Edit: obligatory explanation (thanks mods for squaring me away)…

What you see via the UI isn’t “all that exists”. Unlike Reddit, where everything is a black box, there are a lot more eyeballs who can see “under the hood”. Any instance admin, proper or rogue, gets a ton of information that users won’t normally see. The attached example demonstrates that while users will only see upvote/downvote tallies, admins can see who actually performed those actions.

Edit: To clarify, not just YOUR instance admin gets this info. This is ANY instance admin across the Fediverse.

  • ScaNtuRd@lemmy.world
    link
    fedilink
    English
    arrow-up
    27
    ·
    edit-2
    1 year ago

    Not to sound harsh or anything, but those of you saying that it’s okay that all this data is public are insane. This completely goes against the entire philosophy of the Fediverse and FOSS in general. The reason we all are fleeing from Big Tech is because they collect so much data on us. At least, they keep it hidden from public view. This is a major issue in my opinion, and needs to be addressed ASAP before we can claim to have superior platforms on the Fediverse. Why can’t this data at least be encrypted?

    • OmniGlitcher@lemmy.world
      link
      fedilink
      English
      arrow-up
      5
      ·
      edit-2
      1 year ago

      Agreed, I am incredibly confused by what seems to be the majority reaction to this.

      I’ve never been particularly involved with the FOSS community, though I do use a few FOSS apps and generally appreciate their view on what FOSS means. I also strongly appreciate data privacy, and it was my observation that the FOSS community was (generally) relatively the same way. So to see this reaction is very surprising. It’s quite literally the same terrible argument of “Why fear it if you have nothing to hide” used against multiple data privacy concerns throughout the years.

      I think the worst are the bad faith “But Reddit…!” arguments. For one, we’re not on Reddit anymore, this is about Lemmy’s issues that can be corrected. And for two, whilst Reddit potentially outsourcing that data to the highest bidder is far from ideal, at the very least the data wasn’t outright PUBLIC to anyone who wishes to set up a simple server.

      • ScaNtuRd@lemmy.world
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 year ago

        Exactly. When data like that is public, I can guarantee you 10000% that Big Tech and governments are harvesting ALL of it as we speak. If this issue is not resolved and TRUE privacy is not implemented sooner rather than later, Lemmy will not succeed in the Fediverse, period.

        • chris@l.roofo.cc
          link
          fedilink
          English
          arrow-up
          0
          ·
          1 year ago

          If you want privacy you need to use an encrypted chat. You can’t have privacy in a public space. That is like stand in the middle of a market place, screaming out your thoughts and then being upset that someone writes them down. It sure would be nice if our data wasn’t harvested, but that is not the world we live in. So if you want to say something in private you need to choose a private platform. Otherwise assume that Big Tech and World Governments are listening.

          • ScaNtuRd@lemmy.world
            link
            fedilink
            English
            arrow-up
            2
            ·
            1 year ago

            There’s a huge difference between what I choose to put out in public vs. data that’s being collected on me just by browsing the site. Saying “it’s just the world we live in” is just an excuse to ignore the real issues. It is more crucial now than ever that we create a system that’s by and for the people, not Big Tech and governments.

            • Smk@lemmy.ca
              link
              fedilink
              English
              arrow-up
              2
              arrow-down
              1
              ·
              1 year ago

              It seems that what you would like is something like 4chan, where the post will get deleted if it’s not popular. But even that, there is no way to prevent data harvesting. If it’s public, then it is public. There is nothing you can do about it. Encryption wouldn’t solve anything either because you want this data to be read by everyone so you cannot really encrypt it.

              The fediverse is kind of the same as a public room where anyone can come in and just listen, take note, see who is talking and respond in the same way.

              This is the point of social media. If you don’t want to participate in it because of privacy, then don’t and just lurk (or listen) like most people do.

              By definition, if it’s on the internet, it’s pretty much there forever. People need to be careful on what they share on the public space, in the same way you would when talking to a big crowd. You are not talking with your friends here, you are talking to the world. If you are any privacy, you just cannot have it here. That’s impossible.

