Currently, almost anyone in the Fediverse can see Lemmys votes. Lemmy admins can see votes, as well as mods. Only regular Lemmy users can’t. Should the Lemmy devs create a way to make the votes anonymous?
There is a discussion going on right now considering “making the Lemmy votes public” but I think that premisse is just wrong. The votes are public already, they’re just hidden from Lemmy users. Anyone from a kbin/mbin/fedia instance can check out the votes if they are so inclined.
The users right now may fall into a false sense of privacy when voting because the votes are hidden from Lemmy users. If you want to vote something and not show up on the vote list, please create another account to support that type of content and don’t tell anyone.
Wait a minute, so any admin can see which posts do I upvote/downvote?
I’m an instance owner and mod. I’ll describe what we see.
Like anyone else, I can check a post or comment and see the upvote and downvote counts. If I click on a specific menu item by a post or comment I can also see who voted which way.
I check it often and to date have only banned two users, out of thousands, who were consistently downvoting posts. These bot accounts were literally voting within seconds of the post going federated.
It’s a useful feature on my end and I think others should be able to see it.
Thamk you for the insight, instance administrator views are valuable and unique.
At the risk of sounding like I’m presenting a bad faith argument, why ban them? I don’t like the whole “free market” analogy but surely it’s one of the liberating features of federated servers, being able to to largely express your votes or content as you see fit within the legal framework of the host nation. Wouldn’t the odd one or two mass downvoters/upvoters/theyvoters ultimately be a statistical abberation or is the fediverse still small enough for this sort of shit to carry weight?
Open criticism of my view welcome, as always!
They’re purposely disruptive to the community, they are not part of the community.
If votes are anonymous and federated, it’s very easy for me to add or subtract 900 votes from whatever I want.
You should consider anything you do on social media to be public. Even if Facebook tries to claim that it’s not.
Admin of a small instance, I have banned 2 accounts for another instance that were downvoting almost all content in a threads without any other interaction. They were being disruptive to the flow at the time, much like @ericjmorey@discuss.online describes.
For what it’s worth, admins/employees on Reddit (or any other website) can also see upvote records.
On mbin users can only see who upvoted a post. An admin can of course still go into the db and look there, but for users and mods there is no way to see who downvoted a post
Yes, by looking in the DB or the data that’s federated as it comes through
What you upvote/downvote, when you upvote/downvote. With some database queries, they can also read DMs that are on their server (i.e. if you message someone on my server).
You can see who upvoted a post by putting the URL to the post or comment into any connected mbin server and clicking “favorites”. Downvotes are restricted by default (but admins can see those of course).
The only information admins can see is the information on their server. For Lemmy, that means a server would need to be subscribed to all communities you’re active in for that information to be available. If you want I can DM what upvotes of yours my server knows about.
I always thought anonymous voting was preferable, or at least non-public. I don’t want “why did you downvote me bro!?”-arguments to occur, and I don’t want to know who approves of my comments or not. I think thinking of votes as an amorphous blob representing general public opinion on Lemmy is preferable to getting into the weeds of who exactly likes your posts and comments.
We could also have “karma” on Lemmy, but while technically tracked the environment is better off without it being public in my opinion. I view voting records similarly.
If botting becomes enough of an issue that regular users need to report vote manipulation bots I’ll be fine with conceding my stance.
As a comment on the other discussion says, there’s a reason ballots are secret.
In reality you should be able to get an anonymized reference number to show your vote was tabulated correctly though.
Right now it comes down to an actual official finding your paper ballot with hand marked tracking and presuming the computer read it correctly on an overall vote total.
Being able to do this anonymously and securely is where the problems lie. Which is also why digital only voting still isn’t a thing anywhere.
In reality you should be able to get an anonymized reference number to show your vote was tabulated correctly though.
The reason there is no such thing in elections, is to prevent vote buying/extortion.
