/0 Governance

Acknowledged governance topic opened by https://lemmy.dbzer0.com/u/flatworm7591

This is a simple majority vote. The current tally is as follows:

• For:
• Against:
• Local Community: +0.6
• Outsider sentiment: Very Positive
• Total: +4.6
• Percentage: 66.00%

This vote will complete in 6 days

Reminder that this is a pilot process and results of voting are not set in stone.

Against.

Facade of privacy is worse. Opting out won't do anything, and it might give people false sense of privacy. Let everyone know their votes are public. In my head, voting on lemmy is equivalent of saying "aye" in real life, that is, you are assenting to something publicly.

I in fact consider this to be a feature, it's helpful in detecting votes manipulation.

For. More privacy > less privacy, even if it's minimal.

Against.

Pretty much eeveeryone have clarified the good reasons Against already, and I share most of them. The one that I want to emphasize more is that regarding this point:

But I also have an expectation (mainly from other forms of social media) [...]

Half the point of lemmy is that it's not like other forms of social media, at least the big ones. This is not Twitter where we know already everyone is nazis, or Reddit where people can just brigand and go bomb-review software projects or stuff like that with impunity. The other half is that it's federated and public. That, by nature, has to somehow include the votes.

We're on lemmy. Let's own it.

IN FAVOR OF OPTING OUT

Public voting is one of my least favorite features of lemmy/threadiverse.

I don't know if it's possible to have a federated network where votes are totally private but it would be a strong preference for me. I thought there were already some tools instances could use to protect their users privacy?

If it is implausible to totally obscure it, then I think we need more user controls to avoid accidentally voting for something that leaves a breadcrumb trail about you. Such as reminding new users their votes are public, having an easy way to see overview of all your own votes, option to remove the vote buttons from the UI, being able to unvote all your past votes (which would still be imperfect of course).

Against

This information is already public. Something like kbin or mbin which already shows votes could theoretically be used to show them for any federated instances anyway. It's pointless trying to obscure this information as it's not actually protected in a technical manor. If you didn't want this information public you chose the wrong platform.

Against. Your comment history is even easier to access and it's usually much more sensitive. If you really care about anonymity you need a stronger method.

Downvotes are not a slap in the face. They're the social equivalent of "hey, I disagree with your content or tone". Really it's not a big deal to me if they're public. I've downvoted by accident, or changed my mind before and upvoted later.

Now if you're talking about lemips, a list of user's ip addresses, that's a different story.

I doubt there's any practical way to keep votes 100% private, there's always a workaround. Playing whack a mole on this stupid little thing is not worth it

In my opinion, it's a good thing. Anyone wanting the information for nefarious purposes only needs to spin up their own instance and they get it. This just gives the tools to everyone easily.

I think the illusion that votes are private should be crushed, because they aren't and you should be aware of that.

This data isn’t private in the first place. What point is there in opting out of a pinhole when niagara is right there?

Against. Votes being public makes me vote better. It stops me from angrily downvoting stuff I dont like when im in a bad mood.

Personally I vote against because security through obscurity, isn't. People who want to get this data for malicious purposes can easily get it. It will only affect people trying to do it causally (i.e. To check if someone is a chud).

I personally find the whole voting system in lemmy flawed but that's another story.

For.

I think that opting out only makes it harder to find out who voted what, I can still find out who voted what by opening a post in friendica (though it misses a good bit of info).

Giving users the illusion that their votes are private is dangerous.

Against.

An illusion of privacy is dangerous. If voting isn't anonymous (it isn't, and wouldn't be after an opt-out) then it's better for users to know that and act accordingly.

I'm voting FOR. To be honest, after reading the comments, I do find the argument convincing that we shouldn't enable the illusion of security. But, on the other hand, I strongly believe that creating a tool to specifically investigate particular individuals, even if it was already technically possible, is ripe for abuse.

Literally any barrier to entry can give some angry individual a chance to cool down before they go on a brigade against the target of their rage. I'd slightly prefer if we don't enable them.

All that said, if it's not this tool it will probably be another, so my vote is mostly symbolic.

Against. As Lena has indicated, this does not require spinning up a full instance and admin account, but just to spin up a copy of LemVotes, which is open source. Easier than that, I've also read that votes are available without admin rights through queries to the Lemmy API. Even easier, the votes are also already public through the *bins. Just make an account on them.

I understand the use of having a small hurdle to dissuade people, I regularly build them into my scripts at work so people can't accidentally break shit with them. But my point is, removing our instance from LemVotes does not raise that hurdle to any significant degree.

This is a core limitation of ActivityPub. Votes must be sent with username attached for federation to work properly. The data is already out there. Any ActivityPub system that doesn't make them public is just doing so on the front end. It's set dressing, not actual voting privacy.

I don't like that it works this way, but I've chosen to accept it as the cost to be part of the Fediverse, to be uncensorable.

