this post was submitted on 02 Aug 2025
121 points (73.9% liked)

/0 Governance

258 readers
352 users here now

A community for discussion and democratic decision making in the Divisions by zero.

Anyone with voting rights can open a governance thread and initiate a vote or a discussion. There's no special keywords you must be aware of before you open a thread, but there are some. here's the governance thread manual.

Answers

founded 6 months ago
MODERATORS
div0@lemmy.dbzer0.com
db0@lemmy.dbzer0.com
121
Should we opt out of Lemvotes? (infosec.pub)
submitted 1 day ago by Flatworm7591@lemmy.dbzer0.com to c/div0_governance@lemmy.dbzer0.com
147 comments fedilink hide all child comments
 

Hi again mateys!

As most of you are probably aware, since the development of Lemvotes Lemmy votes are no longer private for users.

The way lemvotes works right now afaik, is it uses an admin level account to collect voting data from all federated instances, thus enabling the identification of every voter. This method effectively bypasses the guardrails the developers put in place to keep this info more restricted.

However, the developer of lemvotes has recently developed an "opt out" for instances that don't want their user data collected in this way. So now we have a choice of whether or not to continue. For total transparency, I asked the developer to create an opt out because I wanted to give our users the option to choose that path without defederating from the lemvotes instance.

I think there are (at least) two schools of thought on this topic, which I will attempt to succinctly summarize below:

  1. Votes should be kept private to users as they were only ever meant to be viewable by instance admins. Making votes public to everyone via lemvotes, when users have a reasonable expectation of privacy when it comes to voting, is a betrayal of user trust. It also leads to arguments and a lot of unnecessary drama, caused by users trawling though each others' vote histories.

  2. It's good that voting is transparent and that users have the same tools available as admins to conduct their own investigations into other users. This creates a level playing field and helps hold everyone accountable for their voting patterns.

So now you have some of the context, I'd like to ask our community what are your thoughts on lemvotes... is it a social good or a bad idea?

Personally, I quite like it from an admin perspective - it's a handy tool, and a pretty cool project. But I also have an expectation (mainly from other forms of social media) that users' votes should be kept private from other users, so I still think it's problematic from that perspective.

Proposal: To opt out of lemvotes, so that our users' voting data is kept (at least somewhat) private.

  • To vote FOR the proposal to succeed, upvote the post.
  • To vote AGAINST the proposal, downvote the post.

This will be a simple majority vote. Similar to the last governance topic, I have no clue what the instance sentiment is towards lemvotes, so let's find out! Feel free to add your comments below.

(page 2) 50 comments
sorted by: hot top controversial new old
[–] somerandomperson@lemmy.dbzer0.com 5 points 14 hours ago (1 children)

Opt Out. We don't want others spying our internet updoots.

load more comments (1 replies)
[–] leMe@lemmy.dbzer0.com 11 points 18 hours ago (2 children)

FOR

Yes the data is available to anyone, but at least it involves some technical prowess.

The amount of times i have seen people discuss some users votes and what they interpret into it is just weird. let them at least dig for the stuff a little bit.

from a privacy standpoint it would be great, if the data could even be hidden from admins. while still allowing to do some verification (like in these governance threads). but that is a problem for the lemmy devs.

[–] lena@gregtech.eu 7 points 17 hours ago (1 children)

Votes are public on kbin and mbin too. Without even logging in.

Regarding hiding votes from admins, that's impossible without crippling moderation tools and allowing vote spam to happen freely, because admins would not be able to investigate. And that's just not how ActivityPub works. Votes are public.

load more comments (1 replies)
load more comments (1 replies)
[–] alsaaas@lemmy.dbzer0.com 6 points 16 hours ago* (last edited 9 hours ago) (1 children)

Anything that makes it harder for the average .world brigarder to harass people because of their voting patterns is a welcome change. So naturally I'm voting "aye" and for opting out of any further such tools/other instances of them when they will eventually pop up.

I am aware that votes are not private, but the bar for exploiting that is on the flor when you just have to copy a URL

load more comments (1 replies)
[–] rivvvver@lemmy.dbzer0.com 12 points 19 hours ago (1 children)

voting for. i understand the info is available either way, but im in favor of raising the hurdle for this data to be collected.

load more comments (1 replies)
[–] hendu@lemmy.dbzer0.com 58 points 1 day ago (1 children)

I don't see much point in opting out. The data will still be available to anyone who spins up an instance, and this could lead to a big game of whack-a-mole.

