link
    fedilink
    English
    21
    edit-2
    2 years ago

    Not to sound harsh or anything, but those of you saying that it’s okay that all this data is public are insane. This completely goes against the entire philosophy of the Fediverse and FOSS in general. The reason we all are fleeing from Big Tech is because they collect so much data on us. At least, they keep it hidden from public view. This is a major issue in my opinion, and needs to be addressed ASAP before we can claim to have superior platforms on the Fediverse. Why can’t this data at least be encrypted?

  • czech
    link
    fedilink
    132 years ago

    Activities are public and easily viewable on kbin. It’s been interesting. Seems mostly positive other than people harassing those who down-vote them demanding explanations.

    • MuddybulldogOP
      link
      fedilink
      English
      102 years ago

      Knowing they’re visible on kbin made me realize that most Lemmy users probably weren’t aware, as it’s non-obvious.

      • theinspectorst
        link
        fedilink
        62 years ago

        Yeah, I had a good natured discussion with a Lemmy user on feddit.uk the other day where they were still inexplicably downvoting my responses each time, despite us both being polite and constructive.

        It made me realise that a) they use the downvote button quite differently to how I use it and b) they probably didn’t know that I, as a kbinaut, could literally see they were the one downvoting.

        • WhiteHotaru
          link
          fedilink
          English
          22 years ago

          I started a discussion on feddit.de about good discussion practice citing Karl Poppers rules of discussion and the use of the down and upvote buttons.

          I think discussion culture in the Fedivers is quite healthy at the moment.

      • czech
        link
        fedilink
        22 years ago

        Yea, good call. I wonder if kbin makes them viewable because the activity pub protocol does not allow them to be easily hidden.

        • Seems to be Ernest’s attitude about that sort of thing, he doesn’t like to hide things from the average user that someone more technically inclined would still be able to access

        • @XanXic@lemmy.world
          link
          fedilink
          02 years ago

          It’s apparently because it’s Twitter based and Twitter shows likes and such. Kbin doesn’t really have a like upvote downvotes thing. It’s like a favorite and a boost. It’s weird

          • VerifiablyMrWonka
            link
            fedilink
            12 years ago

            Not true.

            Both Lemmy and KBin map the same activitypub activities to the same upvote and downvote actions.

    • sab
      link
      fedilink
      -12 years ago

      One thing I really like is that it makes it easy to identify users to block. If there’s a post stating that “Nazis are bad” and it has ten downvotes, it’s very easy to use that to block future content from trolls and people I’m not interested in hearing from.

      • deweydecibel
        link
        fedilink
        5
        edit-2
        2 years ago

        Yeah, and guess what? They can do that to you.

        Effectively, every single person can use a bot that will automate the blocking of any user that ever downvotes them ever.

        Like if I made a post that says I like Nazis, and then waited for the downvotes to pour in. Add every single one of those names to a block list, share that block list with all of my alts and all of my friends, and suddenly you have a whole army of Nazi sympathizers that are invisible to the users that would downvote them.

        These hand waving excuses about votes being public are really lacking imagination. This is extremely abusable information, and cursory tools can will be put together to make abusing them simple.

        • sab
          link
          fedilink
          12 years ago

          I think there are some problems about voting being public. I don’t think this is one of them.

          I don’t mind people blocking me, and if I don’t appreciate the type of content people provide I’ll block them liberally. It’s not necessarily anything personal, I’m just cirating my experience.

          Furthermore, I strive to be on instances where nazi sympathisers would be banned, and where instances tolerating them would be defederated. The only issue is identifying and weeding out troll accounts.

          • @sauerkraus@lemmy.world
            link
            fedilink
            22 years ago

            You wouldn’t know that your instance is infested with tankies and fascists. You can’t see their posts because you’re on the block list.

      • newIdentity
        link
        fedilink
        12 years ago

        Depends on where it’s posted in. Also this example is pretty low effort. I would downvote it too

  • kennydidwhat
    link
    fedilink
    English
    72 years ago

    There’s something amusing about people feeling violated by their activity being made public, but not necessarily by corporations hoarding and capitalizing on that activity & data. I mean, one of them is out in the open. The other is pure abuse.

    • @Yaxoi@lemmy.world
      link
      fedilink
      English
      12 years ago

      Well it’s just as bad but in a different way.

      Big cooperations may not respect me as an individual, but they have a self-preserving interest, a brand image to loose, and are checked by privacy watchdogs.

      A Lemmy I stance can be run on any PC in some anonymous guys basement; there really no way of telling.

    • @SkyNTP@lemmy.ml
      link
      fedilink
      English
      02 years ago

      Ah, the old Reddit Lemmy switcharoo.

      You are probably seeing two very different vocal minorities, and conflating the two.

      Also, there’s a very clear difference in expectations between posting/commenting and upvoting. I blame the UI. We naturally expect public actions to be easily visible. The lack of universal accessibilty to the public data makes people unaware that the data is public. Lemmy UIs, including apps, need to make this information (a list of upvoting users) universally publicly accessible before people will change their expectations.

