A community for discussion and democratic decision making in the Divisions by zero.
Anyone with voting rights can open a governance thread and initiate a vote or a discussion. There's no special keywords you must be aware of before you open a thread, but there are some. here's the governance thread manual.
Acknowledged governance topic opened by https://lemmy.dbzer0.com/u/flatworm7591 
This is a simple majority vote. The current tally is as follows:
This vote will complete in 6 days
Reminder that this is a pilot process and results of voting are not set in stone.
Personally I vote against because security through obscurity, isn't. People who want to get this data for malicious purposes can easily get it. It will only affect people trying to do it causally (i.e. To check if someone is a chud).
I personally find the whole voting system in lemmy flawed but that's another story.
Opt out
I think that opting out only makes it harder to find out who voted what, I can still find out who voted what by opening a post in friendica (though it misses a good bit of info).
Giving users the illusion that their votes are private is dangerous.
I'm voting FOR. To be honest, after reading the comments, I do find the argument convincing that we shouldn't enable the illusion of security. But, on the other hand, I strongly believe that creating a tool to specifically investigate particular individuals, even if it was already technically possible, is ripe for abuse.
Literally any barrier to entry can give some angry individual a chance to cool down before they go on a brigade against the target of their rage. I'd slightly prefer if we don't enable them.
All that said, if it's not this tool it will probably be another, so my vote is mostly symbolic.
Maybe it would be better for everyone to have access to this tool, rather than just a select few who have the time or know how to setup their own instance to collect this data?
Against.
An illusion of privacy is dangerous. If voting isn't anonymous (it isn't, and wouldn't be after an opt-out) then it's better for users to know that and act accordingly.
Against. As Lena has indicated, this does not require spinning up a full instance and admin account, but just to spin up a copy of LemVotes, which is open source. Easier than that, I've also read that votes are available without admin rights through queries to the Lemmy API. Even easier, the votes are also already public through the *bins. Just make an account on them.
I understand the use of having a small hurdle to dissuade people, I regularly build them into my scripts at work so people can't accidentally break shit with them. But my point is, removing our instance from LemVotes does not raise that hurdle to any significant degree.
This is a core limitation of ActivityPub. Votes must be sent with username attached for federation to work properly. The data is already out there. Any ActivityPub system that doesn't make them public is just doing so on the front end. It's set dressing, not actual voting privacy.
I don't like that it works this way, but I've chosen to accept it as the cost to be part of the Fediverse, to be uncensorable.
If you want privacy, the path is the same it always has been: rotate accounts regularly.
As far as I'm aware, the only true workaround is in piefed (I think it's piefed at least) where a hidden account with a randomized name is created with your real account, and the hidden one's name is attached to your votes instead of the real account. So it would require your own instance admin to see the link in vote and identity. Or basic levels of observation skills to connect the person posting negative replies is the random username also downvoting.
I also don't like the idea of even being able to opt out. It creates an entirely false sense of security and privacy, and could be seen as a signal that our instance doesn't intend to participate in the wider fediverse transparently and in good faith.
Well stated.
rotate accounts regularly.
Thanks for the reminder.
Is it at all possible that we could edit the ActivityPub protocal for just our instance to NOT report who upvoted or downvoted what to the wider fediverse?! And if it is possible (I genuinely don't know how it works, so pls feel free to tell me otherwise), would any of us want to develop that?? (Feel free to remove this if this comment is too unhelpful or it shouldn't be discussed here)
Against. Generally I prefer the option of being anonymous, but we shouldn't promote a false sense of security with a tool that doesn't accomplish the job.
After reading the comments in this topic, I am voting AGAINST.
Opt Out. We don't want others spying our internet updoots.
I say opt-out, less easy-access data is always better.
As others have said, it seems that comments and votes on Lemmy are public by default, and the issue of anonymization should be directed towards redesigning how Lemmy and even ActivityPub shares information.
That being said, we on db0 have less control over those softwares because they underpin our instance here on Lemmy. For what we do have control over, I'd expect this instance to preserve the privacy of its users as much as possible.
I also agree with others that opting out of Lemvotes means one more deterrent for bad actors to abuse the system. We don't want to make it easier for people to spy on and stalk others, even if this opting out doesn't fix the root cause.
I vote Aye for now, only so far as we continue this conversation to address privacy overall in the Fediverse.