Better would be to push the Lemmy devs to find a universal solution.

load more comments (1 replies)
[–] basiclemmon98@lemmy.dbzer0.com 2 points 13 hours ago* (last edited 13 hours ago) (1 children)

Is it at all possible that we could edit the ActivityPub protocal for just our instance to NOT report who upvoted or downvoted what to the wider fediverse?! And if it is possible (I genuinely don't know how it works, so pls feel free to tell me otherwise), would any of us want to develop that?? (Feel free to remove this if this comment is too unhelpful or it shouldn't be discussed here)

[–] naevaTheRat@lemmy.dbzer0.com 38 points 1 day ago* (last edited 1 day ago) (1 children)

Votes are public though, pretending that they're not is just deceiving users.

Anyone who admins a federated instance, and any of their friends, knows vote counts.

But I also have an expectation (mainly from other forms of social media) that users’ votes should be kept private from other users

This is literally just reddit and hackernews, some of the worst and most astro-turfed socmed. Twitter post nazification too I guess.

load more comments (1 replies)
[–] heckypecky@lemmy.dbzer0.com 11 points 20 hours ago (2 children)

Against.

User votes have never been private as it seems. Lemvotes only made this loophole mainstream. This has to be fixed by lemmy devs, an opt out would give a false sense of security and leave the other lemvotes type tools that are not known yet untouched.

[–] lena@gregtech.eu 5 points 17 hours ago

It's not even a loophole, this is how ActivityPub is designed

load more comments (1 replies)
[–] Geth@lemmy.dbzer0.com 9 points 19 hours ago (2 children)

ITT people not understanding that their votes are basically public no matter what. This tool might as well be one of a thousand and we're just playing wack-a-mole. Kind of a waste of time to bother with it, instead lemmy should get better.

[–] LifeInMultipleChoice@lemmy.dbzer0.com 3 points 15 hours ago (1 children)

I wonder how many people will up vote the post without reading it just because it's what your supposed to do for discussions you want promoted. Some people might say, oh a public announcement for the instance, up vote and move on.

load more comments (1 replies)
load more comments (1 replies)
[–] cabb@lemmy.dbzer0.com 12 points 20 hours ago (1 children)

I'd like to opt out of lemvotes

load more comments (1 replies)
[–] PolarKraken@lemmy.dbzer0.com 10 points 20 hours ago (1 children)

Voting against, succinctly:

  • "opt out" implies unearned trust, from the jump
  • mechanically, no data is less or more available, with sufficient motivation
  • preferring the illusion of privacy is a self-defeating pattern of behavior, it has run amok
  • I'm generally against concentration of info access, on principle

I think there are good reasons to disagree, but I won't make that case as well as someone who does, so I'll leave it to others.

load more comments (1 replies)
[–] Kazel@lemmy.dbzer0.com 4 points 16 hours ago (1 children)

voting for

load more comments (1 replies)
[–] antonim@lemmy.dbzer0.com 5 points 18 hours ago* (last edited 17 hours ago) (1 children)

Against. Occasionally I snoop through someone else's up/downvotes ("oh yeah, this guy is a cunt, just as I thought"). However, it seems unfair that I get to check the votes of people from servers that haven't opted out, while as a dbz0 user myself I'd be safe from such "inspection". (Have any other major servers opted out anyway?) It's a problem (if it is a problem) that should be resolved across the board, not just from individual instances.

load more comments (1 replies)
[–] h4x0r@lemmy.dbzer0.com 17 points 23 hours ago (7 children)

The fact anyone on db0 would advocate for 'transparency' in the name of surveillance makes me believe either I chose the wrong instance or you did.

Sure, that data is available to admins, but this approach will naturally lead to a chilling effect that directly opposes this instance's supposed principles. I understand the why here, but cannot fathom, with how often data is misconstrued by the malicious in the modern age, anyone would operate or advocate for such a service.

[–] NotANumber@lemmy.dbzer0.com 5 points 14 hours ago

As someone pointed out this is already public information for anyone using kbin and mbin. Blocking tools like this doesn't really change that, or even make it harder to see. People are saying without it you would need to make your own instance to see who voted, but given kbin and mbin exists this is probably false and misleading.

Votes being public is an inherent part of the protocol and the software. There isn't much that can be done without redesigning both of those things. Even then it would probably be a case of votes per instance, not fully anonymous voting. Doing that could potentially create moderation problems as well.