      • kennydidwhat
        link
        fedilink
        English
        02 years ago

        On the contrary, I’m not conflating two specifics. I’m speaking in general terms about the demonstrable public perception (read: billions of social media users who happily hand over their data vs. the palpable unease over data publication in all walks of tech discussion) and how it is innately hypocritical.

        It is perfectly normal and useful to discuss societal contradictions. For example: “We hate school shootings, but we do fuck-all to stop them from occurring.” That statement does not conflate two different vocal minorities, it purports to accurately describe the generalized societal contradiction at hand.

        The rest of your post is completely off-topic.

        • @sauerkraus@lemmy.world
          link
          fedilink
          English
          12 years ago

          Why does the person have no problem sharing their address with the DMV but gets upset when their address is leaked publicly? Curious. They claim to value transparency, but oppose doxxing?

  • Virtual Insanity
    link
    fedilink
    English
    62 years ago

    There is a fundamental misunderstanding here.

    Our data has never been ‘invisible’… We’ve just trusted that places like Reddit and their staff will do the right thing. That’s literally how it already works.

    If you sign up for Reddit, Reddit staff can see your posts and votes if they want to.

    If you sign up for a private forum the admin there can also see database contents.

    One way encryption is not possible without stopping functionality… If data about you was encrypted then posts you make couldn’t be displayed. If you include a means to decrypt then there was no point encrypting anyway.

    This is how it’s always been, and Lemmy doesn’t change this status quo much.

    A faceless corporation that has had access to your data is just replaced by a variety of admins distributed across instances.

    This isn’t a good or bad thing, the potential for abuse does exist, but when we have literally made agreements with places like Reddit that they can use and sell our data… then what difference does it make it an admin takes a peek?

    It wouldn’t be great… but nothing is perfect.

    It’s still worth working on however, to see if a better solution can be found, but at this time I’d say just be aware that it is possible that your data can be seen and understand the only safeguard against that if you need to communicate something private would be to use direct messaging with end to end encryption.

  • Sir_Kevin
    link
    fedilink
    English
    52 years ago

    Back in my day everyone knew that once you put something on the internet it’s there forever to be seen by all. Has everyone already forgotten this? This is nothing new and in fact the way it’s always been! Now get off my lawn!

    • MuddybulldogOP
      link
      fedilink
      English
      52 years ago

      You’re following up to a post made almost 3 months ago so it’s not surprising you’ve seen similar since.

        • MuddybulldogOP
          link
          fedilink
          English
          42 years ago

          No worries. The sorting and filtering algorithms definitely need some love.

  • @icedcoffee@lemm.ee
    link
    fedilink
    English
    42 years ago

    Just commenting so this stays one of the most commented posts. Feel free to keep scrolling

  • sebi
    link
    fedilink
    English
    4
    edit-2
    2 years ago

    So any instance admin can analyze all users upvotes/downvotes and possibly derive political standpoints, likes/dislikes, opinions and location data from it

  • @Exosus@lemmy.world
    link
    fedilink
    English
    32 years ago

    I mean essentially any decentralised type of social Media cannot work any other way. An open backend is not shocking, it is expected.

    • @AncientMariner@lemmy.world
      link
      fedilink
      English
      1
      edit-2
      2 years ago

      So no known user will ever have a desire to join. Malicious actors will dig out their votes and expose it publicly. Could be massively damaging. You cannot do that with other social media. Obviously those companies have that information, but they do not share it.

      • @james1@lemmy.world
        link
        fedilink
        English
        12 years ago

        You cannot do that with other social media.

        Facebook likes, Twitter likes, Discord reacts, LinkedIn reacts, etc. are all publicly visible. The only possible slight difference with this is that in some cases people might not be aware, in which case the issue would be that it is less obvious to a casual browser than Facebook’s “AncientMariner and 23 others liked this post” rather than that the likes are visible at all.

      • rigatti
        link
        fedilink
        English
        -12 years ago

        They could just make an account that’s not identifiable? Or only use their identifiable account sparingly. Or not have their upvotes be publicly damaging.

    • MuddybulldogOP
      link
      fedilink
      English
      12 years ago

      To those of use who understand how it works, yes. Five minutes in Lemmy support makes it obvious that there are many people who DON’T understand how it works. Hence, YSK.

    • @sparr@lemmy.world
      link
      fedilink
      English
      02 years ago

      That’s not true, it’s just very computationally expensive to make it secure and private. There are cryptographic solutions these problems.

      • @astral_avocado@lemmynsfw.com
        link
        fedilink
        English
        1
        edit-2
        2 years ago

        Good luck building a performant version.

        Although I’ve always wondered why someone hasn’t built a Tor version of Lemmy/mastodon yet… imagining no home instance control, you’re just donating hosting to a truly decentralized website that nobody controls but anyone can post to. It would be the ultimate dissent tool.