this post was submitted on 02 Aug 2025
135 points (72.9% liked)

/0 Governance

258 readers
160 users here now

A community for discussion and democratic decision making in the Divisions by zero.

Anyone with voting rights can open a governance thread and initiate a vote or a discussion. There's no special keywords you must be aware of before you open a thread, but there are some. here's the governance thread manual.

Answers

founded 6 months ago
MODERATORS
div0@lemmy.dbzer0.com
db0@lemmy.dbzer0.com
135
Should we opt out of Lemvotes? (infosec.pub)
submitted 1 day ago by Flatworm7591@lemmy.dbzer0.com to c/div0_governance@lemmy.dbzer0.com
185 comments fedilink hide all child comments
 

Hi again mateys!

As most of you are probably aware, since the development of Lemvotes Lemmy votes are no longer private for users.

The way lemvotes works right now afaik, is it uses an admin level account to collect voting data from all federated instances, thus enabling the identification of every voter. This method effectively bypasses the guardrails the developers put in place to keep this info more restricted.

However, the developer of lemvotes has recently developed an "opt out" for instances that don't want their user data collected in this way. So now we have a choice of whether or not to continue. For total transparency, I asked the developer to create an opt out because I wanted to give our users the option to choose that path without defederating from the lemvotes instance.

I think there are (at least) two schools of thought on this topic, which I will attempt to succinctly summarize below:

  1. Votes should be kept private to users as they were only ever meant to be viewable by instance admins. Making votes public to everyone via lemvotes, when users have a reasonable expectation of privacy when it comes to voting, is a betrayal of user trust. It also leads to arguments and a lot of unnecessary drama, caused by users trawling though each others' vote histories.

  2. It's good that voting is transparent and that users have the same tools available as admins to conduct their own investigations into other users. This creates a level playing field and helps hold everyone accountable for their voting patterns.

So now you have some of the context, I'd like to ask our community what are your thoughts on lemvotes... is it a social good or a bad idea?

Personally, I quite like it from an admin perspective - it's a handy tool, and a pretty cool project. But I also have an expectation (mainly from other forms of social media) that users' votes should be kept private from other users, so I still think it's problematic from that perspective.

Proposal: To opt out of lemvotes, so that our users' voting data is kept (at least somewhat) private.

  • To vote FOR the proposal to succeed, upvote the post.
  • To vote AGAINST the proposal, downvote the post.

This will be a simple majority vote. Similar to the last governance topic, I have no clue what the instance sentiment is towards lemvotes, so let's find out! Feel free to add your comments below.

(page 3) 50 comments
sorted by: hot top controversial new old
[–] h4x0r@lemmy.dbzer0.com 17 points 1 day ago (8 children)

The fact anyone on db0 would advocate for 'transparency' in the name of surveillance makes me believe either I chose the wrong instance or you did.

Sure, that data is available to admins, but this approach will naturally lead to a chilling effect that directly opposes this instance's supposed principles. I understand the why here, but cannot fathom, with how often data is misconstrued by the malicious in the modern age, anyone would operate or advocate for such a service.

[–] naught101@lemmy.world 9 points 1 day ago* (last edited 1 day ago)

What's the chilling effect? What kind of power does anonymity of voting (even if that were available on lemmy) confer, considering that comments can't be anonymous?

load more comments (7 replies)
[–] Geth@lemmy.dbzer0.com 10 points 1 day ago (2 children)

ITT people not understanding that their votes are basically public no matter what. This tool might as well be one of a thousand and we're just playing wack-a-mole. Kind of a waste of time to bother with it, instead lemmy should get better.

[–] LifeInMultipleChoice@lemmy.dbzer0.com 3 points 1 day ago (1 children)

I wonder how many people will up vote the post without reading it just because it's what your supposed to do for discussions you want promoted. Some people might say, oh a public announcement for the instance, up vote and move on.

load more comments (1 replies)
load more comments (1 replies)
[–] orbituary@lemmy.dbzer0.com 17 points 1 day ago (8 children)

This instance is based greatly on sailing the high seas. Privacy should go hand in hand with that. I don't want my votes to be "investigated" as they reflect my personal opinions and that is sacrosanct.