      • chris@l.roofo.cc
        link
        fedilink
        English
        arrow-up
        0
        ·
        1 year ago

        You say these issues can be corrected but I am not sure they can. ActivityPub is a protocol managed by the W3C. So to have different behavior You’d have to change the specification there. That is possible but it will take some time. Still you’d need a way to make votes not bound to a user and still hard to spoof. That sounds hard. Apart from that upvotes and downvotes are not really the most interesting datapoints you can gather. You can still collect posts. These can’t be obfuscated. There is simply no way to have an open network where you can share data between servers where you can make sure that no one harvests the data. It is simply not possible. As soon as it is public it is public. This has nothing to do with FOSS. If you have a solution you can implement it. That is what it means. If you have one then go ahead.

        • OmniGlitcher@lemmy.world
          link
          fedilink
          English
          arrow-up
          2
          ·
          edit-2
          1 year ago

          You’d have to change the specification there. That is possible but it will take some time.

          Then they should do so, these issues need to be fixed ASAP.

          Still you’d need a way to make votes not bound to a user and still hard to spoof.

          Obfuscating user IDs via a hash or something would seem like the way to make it work. I’m not a professional programmer, I only know a little bit of python, so I have no idea if I’m talking nonsense on that front. And whilst still not an ideal solution, but sharing non-private votes with your own instance admin and have them share only the total vote count with other instances is another solution. That way you need only trust your instance admin, which is choosable and can also be yourself.

          That is what it means. If you have one then go ahead.

          Putting the onus on me is a shitty thing to do. I’m not the one running this site in any capacity, but this is an issue that many users are unhappy with. If the issue with the site won’t or even can’t be fixed, then I will simply not use the site. I don’t know how many people feel the same on that front, but I’d imagine there’s quite a few.

          • chris@l.roofo.cc
            link
            fedilink
            English
            arrow-up
            2
            arrow-down
            1
            ·
            1 year ago

            Putting the onus on me is a shitty thing to do

            You are the person who has a problem with that and you mentioned FOSS. It is easy to complain. FOSS gives you the tools to change things. But you have to put in the work. You are the one putting the burden the change something to your liking on others instead of doing to yourself.

            Obfuscating user IDs via a hash or something would seem like the way to make it work. I’m not a coder, so I have no idea if I’m talking nonsense on that front. And whilst still not an ideal solution, but sharing non-private votes with your own instance admin and have them share only the total vote count with other instances is another solution. That way you need only trust your instance admin, which is choosable and can also be yourself.

            Both of your ideas are not compatible with ActivityPub as far is I can see. So you first need to change the specification and then make everyone adopt the specification. Before that any change would make your software incompatible with the rest of fediverse which is counter the idea.

            And all of that because people could be mad about a downvote. I am an instance admin. I was downvoted before. I never even thought about looking up who downvoted me. I know people are different but to be honest if someone looks it up and harasses you then you block them. And I really can’t imagine that your vote on a post with a pseudonym is really a very useful datapoint for anyone.

            I agree that these things have to be communicated better but I don’t even know how we would make people aware of this. No one reads disclaimers.

          • Serinus@lemmy.ml
            link
            fedilink
            English
            arrow-up
            0
            arrow-down
            1
            ·
            1 year ago

            then I will simply not use the site

            Maybe that’s what you should do. But don’t do it as a protest. Do it because you don’t want to share that data publicly.

            The entire point of social media is sharing things publicly. If you’re worried about people collecting that data, then you shouldn’t have put it in public.

            There aren’t good ways to keep a public secret. That’s inherent to how information works and not a failing of ActivityPub. It’s the same reason media will never stop being pirated. If I can see/hear it, I can repeat it.

            • OmniGlitcher@lemmy.world
              link
              fedilink
              English
              arrow-up
              0
              ·
              edit-2
              1 year ago

              But don’t do it as a protest. Do it because you don’t want to share that data publicly.

              I mean yeah, that’s what I’d do it for. It’s a suggestion for the site and it’s a sentiment that seems to be shared by several people here, but it ultimately falls down to me to decide whether or not I want to continue using it, much the same as with my usage of Reddit.

              If you’re worried about people collecting that data, then you shouldn’t have put it in public.

              Voting is a core functionality of the site. It’s something I don’t think should be public as it puts more emphasis on what content I interact with in what is now apparently a public manner. If you want to debate that a mere vote is something I shouldn’t put in public, then fine, you do you. But for me, it defeats half the point of me even having an account here. What one comments on are often an incredibly small portion of what one actually votes on simply by ease of voting.

