So I was going through /all and this admin is snooping at vote counts for posts in his instance and then posting it publicly.

Just a reminder that these kind of petty people exist. Pick a trustworthy instance or better yet, host your own.

Archive: https://archive.md/oybyL

You would think adversarial actors would find this problematic in their own way. Does no one remember anymore way back when reddit was exposed as being an American state apparatus? Reddit owners its earlier more naive era used to share site metrics. They inadvertently revealed that large amounts of activity comes from a US military base. Then they wiped evidence and disavowed all knowledge that any of that ever happened. And now the narrative on there is that other state actors are the ones in control of that platform. How convenient.

White hat actors could be using such open access to data to reveal whats in the data. That’s what the big social platforms are so scared of themselves. Not only is it their financial bread and butter. Contained within is who know how many skeletons piled up over the years.

Everyones privacy these days is basically long gone. There’s illusion that internet platforms are in any way shape or form fair or balanced because of the paper thin concept of internet votes == democracy or something. Yet a lot of people stubbornly persist. It’s past due time to shine a light on the adversarial actors run amok. Show us the anomalies in data that reveal how the typical real human user is powerless against adversarial actors.

I’d like to think it would be the last straw for the whole concept of social platforms at least the way that it is now. Who knows though. It’s also shown us how dumb people are. They could very well just “meh” and go back to mindlessly infinite scrolling.

From what I understand votes are publicly available data, Lemmy just chooses to hide them to prevent the “chilling effect” where people feel afraid to vote honesty for fear of repercussions. Then they reintroduced it for admins so they can do their duties in stopping vote manipulation, for example people who go onto your profile and downvote literally every comment you make (it’s already happened to me like 3 times) or those who use all of their alts to try and sway momentum on a comment their main makes. There’s also times where there’s no justification for a comment being upvoted; perfect example is when a nazi says “based” in response to an article about someone being racist and it gets like 20 upvotes. I don’t think anyone reasonable would be against a banwave on something like that.

Obviously admins can see everything that goes through their servers for what should be obvious reasons, so this is more of a convenience thing. Moral of the story: don’t join shitty crypto instances.

Amju Wolf
link
fedilink
31Y

perfect example is when a nazi says “based” in response to an article about someone being racist and it gets like 20 upvotes. I don’t think anyone reasonable would be against a banwave on something like that.

I would absolutely be against that. Voting should not be bannable outside of vote manipulation itself. If the content is offending, remove that (and possibly ban the user), but not people who vote on it. That’s just stupid “guilty by association” nonsense. And besides, voicing stupid opinions (in moderation) is still better than suppressing free speech.

Lemmy just chooses to hide them to prevent the “chilling effect” where people feel afraid to vote honesty for fear of repercussions.

I find that kinda stupid as well. It leads people to think that their votes are private when literally anyone can view them with a bit of work. Sure the chilling effect sucks but it’s better than misleading people. At the very least they should be warned when they sign up.

… really? You think that upvoting what amounts to “hey any fellow nazis here?” should be allowed…? 😒

Amju Wolf
link
fedilink
31Y

I think that if you allow that question in the first place, voting on it should not have any consequences either.

Besides, despite what most people instinctively think it’s better to see what you disagree with so that you can keep your eyes on it rather than forcing it into hiding and knowing nothing (again, in moderation - you probably don’t want to run an actual Nazi instance, so if it does bother you you should moderate that post/comment).

And mistakes still happen; it’s easy to accidentally upvote/downvote something by mistake, to misunderstand someone, etc. So yes, I do think banning people based on what they up/downvote is a bad idea.

Your argument is “we should keep nazis around just make sure they behave” which is not a point i’m willing to entertain.

Amju Wolf
link
fedilink
11Y

Man, please, learn to read. My whole point is that you should not care about what people upvote.

So once again: if you are okay with the original comment/post - which means you are fine with keeping Nazis on and what they have to say on your platform - then you should be okay with people who “react” on that content.

Or maybe you aren’t fine with it, so you should delete the offending post or comment, and then you won’t be bothered by the reactions either.

Because you can’t also ban the person who posted it. For god sake this is the level of faith we are on. Go outside, this thread ended yesterday.

Guys. The person running the website you use always can do and see everything

This has nothing to do with lemmy

@LWD@lemm.ee
link
fedilink
-6
edit-2
1Y

Oh no

7heo
link
fedilink
7
edit-2
1Y

No. A simple website won’t help, it needs to be a Lemmy instance. Moreover, it needs to be a federated one.

