/0 Governance

Acknowledged governance topic opened by https://lemmy.dbzer0.com/u/flatworm7591

This is a simple majority vote. The current tally is as follows:

• For:
• Against:
• Local Community: +0.6
• Outsider sentiment: Very Positive
• Total: +4.6
• Percentage: 66.00%

This vote will complete in 6 days

Reminder that this is a pilot process and results of voting are not set in stone.

Is the div0 bot broken right now?

In favor: activity pub shouldn't have votes from my perspective.

in FAVOR: even if it's a bit of a facade, it gives off the signal to future devs that privacy is still very much a desired thing, even here, and not an after thought.

I don't think so, votes are public by nature, and it is useful to be able to find where and how users vote to make judgements based on vote manipulation. I say this as someone who has dealt with huge amounts of vote manipulation in my own communities.

Although the fact they are offering opt outs from instance admins instead of making it censorship/defederation hardened does make me lose faith in the integrity of lemvotes as a service since it no longer will show a majority of votes due to admins opting out.

Against.

Against.

• Does not stop voting being public
• Does nothing for privacy, it doesn't stop how federation sends the info required to vote
• Useful for moderators in communities where they have haters despite being self contained.
• Useful for users to know when they have a dedicated hater/fan.

Against.

To block it would just further a false sense of privacy. The votes are already public, this just makes that data very slightly more accessible. To pretend otherwise is simply burying our heads in the sand.

Against.

A harder question for me is whether or not to get rid of public downvotes altogether. I think most interactions would be less hostile without the downvote option at all.

Against.

Facade of privacy is worse. Opting out won't do anything, and it might give people false sense of privacy. Let everyone know their votes are public. In my head, voting on lemmy is equivalent of saying "aye" in real life, that is, you are assenting to something publicly.

I in fact consider this to be a feature, it's helpful in detecting votes manipulation.

Against.

Pretty much eeveeryone have clarified the good reasons Against already, and I share most of them. The one that I want to emphasize more is that regarding this point:

But I also have an expectation (mainly from other forms of social media) [...]

Half the point of lemmy is that it's not like other forms of social media, at least the big ones. This is not Twitter where we know already everyone is nazis, or Reddit where people can just brigand and go bomb-review software projects or stuff like that with impunity. The other half is that it's federated and public. That, by nature, has to somehow include the votes.

We're on lemmy. Let's own it.

For. More privacy > less privacy, even if it's minimal.

Against

This information is already public. Something like kbin or mbin which already shows votes could theoretically be used to show them for any federated instances anyway. It's pointless trying to obscure this information as it's not actually protected in a technical manor. If you didn't want this information public you chose the wrong platform.

IN FAVOR OF OPTING OUT

Public voting is one of my least favorite features of lemmy/threadiverse.

I don't know if it's possible to have a federated network where votes are totally private but it would be a strong preference for me. I thought there were already some tools instances could use to protect their users privacy?

If it is implausible to totally obscure it, then I think we need more user controls to avoid accidentally voting for something that leaves a breadcrumb trail about you. Such as reminding new users their votes are public, having an easy way to see overview of all your own votes, option to remove the vote buttons from the UI, being able to unvote all your past votes (which would still be imperfect of course).

Against. Your comment history is even easier to access and it's usually much more sensitive. If you really care about anonymity you need a stronger method.

Downvotes are not a slap in the face. They're the social equivalent of "hey, I disagree with your content or tone". Really it's not a big deal to me if they're public. I've downvoted by accident, or changed my mind before and upvoted later.

Now if you're talking about lemips, a list of user's ip addresses, that's a different story.

This data isn’t private in the first place. What point is there in opting out of a pinhole when niagara is right there?

Personally I vote against because security through obscurity, isn't. People who want to get this data for malicious purposes can easily get it. It will only affect people trying to do it causally (i.e. To check if someone is a chud).

I personally find the whole voting system in lemmy flawed but that's another story.

I doubt there's any practical way to keep votes 100% private, there's always a workaround. Playing whack a mole on this stupid little thing is not worth it

In my opinion, it's a good thing. Anyone wanting the information for nefarious purposes only needs to spin up their own instance and they get it. This just gives the tools to everyone easily.

I think the illusion that votes are private should be crushed, because they aren't and you should be aware of that.

Hi, Lemvotes dev here. As you can imagine, I believe votes on the Fediverse should be public, because that's just how ActivityPub works. Votes are sent out to every subscribed instance, which can then do whatever it wants with them.

We need to stop pretending votes on Lemmy are private, they're not. By letting anyone view votes (well, they can do that without Lemvotes by setting up their own instance, Lemvotes just lowers the entry barrier), users can see, for example, who's serially downvoting their posts or a community's posts.

