You can see who upvoted and downvoted a post by viewing it in friendica.
-
Lemmy likes aren't meant to be public, this is just other software failing to respect the privacy Lemmy indicates.
-
Some people might think it's not interesting because it's not appropriate content for that community, and that by downvoting they are improving the quality for everyone. I don't think every instance/community has a unified consensus on how exactly to use voting, and some people are always going to do their own thing regardless.
-
Oh. If the only thing stopping the votes being public is a label saying pretty please don't make this public then it does seem very open to abuse.
-
Especially in federated networks where the data isn't under access control, doubly so if the privacy extension is optional
-
Hashing alone if it's just usernames isn't enough. Need something like keyed hashes, but then malicious servers can lie about numbers of votes.
Otherwise you need something ridiculously overengineered like public but encrypted logs of user actions and Zero-knowledge proofs of correctness mapping everything to a distinct existing user without revealing who it is.
As I mentioned in another post: for consistency is better to have each server count total votes from their own users, send a signed & timestamped message with the count to the host of the post being voted on. Then the host can display a consistent vote count to everybody that shows where votes are coming from without manipulation of external votes.
Each individual server can lie about its count, but not by too much or else it will be detected and the server can get defederated (or have its votes ignored).
-
Some people only browse global feeds and downvote stuff as if they're trying to train the Netflix recommendation algorithm, completely ignoring the rules of the community it originates from
-
I remember that being a problem back on Reddit (though I always found people upvoting low-effort stuff that wasn't community/sub-appropriate to be more of a problem). It's kind of a site-wide UX issue though really, if a new casual user is just presented with a list of posts then they might genuinely be unaware of (or perhaps just uninterested in) where they came from and what their votes mean.
-
I mean, seems pretty pseudoanonymous to me, unless Musk had another kid he named apj2k36 or something.
-
but then malicious servers can lie about numbers of votes.
They already can do that by pretending to have users they don't have. It's definitely a quick way to get defederated.
-
Petty mods or users would abuse this
-
Hash them with the post ID appended, so a user can't be identified across posts
-
i think we should be accounting for it if we don't wanna get swallowed by shitty interests tbh
-
It's already possible to see if you really want to look. Friendica is just another way.
-
Like, of course; tho any sort of "accounting" should IMO start from the base that the intent of this entire thing is to publicly share public information.
-
This is one of the reasons why I'd love to see a more expanded method of reacting to content rather than simply upvoting or dowvoting; something like, say, user-side thread or post tagging, with things like "verified", "clickbait", and mood reacts like "happy" vs "sad", and usefulness reacts like "solved, thanks" vs "closed as duplicate", etc. We need more and better axes.
(Axises? Axeses?
Asses?) -
Interesting idea, but how do you decide on what the universally-agreed on reactions are? Have too many and they may as well just be comments!
-
That's almost as bad as using robots.txt to claim sites are private and secure and just whining that people/bots should respect it.
You should assume voter data is fully public and fully open. It otherwise is in the federated ecosystem.
-
It's not good practice. Really one shouldn't be assuming anything is private or some entitlement to privacy on a service where all content you post is made publicly available to any and all linked instances. They miss the point of a federated public forum. If one wants privacy, data must be kept locally only. That's why Lemmy has local-only communities, the "private" community aspect that many people want just won't be federated, because you can't make something like this private otherwise.
-
The comparison doesn't work because both Lemmy and Mbin are implementing the same standard, while robots.txt is mostly an honour system.
-
I know, but most people don't.