And then, that “invisible” data being available to other admins, is a problem with federation, not with Lemmy.

Now, there could very well be efforts made to make the cleartext data of each instance users available only to the admins of that instance (and only share aggregated data with other instances), but that would also require a lot more consideration wrt mutual instance trust in the network.

Right now, since votes and other actions are public (to the federated instances admins anyway), it is doable to detect and assert foul play. The downside of this is that it allows abusers to malevolently collect data and do the same bad things that you are so certain the alternatives to Lemmy don’t do (yeah, as if).

If the instances shared only aggregated data with one another, it would be much harder for abusive small instance owners to spy on any user on the network (still possible, but it would essentially would be as hard as for anyone else, as it would involve heuristics and lots of intelligence, to interpolate the missing information); but it would also be much harder for legit admins trying to enforce moderation to inspect what happened on federated instances. They would have to take those instance’s admins at their words.

As an additional note: that “invisible” data that other platforms allegedly don’t share, is for sale. That’s what surveillance capitalism is all about… At least with Lemmy, the barrier of entry to get our data is “federation”, not “money”.

Edit: WTF bro, a day and a half before writing this wrong comment I’m answering to, you wrote a properly worded, technically correct (top level) comment… Were you half asleep on this one??

Edit 2: nah, the reason why your other comment was technically correct and properly worded is that you stole it (would have been so easy to give credit…) SMH. 😮‍💨

Edit 3: So I checked your comment history (after seeing that other comment of yours about the user that mass downvoted you, I was legit curious how bad it could have been), you seem technically knowledgeable, and also educated. Thus, I reiterate, this specific comment, what gives!?

Edit 4: lol at your edit. 😶‍🌫️

@LWD@lemm.ee
link
fedilink
21Y

Off day 😉

I should have been more specific when I said website, as… If you scan my other comments, you might have the hint that I have access to one such Lemmy instance. And they federate with minimal effort. I don’t know how to automate it yet, but it wasn’t hard to do so manually.

7heo
link
fedilink
1
edit-2
1Y

I’m actually curious to know if federated instances share the data of their federated instances… if so, there is a proper reason to be actually alarmed, as ACLs would essentially be cosmetic only.

@LWD@lemm.ee
link
fedilink
11Y

Can you be more specific? I might be able to hunt down answers.

Recently, federation vulnerabilities got exploited by an ex-Truth Social employee who apparently believes consent is only when someone shouts “no” at him, so pretty much anything is possible (without even going through the effort of spinning some kind of proxy server, if I’m reading this correctly).

7heo
link
fedilink
11Y

Well, as in let’s say instance A is federated to B, B federated to C, A blacklisted C.

So, clearly, A isn’t getting data about C. It will drop it on ingress (I expect).

But, will C have access to the exact same data about A, through B, that it would have access to from A if not blocked by A?

@LWD@lemm.ee
link
fedilink
2
edit-2
1Y

“Indirect federation” (what I ended up eventually trying to find info on) appears non-existent.

That answered the question, I think, but it caused me to ask a few more, like this one:

What happens if a community is on Server A and Person C wants to check out how Person B is interacting on it. I think, in that case, that Person C can check out Person B’s profile and see comments left on a Server A community, but they cannot navigate to the post itself because Server A would not send the content to their server.

It’s relatively easy to switch servers, by clicking the little rainbow icon next to a particular comment to see the server where it would have been viewed in Person B’s context, but servers on their own are not running around scraping missing data… At least, not as they are currently designed.

ETA: More background on the major defederation in question (mostly political, not technical)

Oh good, Lemmy had no privacy. Not like that ability isn’t going to be abused.

Either make it public right from the start everyone sees everything. Or make this crap not possible.

You’re going to get echo chambers that start witch hunts. Someone is going to dox someone because they don’t like how someone votes… Yadda yadda someone gets swatted or someone just shows up… Then someone’s going to start cheering “We did it Lemmy!”…

Honestly at least with Reddit you had one single evil entity that would abuse their power and trust of users.

@LWD@lemm.ee
link
fedilink
41Y

That’s an interesting point. One company, like Reddit, might see human beings as nothing more than content mills, but that created incentives to be a little private at least.