If you want privacy, the path is the same it always has been: rotate accounts regularly.

As far as I'm aware, the only true workaround is in piefed (I think it's piefed at least) where a hidden account with a randomized name is created with your real account, and the hidden one's name is attached to your votes instead of the real account. So it would require your own instance admin to see the link in vote and identity. Or basic levels of observation skills to connect the person posting negative replies is the random username also downvoting.

I also don't like the idea of even being able to opt out. It creates an entirely false sense of security and privacy, and could be seen as a signal that our instance doesn't intend to participate in the wider fediverse transparently and in good faith.

Hi, Lemvotes dev here. As you can imagine, I believe votes on the Fediverse should be public, because that's just how ActivityPub works. Votes are sent out to every subscribed instance, which can then do whatever it wants with them.

We need to stop pretending votes on Lemmy are private, they're not. By letting anyone view votes (well, they can do that without Lemvotes by setting up their own instance, Lemvotes just lowers the entry barrier), users can see, for example, who's serially downvoting their posts or a community's posts.

Also, I don't think votes being public ruins Lemmy. They're public on bluesky and (virtually) no one is complaining. Additionally, platforms like kbin and mbin, which are part of the Fediverse, already make votes public. So even without Lemvotes, people can view the votes on posts. Lemvotes just makes it a bit more convenient.

The only way to fully prevent anyone other than dbzer0 admins from viewing votes is to disable federation.

The way lemvotes works right now afaik, is it uses an admin level account to collect voting data from all federated instances, thus enabling the identification of every voter. This method effectively bypasses the guardrails the developers put in place to keep this info more restricted.

Just a technical nitpick, this is inaccurate. Lemvotes queries the Lemmy database directly, so instance admins can plug it into the db and Lemvotes is running. I was considering making Lemvotes its own Fediverse actor, so that (1) setting up an instance of Lemvotes would be easier, and (2) opting out would be simpler by simply defederating lemvotes.org (or wherever the instance is running), but after working on it for a bit (the results of my work are on this git branch), I realized I don't know enough about ActivityPub, and that I don't care enough about Lemvotes or Lemmy to spend my time on this, as I have other projects to work on. In case anyone wants to develop that themselves, they're free to do so! Lemvotes is open source.

Against. Generally I prefer the option of being anonymous, but we shouldn't promote a false sense of security with a tool that doesn't accomplish the job.

After reading the comments in this topic, I am voting AGAINST.

Public votes are the biggest problem on Lemmy, and it should be a development priority to make them properly anonymous.

I'm for the opt-out. I am aware of the fact that anyone who has looked into the subject knows that it's easy to get that info, but there's a difference between "I need to actually put a small amount of effort into it" vs. "I just copy the URL". If someone wants to look it up and jumps through the hoops, that's fine by me, but it shouldn't be an everyday thing.

I personally vote on nearly every post and comment i read, and even tho i don't want to push any agenda or discriminate any user, someone who i perceive as a bad actor or who regularly comments stuff that screams "i need to touch grass" might construe (wrongly) that i target them. Tbh, most of the time i don't look at the username when voting.

(but it is pretty interesting that i have submitted around 71000 votes since the API reddit exodus lol)

Opt out

As others have said, it seems that comments and votes on Lemmy are public by default, and the issue of anonymization should be directed towards redesigning how Lemmy and even ActivityPub shares information.

That being said, we on db0 have less control over those softwares because they underpin our instance here on Lemmy. For what we do have control over, I'd expect this instance to preserve the privacy of its users as much as possible.

I also agree with others that opting out of Lemvotes means one more deterrent for bad actors to abuse the system. We don't want to make it easier for people to spy on and stalk others, even if this opting out doesn't fix the root cause.

I vote Aye for now, only so far as we continue this conversation to address privacy overall in the Fediverse.

Against.

As it turns out, upvotes are public regardless! As that's the case, I really just don't care either way.

I dislike the comments I sometimes see which threaten people downvoting certain things and imply that the only possible reason anyone would downvote is because they are and that they will be stalked and shunned for doing so. I see these kinds of comments in situations where something probably got downvoted because the person was being an asshole or an idiot rather than because downvoters are on the opposite side of their ideology or hateful. So it's like they want to prevent criticism through chilling effects and bullying. I get that it's tough to see that people don't like what you have to say, and that sometimes this is not useful information, but that's what options to hide vote scores are good for, just cut yourself off from this information if you can't engage with it in a healthy way or acknowledge that you might not understand the unstated thoughts of the people clicking up or down.

Even if it is not ultimately concealable information, I think this kind of measure is good because it at least sends a message that toxic vote stalking is disapproved of.

I say opt-out, less easy-access data is always better.

I'm for - whilst I'm aware lemmy votes are attainable via one mean or another, opting out sends a message that whilst yes, it is possible to attain voting information, it should not be considered normal and socially acceptable to do so.