              And I know I said “But Reddit…!” is a bad argument earlier, but even so, I’d like to say that even Reddit’s voting is not publicly accessible (as in not accessible by other users, even if Reddit almost certainly collects and sells such data), so clearly there should be ways to do it. If ActivityPub requires public voting and the people who have the ability to change it are unwilling or even unable to do so, then fair enough. But equally, I will refrain from contributing to such a site, which seems like a bit of a shame when it seems close to ideal otherwise.

              • Serinus@lemmy.ml
                link
                fedilink
                English
                arrow-up
                1
                ·
                1 year ago

                clearly there should be ways to do it

                Your votes on Reddit are public to Reddit admins. On Lemmy anyone can be an admin.

                Giving vote totals without names makes the system ripe for fraud and abuse. In real life votes the decision to make votes public or private is a major one. In a system like Lemmy, the problems with private votes are exaggerated, and the problems with public votes are much smaller. Your Lemmy name shouldn’t be tied to your real name. It’s unlikely anyone is going to coerce your vote like they might coerce your political vote.

                If you’re concerned about anonymity, maybe use more than one name or a different name so that your account isn’t so easily tied back to you.

                The purpose behind having votes be more public is to have some kind of reputation behind those votes. It’s still possible to shill, but it requires more depth and and effort, and the shills may still be discovered if there are too many.

    • Fangslash@lemmy.world
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      I don’t think you’re been harsh lol, the right to secrete ballot is literally in the universal declaration of human rights.

      Open ballot is a well known method for intimidating and blackmailing participants, it’s absolutely crazy that Fedivese operates this way. But even worse, seeing so many people here supports it.

    • orangeboats@lemmy.world
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      I don’t think it’s possible to encrypt the data.

      Say we have a rogue user that sends to the server multiple upvote requests for the same comment, how can the server reject the subsequent requests? After all, we can’t let a user upvote a post or comment multiple times.

      If that data is encrypted, the server cannot tell whether the user has upvoted a comment before.

      • Irv@midwest.social
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 year ago

        There might be possible technical solutions to this using hashing. Hashing is like encryption in that the original cannot be extracted, but the hashed result is unique.

        For example, a solution would be to have a VOTES table with an indexed column that is a hash of a combination of the user ID, post ID, (and perhaps another “salt”, not sure). When a vote is made, the VOTES table is checked that the record (vote) does not already exist, gets an insert, and then a COUNTER is triggered for the actual vote count. (COUNTER is a db command that simply updates a counter). The hash would prevent multiple votes from the same user (as the salted hash is unique), and it would also prevent identifying who the user is from the table.

      • ScaNtuRd@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        Well, I am not a developer in this field, so I don’t know what’s possible, and what’s not. All I know is that this needs to be fixed one way or another, or this whole platform will fail. If our information is all available publicly, we will be better off just using Facebook/Reddit/Twitter - at least these platforms don’t leave our data out in public view. We need to stop saying what’s not possible, and instead talk about what is possible.

          • ScaNtuRd@lemmy.world
            link
            fedilink
            English
            arrow-up
            1
            ·
            1 year ago

            So you think this is just my problem? No, this is the entire community’s problem. Sticking your head in the sand and pretending like everything is okay is the mindset that has caused so many great freedom-oriented software projects to fail. If you are not on board with creating a better system for the future internet, then why are you even here?

        • chris@l.roofo.cc
          link
          fedilink
          English
          arrow-up
          0
          ·
          1 year ago

          Maybe there is a way to keep you votes hidden but there sure is no way to keep your posts hidden. The whole point of federation is to distribute your post to the other instances. You want eat your cake and have it too. You want to post publicly but stay in control of the message. You are not better off using BigTech because there someone can scrape your data as well. And you don’t even know to how many parties your data is sent without your knowledge. There is no privacy in social media.

          • ScaNtuRd@lemmy.world
            link
            fedilink
            English
            arrow-up
            1
            ·
            1 year ago

            I am not talking about the posts. Of course those are public, as they should. There’s a big difference between data I willingly put out vs. metadata and the likes.

    • sab@lemmy.world
      link
      fedilink
      English
      arrow-up
      0
      arrow-down
      1
      ·
      1 year ago

      This completely goes against the entire philosophy of the Fediverse

      Care to elaborate on that? As far as I know this is built in to all the ActivityPub applications.