Lemmy servers are run by anybody, including Facebook, and you don’t even have to accept someone else’s server rules for your data to transfer onto it. The process occurs passively.

deleted by creator

Ok. These votes are not about picking presidents, so…

Rimu
link
fedilink
-81Y

I notice that monero.town has a large image of Pepe the nazi frog in it’s sidebar: https://monero.town/pictrs/image/afb3860f-022e-4723-be3f-74041da2abc9.webp?format=webp

What’s the connection between Monero and the alt-right?

What’s the connection between Monero and the alt-right?

Cryptocurrency would be a good first guess.

amio
link
fedilink
141Y

It’s not just a 4chan thing, it’s used innocuously in gaming all the time.

@LWD@lemm.ee
link
fedilink
41Y

It all depends on context, but as one example this guy
Pepe sweating
(aka Poggers) is part of Twitch chat culture.

And Twitch doesn’t slouch on extremist content. They banned this emote
Pogchamp guy
because the guy who made that face was supporting Jan 6.

amio
link
fedilink
31Y

Yeah. The pog/-champ emotes were nice somehow, too bad the guy’s a dipshit.

I haven’t heard before that this frog is a nazi symbol. I’m also seeing it relatively often at places where I don’t think it’s use would be accepted if that was the case

Like the swastika, is not the only use it has. In the gaming/Twitch community, it’s definitely not massively used as a hate symbol.

Sad news for your argument, gaming culture (gamergate) and Twitch (crackergate) have a long history of white supremacy. I will agree that it’s spun off to be less about overt nazism and more about white male fascism. Doesn’t change the gross history of the symbol, and i’m still going to treat anyone who posts frogs as being way further right than I want to deal with because it’s always the guy posting frogs who ends up driving people off the server further down the road. TL;DR It’s softened from nazism to reactionary but is still very much right wing shit.

I’m very aware of how toxic gaming communities can be, but I don’t see how that refutes my point that Pepe is used with non-hate purposes in the gaming community. Furthermore, I wouldn’t be surprised at all if 90% of the people aren’t aware of Pepe’s relationship with far right, neo-nazis and 4-chan. I still wouldn’t call them any of these words for liking and sharing the frog with the expressive face.

On the other hand, not wanting to deal with people that post/use Pepe in any sort of way is respectable, albeit seems like a giant social bubble to me.

TW: slurs ahead.

This whole thing remins me of “marica” and “maricón”, Spanish words that are used in a few contexts and meanings, the main one bieng “faggot”. Recently, tho, they have increased their popularity in the LGBTQ+ community as a self-describing word, in a “fuck you, homophobics” tone. My point is that dismissing these groups as being too far right over using “maricón” would be devoid of context and interest in others. Note as well I’m not claiming all use of “maricón” is respectable and friendly.

Coskii
link
fedilink
5
edit-2
1Y

A few (it feels like 3+) years ago it was attributed to 4chan and something politically extremist by some journalists. I don’t remember what the article was about, so I went and found one.

https://www.latimes.com/politics/la-na-pol-pepe-the-frog-hate-symbol-20161011-snap-htmlstory.html

Edited in a better one.

That’s good to be aware of, thanks!

To illustrate op’s point I’m going to spin up an instance, federate with everyone, and not tell anyone what that instance is.

Then I’m going to feed all that data into my new website, called Open Lemmy Stats, where anyone can query the user data ive accumulated. The homepage will be ripe with insights, leaderboards and all kinds of data on prolific users.

Additionally, I’ll display a snapshot/profile of a random user by feeding that users data to GPT4 to make inferences about the user’s political affiliations and display the results.

Worst of all, I’m not going to out my instance for everyone to know it as the one to defederate. In fact I’m spinning up a few instances that will host innocuous communities that I plan to mod and support to give my instances cover for their true purpose: redundant fediverse datastreams for my site, Open Lemmy Stats.

I’ll also have a store where anyone can buy my collected fediverse data for a handsome sum.

Just kidding I’m not doing any of this. But someone absolutely will or already is.

deleted by creator

So 4chan but with extra steps…

Has Lemmy already jumped the shark.

deleted by creator

@LWD@lemm.ee
link
fedilink
21Y

The data is already public.

A descriptive statement.

Why only allow the bad guys to access it and not everyone?

