You can see who upvoted and downvoted a post by viewing it in friendica.
-
Nope just server
If image embeds aren't cached by your server they can be abused to gain IP, but that's a hack, it's not intended.
-
If image embeds aren't cached by your server they can be abused to gain IP, but that's a hack, it's not intended.
You can set a Lemmy server to proxy image requests
-
I'm not sure how giving every server access to the votes solves that.
The malicious server can make fake users to pump up votes. your server admin has to notice, then check the vote logs, then see what's happening and defederate them. That's pretty much what you described in your scenario, anyways.It's way easier to notice and defed when you can see these fake usernames
-
Upvotes seem to just federate as likes and dislikes.
this is an icky issue because lemmy sends votes with empty addressing, so remote instances should count them but not show them to anyone. however mastodon (and *key) sends likes with empty addressing too, but considers them public. lemmy is (surprisingly) right here and should request that the rest of fedi respects the protocol and hides stuff based on its addressing. maybe open issues on mastodon and friendica
also this issue probably exists when seeing lemmy posts on any microblogging instance
-
The first isn't really interesting, and the second is clickbait. I wouldn't say there is no reason for downvoting them.
You are NOT supposed to downvote things that "aren't really interesting", you are actively ruining other people's user experience on here by doing that as downvoted posts get less visibility.
-
Might just be people who are used to having an algorithm so they dislike stuff they don't want to see more of.
Which is a problem
-
Yes, after all other servers need this information in order to prevent double voting, you can't just have servers sending each other information "somebody upvoted this" and also tell when servers are allowing users to vote more than once.
So upvotes and downvotes aren't actually private, never have been, some servers may display them publicly even if most don't.
There are plenty of ways to handle double voting without plaintext user strings. The fact that it's done this way is just lazy and poor design and doesn't actually so anything to prevent a rogue instance from vote spamming with fake users.
-
IIRC, piefed's private votes are disabled for "trusted" instances. You can see which instances are trusted here.
That is stupid and defeats the point and makes me rethink my decision to support piefed.
-
It's way easier to notice and defed when you can see these fake usernames
But it also has to be defended separately by the admin of every server that has a user subbed to that community. Seems like a large burden to put on small-mid instance admins.
I'd be surprised if my server admin was really paying attention that closely to votes on communities I'm subbed to, right?
I have to admit I don't know the view that admins get of how their server intersects the fediverse. -
The whole concept of the Fediverse as social media is that all the data is public. Stop acting like these servers are giving out private data.
I don't think everybody knows that and at least here on Lemmy, it doesn't show it by default like friendica. The fediverse doesn't necessarily mean that all data has to be public. It's just that it's way harder to have a sense of truth without public data.
-
This is nothing new. Fire up any ActivityPub server and you can see everything over the wire. As a Lemmy admin of my server of just me, I can also see it in the UI.
-
The whole concept of the Fediverse as social media is that all the data is public. Stop acting like these servers are giving out private data.
I know, but some people assume votes are private.
-
Every thread will get downvoted by someone for some reason. You would go insane trying to make sense of it.
-
You are NOT supposed to downvote things that "aren't really interesting", you are actively ruining other people's user experience on here by doing that as downvoted posts get less visibility.
Well yes, the visibility thing would be the point. Interesting and relevant content is upvoted, becoming more visible to more people, and uninteresting and irrelevant content is downvoted, becoming less visible and shown to fewer people.
-
Upvotes seem to just federate as likes and dislikes.
I get this is obviously intended behaviour on part of actpub but I'd love for there to be a pseudo-anonymous voting system too. Maybe an option to hash user credentials when added to likes to ensure that they're unique whilst obfuscating the original user.
-
Well yes, the visibility thing would be the point. Interesting and relevant content is upvoted, becoming more visible to more people, and uninteresting and irrelevant content is downvoted, becoming less visible and shown to fewer people.
Your interests are not identical with interests of other people.
-
What can they use that data for?
It would only be usable data if they could show personalized ads to the users. They can’t.
All they know is that Meldrik up/downvoted this and that, but outside of Lemmy they have no idea who Meldrik is.
I think the issue is that many Lemmy users will think more carefully about what they comment than what they up/downvote, as a comment appears connected to your username but a vote doesn't. You might decide against commenting on something you disagree with because you don't want to get in a fight, instead just downvoting it, but if people then know if was you who downvoted can still pick the fight.
Basically the issue is you're revealing a lot more information than you might initially have realised if you'd have known votes were public all along. Maybe a disgruntled person uses that to dox you, or maybe a corpo feeds all that information into their fancy computer system to work out who you might be, who knows.
-
I know, but some people assume votes are private.
If you'd only ever interacted with Lemmy and not read up on how ActivityPub works then that's a reasonable assumption, it's not like anything (that I've noticed!) actually tells you that your votes are public, and they don't look to be public in the places you're likely to see!
-
I think lemmy instance admins can see this too. Doesn’t even have to be a friendica instance
Any instance admin can see the vote history.
-
If you'd only ever interacted with Lemmy and not read up on how ActivityPub works then that's a reasonable assumption, it's not like anything (that I've noticed!) actually tells you that your votes are public, and they don't look to be public in the places you're likely to see!
Lemmy likes aren't meant to be public, this is just other software failing to respect the privacy Lemmy indicates.