In Italy it’s such an extreme problem that any ballot where the party is not marked with a cross on the party logo and (if present) a block capital name next to it on the provided line, is automatically discounted, because stuff like writing a name a specific way or using crosses, checks, dots, or other symbols was used to track vote buying/voter intimidation in mafia controlled territories.
Some vote counters and polling station overseers would be on the take and keep track of if the votes they expected to see showed up when counting ballots and report back.
If you were able in any way to prove something beyond the equivalent of an “I voted” sticker it would immediately be used to ensure people voted a certain way or to exact some sort of backlash on those who didn’t.
I agree. As long as anonymous voting doesn’t cause obvious trolling/spam issues, it should be preferred.
One of the reasons I’ve always found Facebook off-putting and never used it (even before learning about the shady practices) are the very visible votes. I tend to overanalyse any reaction and would judge people based on their votes on my posts, even if I consciously tried to avoid it. Similarly, I imagine some other people would do the same and I’d feel like I’m under surveillance.
We could also have “karma” on Lemmy, but while technically tracked the environment is better off without it being public in my opinion. I view voting records similarly.
It’s strange that they removed total account karma visibility a while back but are now thinking about making votes public.
I think a good compromise (since Lemmy already tracks that data) would have been to show the upvote/downvote ratio a user receives on their profile page, without showing their total karma. That’d help you spot toxic users without incentivising karma whoring.
Similarly, a display of how often a user upvotes versus downvotes others would help spot bots and trolls without completely obliterating privacy like their suggestion would.
(But ultimately none of this solves the problem of privacy on the Fediverse being one federated bad actor away from nonexistence)
Should the Lemmy devs create a way to make the votes anonymous?
I’m not sure if there is a good way to have the content federate anonymously. Even if there was, it would be a vector for spam.
Vote manipulation is a growing problem on Reddit. It’s only getting worse with all the AI spam bots and they don’t have an incentive to stop it. Why trust a review on Reddit if bots are upvoting/downvoting on behalf of a company, or worse what happens in news communities when a well funded group wants to change perspectives.
Admins need to know if the votes/likes coming in are legitimate, else they should block them. It’s too easy to abuse anonymous votes to affect how content is ranked.
I left a long comment in the other thread which I will link in a moment, but I think either
- We keep the current setup, but we put in more effort to make new users aware that vote records are visible to admins/mods
- We make it public for everyone and take steps to deal with the new issues that it could cause
Other comment on the benefits/issues: https://lemmy.ca/comment/11097046
Admins need to know if the votes/likes coming in are legitimate, else they should block them. It’s too easy to abuse anonymous votes to affect how content is ranked.
This is a very real problem right now. Admins that are on to it use the votes to identify swarms of users that follow each other around upvoting each other’s spam/troll posts.
And that is still possible with pseudonymous tokens votes. You just end up banning tokens for malicious voting activity, and users for malicious posting activity. It’s at best a very mild adjustment to moderation workflows.
How does this work? The community issues federates votes but with a linked token instead of a linked user? How do you track vote manipulation across different communities on different instances?
I will also add that I think in the long run, as we try to figure out how to differentiate between humans and machines, the only real reliably solution I see is to focus on elevating the individual. Having people with long histories validate their reality by living and documenting it.
I don’t upvote something that I’d be ashamed for someone to see I upvote. I might make an exception for pornographic content, but even with that, if it’s pseudononymous in that it’s not attached to my personal public life, I don’t mind if someone can trace through and see what a specific account I use for those purposes has liked and disliked.
The current trust model already relies on a user’s home instance accurately reporting user activity and not injecting fake activity. Hiding real user votes behind pseudonymous tokens doesn’t change that at all.
As far as I can tell, the activity ranking algorithms don’t actually differentiate between up and down votes anyway. All votes are considered engagement.
“If you have nothing to hide then you have nothing to fear.”
Given the strong presence of the privacy community on Lemmy, I have to say that I’m a bit shocked to hear so many in these discussions chiming in to support voting transparency.