[–] Resonosity@lemmy.dbzer0.com 6 points 15 hours ago (1 children)

I feel like this would be better served as a discussion around ActivityPub then and not just Lemmy - and not just ancillary softwares based on Lemmy like Lemvotes

load more comments (1 replies)
[–] Redjard@lemmy.dbzer0.com 19 points 20 hours ago

That data is available to admins of any instance. Anything federated. That's an impossibly large number of instances to keep track off over information leaks, especially since votes are saved permanently so any leak of any instance would retroactively expose all votes again.
This is not even starting to touch on other activitypub software interpreting votes as inherently public and showing them as such. On mbin, anyone can see votes.

In practice this data simply is irrevocably public until lemmy itself hides it on the protocol layer. Right now, it can't even be properly obfuscated.

[–] hendu@lemmy.dbzer0.com 25 points 23 hours ago

This is exactly why I think we should push for Lemmy as a whole resolving the issue, instead of dealing with vote trackers as they crop up.

[–] naught101@lemmy.world 8 points 21 hours ago* (last edited 21 hours ago)

What's the chilling effect? What kind of power does anonymity of voting (even if that were available on lemmy) confer, considering that comments can't be anonymous?

load more comments (2 replies)
[–] orbituary@lemmy.dbzer0.com 17 points 23 hours ago (4 children)

This instance is based greatly on sailing the high seas. Privacy should go hand in hand with that. I don't want my votes to be "investigated" as they reflect my personal opinions and that is sacrosanct.

[–] NotANumber@lemmy.dbzer0.com 4 points 14 hours ago

Except that's not how any of this works. Votes are public via the ActivityPub protocol, which is why this tool is possible in the first place. Kbin ane Mbin make votes public, so all you need to do to see this is use one of those instances federated with dbzero. This kind of comment is just being ignorant of the technology and mechanics in place. If you wanted that kind of privacy you shouldn't be on this platform. You should probably not be on a public forum with actual usernames. Maybe try 4chan?

[–] 0_o7@lemmy.dbzer0.com 10 points 18 hours ago (1 children)

On ActivityPub, all votes are public by design. They are only hidden so users can focus on discussion rather than "who did what". Anyone with an AP instance or tools like this can view your sacrosanct opinions whether you opt out or not.

[–] Resonosity@lemmy.dbzer0.com 5 points 15 hours ago (1 children)

So it seems like this discussion should be aimed moreso at ActivityPub, not Lemvotes

[–] orbituary@lemmy.dbzer0.com 2 points 12 hours ago (2 children)

I absolutely agree. What does lemmy achieve over reddit if it is not more private?

load more comments (2 replies)
[–] Redjard@lemmy.dbzer0.com 16 points 20 hours ago

Understandable but not what this proposal would achieve. The data is available, this is just one of the interfaces showing it.

This one can be easily opted out of, other existing ones cannot.

load more comments (1 replies)
[–] SadSadSatellite@lemmy.dbzer0.com 24 points 1 day ago (2 children)

I don't want lemvotes. It sounds like some real reddit shit and it's a terribly dumb word. Not to mention I want less tracking and more anonymity on the internet in general.

[–] Redjard@lemmy.dbzer0.com 19 points 20 hours ago* (last edited 20 hours ago) (1 children)

This is not going to give anonymity, it at worst gives an increased false sense of anonymity.
Not only could others spin up more copies of lemvotes, last time I checked every mbin instance shows that info freely.

For what I'm concerned this proposal would merely make looking up votes slightly less convenient.

Edit: Yep, mbin still shows votes, no login required: Example

load more comments (1 replies)
load more comments (1 replies)
[–] brickfrog@lemmy.dbzer0.com 14 points 1 day ago (2 children)

Voting for the proposal, would be nice to opt out of extra tracking beyond what already gets tracked/logged during typical Lemmy usage.

But in the grand scheme of things this is more of a Lemmy network problem, if that site exists then surely other sites/tools exist (or will soon) to do the same thing. I've always kind of figured it doesn't take much to start up a Lemmy instance, federate with others, & just start logging the info being sent across the instances (in this case upvotes/downvotes).

You've kind of got me wondering how Piefed handles that but that's another topic really.

[–] naevaTheRat@lemmy.dbzer0.com 16 points 1 day ago

Everything you do on lemmy is public forever. That's how activitypub works. Even if you delete everything no server has to respect that.

Anything you upload is public record forever until proven otherwise.

load more comments (1 replies)
load more comments
view more: ‹ prev next ›