Why assume that’s the only option? We can also strive to improve Lemmy, as it is (allegedly) run for the users and not for corporate anti-privacy interests.

deleted by creator

Salamander
link
fedilink
171Y

Is the fact that I recognize this comment evidence that I use Lemmy a bit too much? 😅

@LWD@lemm.ee
link
fedilink
71Y

Caught in 4k stealingq liberating a really good comment

How to work out what instance(s) if someone does this: A Lemmy instance doesn’t have to send the same voting data to every instance, it could send different votes to different instances (stock Lemmy federates the same thing consistently, but there is no reason a modified Lemmy designed to catch someone doing this has to), encoding a signal into the voting pattern. Then, just check to see what signal shows up. If it averages several instances, with enough signal you could decompose a linear combination (e.g. average) of different patterns back out into its constituent parts.

If it averages several instances, with enough signal you could decompose a linear combination (e.g. average) of different patterns back out into its constituent parts.

A smarter system won’t just take the mean of the votes from different instances but rather discard outliers as invalid input (flagging repeat offenders to be ignored in the future) and use the median or mode of the remainder. The results should also be quantitized to avoid leaking details about sources or internal algorithms; only the larger trends need to be reported.

Of course you could always just keep the collected data private and only provide it to customers willing to pay $$$ for access, which handily limits instance operators’ ability to reverse-engineer the source of the data. And nothing prevents you from using separate instances for public and private data sets.

deweydecibel
link
fedilink
71Y

All of which begs the question why are we bothering to pretend any of this is actually democratic or that the fediverse is truly unified across instances.

On a fundamental level, this “choose your voters” thing breaks the integrity of the voting system. I understand why it needs to happen to combat rogue instances, but the level of manipulation and silent curation that is possible, without the average user’s knowledge, means no one can trust the numbers they see on any instance.

There’s just so many avenues for abuse here, and it’s disheartening to not see more acknowledgement of that from the devs.

Turun
link
fedilink
21Y

It’s a fundamental property of the federated system. The devs need to acknowledge it the same way you need to acknowledge that people can lie. It’s a fact, there is no easy way around it and everyone knows it.

@LWD@lemm.ee
link
fedilink
1
edit-2
1Y

They could always federate an aggregate statistic instead of one that discourages involvement. Then we could acknowledge both federation and the lie!

RubberDuck
link
fedilink
13
edit-2
1Y

deleted by creator

Mods too next release :/

I think the idea is to make it easier to detect trolling/spam from certain accounts. But honestly, there’s no reason upvotes and downvotes can’t just be public.

RubberDuck
link
fedilink
7
edit-2
1Y

deleted by creator

I think the main complain anyone would have with this is, only we admin can look at the vote, and no one else can. This isn’t a problem in Kbin or any other platform that allow one to do so.

I only check the vote to see if there’s any brigading, other than that, i have no issue with other admins snooping or whatever. Ohh to be clear, all of us admin can see the vote everywhere, getting a new instance yourself will not solve anything.

A new PR allowing mods to see the votes was merged a few weeks ago.

Maestro
link
fedilink
6
edit-2
1Y

Why not allow anyone to see the votes? Anyone already can by using kbin or spinning up their own instance.

Yeah, but for that you have to open a ticket suggesting that.

I think there is an assumption that is rooted in how reddit worked, that votes are anonymous. People operating under that assumption might not like having that blanket ripped off. It would be different if it was up front from the start.

Po Tay Toes
banned
link
fedilink
15
edit-2
8M

removed by mod

It is against the nature of information to want to broadcast it and also keep it secret at the same time.

Lol:

“All those account outside of monero.town are most likely angry commies that just follow posts from here to downvote.”

People outside my echo chamber think I’m an asshole, it must be a conspiracy!

davel [he/him]
link
fedilink
42
edit-2
1Y

We do see the votes. Publicly posting them sounds like poor form, but then what do you expect from crypto bros?

Pick a trustworthy instance or better yet, host your own.

Running your own instance isn’t going to hide your votes.

On
link
fedilink
81Y

I’m curious, If I delete my account periodically, are the profile and activity like comments/votes still out there in other instances? are votes deducted? I’m not sure if this is the right question but does deleting accounts federate?

@LWD@lemm.ee
link
fedilink
21Y

I can’t answer your question about the votes, but posts and comments are retained when you hit the delete button. The only way to delete them is to edit the content beforehand. I believe moderators are capable of restoring posts, but I haven’t checked the comments yet.