Also, I don't think votes being public ruins Lemmy. They're public on bluesky and (virtually) no one is complaining. Additionally, platforms like kbin and mbin, which are part of the Fediverse, already make votes public. So even without Lemvotes, people can view the votes on posts. Lemvotes just makes it a bit more convenient.

The only way to fully prevent anyone other than dbzer0 admins from viewing votes is to disable federation.

The way lemvotes works right now afaik, is it uses an admin level account to collect voting data from all federated instances, thus enabling the identification of every voter. This method effectively bypasses the guardrails the developers put in place to keep this info more restricted.

Just a technical nitpick, this is inaccurate. Lemvotes queries the Lemmy database directly, so instance admins can plug it into the db and Lemvotes is running. I was considering making Lemvotes its own Fediverse actor, so that (1) setting up an instance of Lemvotes would be easier, and (2) opting out would be simpler by simply defederating lemvotes.org (or wherever the instance is running), but after working on it for a bit (the results of my work are on this git branch), I realized I don't know enough about ActivityPub, and that I don't care enough about Lemvotes or Lemmy to spend my time on this, as I have other projects to work on. In case anyone wants to develop that themselves, they're free to do so! Lemvotes is open source.

I think that opting out only makes it harder to find out who voted what, I can still find out who voted what by opening a post in friendica (though it misses a good bit of info).

Giving users the illusion that their votes are private is dangerous.

Against. Votes being public makes me vote better. It stops me from angrily downvoting stuff I dont like when im in a bad mood.

Against. As Lena has indicated, this does not require spinning up a full instance and admin account, but just to spin up a copy of LemVotes, which is open source. Easier than that, I've also read that votes are available without admin rights through queries to the Lemmy API. Even easier, the votes are also already public through the *bins. Just make an account on them.

I understand the use of having a small hurdle to dissuade people, I regularly build them into my scripts at work so people can't accidentally break shit with them. But my point is, removing our instance from LemVotes does not raise that hurdle to any significant degree.

This is a core limitation of ActivityPub. Votes must be sent with username attached for federation to work properly. The data is already out there. Any ActivityPub system that doesn't make them public is just doing so on the front end. It's set dressing, not actual voting privacy.

I don't like that it works this way, but I've chosen to accept it as the cost to be part of the Fediverse, to be uncensorable.

If you want privacy, the path is the same it always has been: rotate accounts regularly.

As far as I'm aware, the only true workaround is in piefed (I think it's piefed at least) where a hidden account with a randomized name is created with your real account, and the hidden one's name is attached to your votes instead of the real account. So it would require your own instance admin to see the link in vote and identity. Or basic levels of observation skills to connect the person posting negative replies is the random username also downvoting.

I also don't like the idea of even being able to opt out. It creates an entirely false sense of security and privacy, and could be seen as a signal that our instance doesn't intend to participate in the wider fediverse transparently and in good faith.

Against.

An illusion of privacy is dangerous. If voting isn't anonymous (it isn't, and wouldn't be after an opt-out) then it's better for users to know that and act accordingly.

I'm voting FOR. To be honest, after reading the comments, I do find the argument convincing that we shouldn't enable the illusion of security. But, on the other hand, I strongly believe that creating a tool to specifically investigate particular individuals, even if it was already technically possible, is ripe for abuse.

Literally any barrier to entry can give some angry individual a chance to cool down before they go on a brigade against the target of their rage. I'd slightly prefer if we don't enable them.

All that said, if it's not this tool it will probably be another, so my vote is mostly symbolic.

For.

I'm for the opt-out. I am aware of the fact that anyone who has looked into the subject knows that it's easy to get that info, but there's a difference between "I need to actually put a small amount of effort into it" vs. "I just copy the URL". If someone wants to look it up and jumps through the hoops, that's fine by me, but it shouldn't be an everyday thing.

I personally vote on nearly every post and comment i read, and even tho i don't want to push any agenda or discriminate any user, someone who i perceive as a bad actor or who regularly comments stuff that screams "i need to touch grass" might construe (wrongly) that i target them. Tbh, most of the time i don't look at the username when voting.

(but it is pretty interesting that i have submitted around 71000 votes since the API reddit exodus lol)

Against. Generally I prefer the option of being anonymous, but we shouldn't promote a false sense of security with a tool that doesn't accomplish the job.

I don't see much point in opting out. The data will still be available to anyone who spins up an instance, and this could lead to a big game of whack-a-mole.

Better would be to push the Lemmy devs to find a universal solution.