[–] NotANumber@lemmy.dbzer0.com 4 points 1 day ago

Except that's not how any of this works. Votes are public via the ActivityPub protocol, which is why this tool is possible in the first place. Kbin ane Mbin make votes public, so all you need to do to see this is use one of those instances federated with dbzero. This kind of comment is just being ignorant of the technology and mechanics in place. If you wanted that kind of privacy you shouldn't be on this platform. You should probably not be on a public forum with actual usernames. Maybe try 4chan?

load more comments (7 replies)
[–] PolarKraken@lemmy.dbzer0.com 11 points 1 day ago (1 children)

Voting against, succinctly:

  • "opt out" implies unearned trust, from the jump
  • mechanically, no data is less or more available, with sufficient motivation
  • preferring the illusion of privacy is a self-defeating pattern of behavior, it has run amok
  • I'm generally against concentration of info access, on principle

I think there are good reasons to disagree, but I won't make that case as well as someone who does, so I'll leave it to others.

load more comments (1 replies)
[–] Kazel@lemmy.dbzer0.com 5 points 1 day ago (1 children)

voting for

load more comments (1 replies)
[–] brickfrog@lemmy.dbzer0.com 14 points 1 day ago (2 children)

Voting for the proposal, would be nice to opt out of extra tracking beyond what already gets tracked/logged during typical Lemmy usage.

But in the grand scheme of things this is more of a Lemmy network problem, if that site exists then surely other sites/tools exist (or will soon) to do the same thing. I've always kind of figured it doesn't take much to start up a Lemmy instance, federate with others, & just start logging the info being sent across the instances (in this case upvotes/downvotes).

You've kind of got me wondering how Piefed handles that but that's another topic really.

[–] naevaTheRat@lemmy.dbzer0.com 16 points 1 day ago

Everything you do on lemmy is public forever. That's how activitypub works. Even if you delete everything no server has to respect that.

Anything you upload is public record forever until proven otherwise.

load more comments (1 replies)
[–] antonim@lemmy.dbzer0.com 5 points 1 day ago* (last edited 1 day ago) (1 children)

Against. Occasionally I snoop through someone else's up/downvotes ("oh yeah, this guy is a cunt, just as I thought"). However, it seems unfair that I get to check the votes of people from servers that haven't opted out, while as a dbz0 user myself I'd be safe from such "inspection". (Have any other major servers opted out anyway?) It's a problem (if it is a problem) that should be resolved across the board, not just from individual instances.

load more comments (1 replies)
[–] basiclemmon98@lemmy.dbzer0.com 2 points 1 day ago* (last edited 1 day ago) (1 children)

Is it at all possible that we could edit the ActivityPub protocal for just our instance to NOT report who upvoted or downvoted what to the wider fediverse?! And if it is possible (I genuinely don't know how it works, so pls feel free to tell me otherwise), would any of us want to develop that?? (Feel free to remove this if this comment is too unhelpful or it shouldn't be discussed here)

[–] Martineski@lemmy.dbzer0.com 9 points 1 day ago* (last edited 1 day ago) (3 children)

I support it but it feels pointless given it's just trying to treat symptoms and not the core issue which is the ability to get them in the first place. I don't think that there's even any good solution for that given the decentralised nature of the fediverse which sucks.

[–] Redjard@lemmy.dbzer0.com 3 points 1 day ago (1 children)

It is complicated but possible.
You can anonymize votes, peertube is doing something like that.
I can imagine even more complicated systems that limit the instances with that info to 2-3, a number small enough to make it plausible no leaks happen, while still making it very hard to fake votes with a malicious server.

[–] Martineski@lemmy.dbzer0.com 4 points 1 day ago

Interesting, is it actual anonymity or just static obfuscation where after simple data analysis you'd be able to tie all past and future data to the user moving forward? Do you have the source for that? I have issues finding anything despite trying out different keywords.

[–] fxomt@lemmy.dbzer0.com 4 points 1 day ago (1 children)

Yo, you're back??

[–] Martineski@lemmy.dbzer0.com 2 points 1 day ago* (last edited 1 day ago) (1 children)

No, I just happened to see the notification for this post on matrix on my phone so I manifested my presence to critique lemmy only to afterwards dissipate into nothingness like I once was.

[–] fxomt@lemmy.dbzer0.com 3 points 1 day ago

A person disintegrating

Goodbye once again, fedimart 😔

load more comments (1 replies)
[–] Neverclear@lemmy.dbzer0.com 4 points 1 day ago (1 children)

I have to believe some sort of system could be designed that can preserve privacy while preventing abuse. Maybe zero knowledge proofs, packet filters or fail2ban. Adaptations would have to be made, of course.

But I expect that exposing everyones' voting habits would enable more vengeance and spite than it would cooperation.

In holding out for a better solution. I choose the lesser evil of risking anonymous abuse over the greater evil of open discord.

load more comments (1 replies)
load more comments
view more: ‹ prev next ›