There’s no reason where this has to be the behavior by default; federation alone is a challenge but not an excuse. Ironically, when it comes to privacy, a company like Reddit (with sketchy privacy policies) might be better than Lemmy (a series of entities in a variety of jurisdictions where your data is protected by the weakest of all of their privacy policies)

I am not sure about the details of intended behaviour but it certainly won’t federate to anyone deliberately disabling that part of federation so for privacy purposes you might as well assume that it doesn’t federate.

I’m not one to half-ass it, so someone more knowledgeable than me will have to field these.

mozz
link
fedilink
67
edit-2
1Y

Every up and down vote you make is public. Friendica, kbin, and mbin all expose who voted on every post to any user, and anyone tech savvy on any software can dig out the totals at any time.

In my mind the UI should make this very obvious (honestly I think there should be a pop-up that warns new users of this every time they vote until they check a box to disable it), because it’s not what people expect. But votes are very public.

deweydecibel
link
fedilink
14
edit-2
10M

In my mind the UI should make this very obvious (honestly I think there should be a pop-up that warns new users of this every time they vote until they check a box to disable it), because it’s not what people expect. But votes are very public.

Which de-incentivizes voting, choking off the thing needed to aggregate the content. Kind of underlining the problem with the votes being public.

mozz
link
fedilink
151Y

Votes pretty much have to be public in order for the whole federated system to work – otherwise anyone could just stuff 50 votes for their favorite comment, and there’d be no way to tell where they came from. Given that, I think it’s important that the software be honest with people about the situation, “disincentive” or not. Personally I’m fine with my votes being public, but an important part of that is that I know they’re public and can vote accordingly.

Not nessasarily, the protocol could be written so that an instance simply tells other federared instances “X of my users upvoted this, and Y downvoted this”.

The tradeoff being that instance then have less tools to work with to moderate voting. Instead of being able to do global vote ring detection, the most they can do is look for abuse on their own server, and trust that every instance they vote-federate with does the same. Even then, with every instance trying to be vigilant, no one instance would have the info to detect a cross-instance abuse.

mozz
link
fedilink
51Y

That would make it possible in general for any instance operator to game the system in ways that are by design impossible to analyze, for dubious benefit.

It would also involve some pretty substantial changes from the current ActivityPub protocol (not just a new way the protocol works, but a change to some of what are currently its core operating principles about e.g. deduplication of entities across the network). You’d have to either talk the authors of every ActivityPub software into accepting your new way, or else abandon the idea of your software being able to interoperate with other ActivityPub software.

Max-P
link
fedilink
981Y

The votes are public. Kbin displays them right in the UI. Lemmy semi-hides it, but it’s never been designed to be private in any way.

Changing instance won’t do shit if that’s a concern to you. As an admin I can see them even if my instance isn’t involved with the post at all:

@pop@lemmy.ml
creator
link
fedilink
91Y

didn’t know that. thanks!

Skankhunt42
link
fedilink
231Y

So really, I just need to host my own instance to see votes. Nice.

Meet new friends, find new foes!

A table of downvotes

What’s the worst that could happen?

7heo
link
fedilink
21Y

I hope the “published” column is the time at which that user downvoted you and not the time at which you posted the original content… there is less than 2s in between some.

@LWD@lemm.ee
link
fedilink
51Y

It was the time of each of the downvotes. I’m pretty sure the behavior was done by a bot, because there were way more downvotes across a bunch of unrelated posts.

I have way more data than my own, and there’s a few users I’ve identified who appear to be botting other users aggressively. Not sure where to drop that data set, but it’ll be funny.

Oh boy.

Brigading is back on the menu boys! /s

(Don’t actually do this)

Max-P
link
fedilink
21Y

And this is why we have access to the votes, and why the protocol doesn’t obfuscate them.

Admins can deploy scripts to detect those kinds of patterns and act on it.

Create a post

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

  • Posting a link to a website containing tracking isn’t great, if contents of the website are behind a paywall maybe copy them into the post
  • Don’t promote proprietary software
  • Try to keep things on topic
  • If you have a question, please try searching for previous discussions, maybe it has already been answered
  • Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
  • Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

  • 0 users online
  • 57 users / day
  • 383 users / week
  • 1.5K users / month
  • 5.7K users / 6 months
  • 1 subscriber
  • 3.12K Posts
  • 78K Comments
  • Modlog