I'm for - whilst I'm aware lemmy votes are attainable via one mean or another, opting out sends a message that whilst yes, it is possible to attain voting information, it should not be considered normal and socially acceptable to do so.
Against.
As it turns out, upvotes are public regardless! As that's the case, I really just don't care either way.
I'm for the opt-out. I am aware of the fact that anyone who has looked into the subject knows that it's easy to get that info, but there's a difference between "I need to actually put a small amount of effort into it" vs. "I just copy the URL". If someone wants to look it up and jumps through the hoops, that's fine by me, but it shouldn't be an everyday thing.
I personally vote on nearly every post and comment i read, and even tho i don't want to push any agenda or discriminate any user, someone who i perceive as a bad actor or who regularly comments stuff that screams "i need to touch grass" might construe (wrongly) that i target them. Tbh, most of the time i don't look at the username when voting.
(but it is pretty interesting that i have submitted around 71000 votes since the API reddit exodus lol)
Hi, Lemvotes dev here. As you can imagine, I believe votes on the Fediverse should be public, because that's just how ActivityPub works. Votes are sent out to every subscribed instance, which can then do whatever it wants with them.
We need to stop pretending votes on Lemmy are private, they're not. By letting anyone view votes (well, they can do that without Lemvotes by setting up their own instance, Lemvotes just lowers the entry barrier), users can see, for example, who's serially downvoting their posts or a community's posts.
Also, I don't think votes being public ruins Lemmy. They're public on bluesky and (virtually) no one is complaining. Additionally, platforms like kbin and mbin, which are part of the Fediverse, already make votes public. So even without Lemvotes, people can view the votes on posts. Lemvotes just makes it a bit more convenient.
The only way to fully prevent anyone other than dbzer0 admins from viewing votes is to disable federation.
The way lemvotes works right now afaik, is it uses an admin level account to collect voting data from all federated instances, thus enabling the identification of every voter. This method effectively bypasses the guardrails the developers put in place to keep this info more restricted.
Just a technical nitpick, this is inaccurate. Lemvotes queries the Lemmy database directly, so instance admins can plug it into the db and Lemvotes is running. I was considering making Lemvotes its own Fediverse actor, so that (1) setting up an instance of Lemvotes would be easier, and (2) opting out would be simpler by simply defederating lemvotes.org (or wherever the instance is running), but after working on it for a bit (the results of my work are on this git branch), I realized I don't know enough about ActivityPub, and that I don't care enough about Lemvotes or Lemmy to spend my time on this, as I have other projects to work on. In case anyone wants to develop that themselves, they're free to do so! Lemvotes is open source.
Thanks for this insight, it swayed me to vote against the proposal. If votes are already semi-public through federation I'd rather it be transparently public than giving the illusion of privacy.
I dislike the comments I sometimes see which threaten people downvoting certain things and imply that the only possible reason anyone would downvote is because they are and that they will be stalked and shunned for doing so. I see these kinds of comments in situations where something probably got downvoted because the person was being an asshole or an idiot rather than because downvoters are on the opposite side of their ideology or hateful. So it's like they want to prevent criticism through chilling effects and bullying. I get that it's tough to see that people don't like what you have to say, and that sometimes this is not useful information, but that's what options to hide vote scores are good for, just cut yourself off from this information if you can't engage with it in a healthy way or acknowledge that you might not understand the unstated thoughts of the people clicking up or down.
Even if it is not ultimately concealable information, I think this kind of measure is good because it at least sends a message that toxic vote stalking is disapproved of.
I'd imagine the average .world brigarder will not spin up their own instance to harass people because of their voting patterns, so naturally I'm voting "aye" and for opting out of any such tools when they will eventually pop up
FOR
Yes the data is available to anyone, but at least it involves some technical prowess.
The amount of times i have seen people discuss some users votes and what they interpret into it is just weird. let them at least dig for the stuff a little bit.
from a privacy standpoint it would be great, if the data could even be hidden from admins. while still allowing to do some verification (like in these governance threads). but that is a problem for the lemmy devs.
Votes are public on kbin and mbin too. Without even logging in.
Regarding hiding votes from admins, that's impossible without crippling moderation tools and allowing vote spam to happen freely, because admins would not be able to investigate. And that's just not how ActivityPub works. Votes are public.
voting for. i understand the info is available either way, but im in favor of raising the hurdle for this data to be collected.