I’m on board with the idea of using ring signatures to validate the legitimacy of a vote and moderating spammers based on metadata.
Or, for something (potentially) easier to implement, aggregating vote tallies at the instance level (votes visible to your instance admin and mods) and federating the votes anonymously by instance, so you might see something like:
- lemmy.world: 9 up, 2 down
- discuss.tchncs.de: 3 up, 4 down
- Etc
Up/down votes are the method of community moderation that sets Reddit apart from many other platforms. If the Lemmy community is trying to capture some of that magic, which is good for both highlighting gems AND burying turds, radical transparency isn’t the path to get there.
In fact, I’d argue that the secret ballot has already been thoroughly discussed and tested throughout history and there are plenty of legitimate examples of why it would be better if they were more secret than they are today.
Many people have brought up the idea of brigading, but would this truly get better if votes are public? Is it hard to imagine noticing that an account you generally trust has voted and matching their vote, even subconsciously?
For those who feel that they aren’t able to post on Lemmy because downvotes make you feel sad, my feeling is that if you make posts in a community and they consistently get down voted to oblivion, you’re in the wrong place. The people in that community don’t value your contributions, and you should find another place to share them. This is the system working as intended and the mods should be thankful that such a system has been implemented.
The last point I’ll make is about the potential for a chilling effect - making users less likely to interact with a post in any way due to a fear of retaliation. Look - if you’re looking for a platform where all of your activity is public, those are out there. Why should we make Lemmy look just like every other platform?
Agreed. 10/10.
And you don’t even need real crypto here to start. The home instance can just send vote actions as fixed unique tokens. The way the trust framework currently works, this is literally a drop-in replacement and introduces no new spam/brigade vulns which don’t already exist from a rogue instance. It would be imperfect, and may still make it possible to correlate and infer vote patterns for a sufficiently motivated adve, but it would raise the bar for protecting user telemetry by a huge factor with very minimal effort. I’m honestly a bit surprised it hasn’t been done already.
introduces no new spam/brigade vulns which don’t already exist from a rogue instance
It does though. Now a rogue instance would have to have “believable” profiles for the accounts that vote, because an instance of just “lurkers” who seem to suspiciously vote is a pretty big signal of vote manipulation. If you only see a random identifier (or not even that, just a tally of votes) it’d be impossible to tell if it’s truly the instance’s users just passionate about something or actual vote manipulation.
In other words it would at least make the problem way worse.
The rogue instance would still need fake users though. It would be very easy to see if you are getting votes from 300 unique tokens, but the instance only has 100 users.
Also the method I am proposing would simply be transparent in terms of user management, so if you are running core Lemmy, the only way to generate voting tokens would be to generate users.
Is it hard to imagine noticing that an account you generally trust has voted and matching their vote, even subconsciously?
Not only is it not hard to imagine its easy to imagine the benefits of using this information automatically. I could imagine a client side script which re-ordered content based on who I trusted who had up or down voted it.
So I have users A B C D E F who are known to me who have voted on a given post. D and E are idiots I disregard their votes. F literally hates everything I love so I count his votes inversely. A and B are fantastic I count them x10 I tend to agree with C so I count his x2.
Not only can I potentially re-score threads and comments based on whom I trust I can if I really trust someone’s opinion apply their weights as well, and the weights of the folks upstream.
Yes, I too salivate at the idea that I could simply disappear all of the ideas I disagree with, but that is exactly how to turn a community into an echo chamber.
So I have users A B C D E F who are known to me who have voted on a given post. D and E are idiots I disregard their votes. F literally hates everything I love so I count his votes inversely. A and B are fantastic I count them x10 I tend to agree with C so I count his x2.
What you are suggesting here is, as I’m understanding it, a way to only get feedback from people you agree with and to never experience a critical discussion of ideas based on their merits.
Now, I’m not here to suggest that Lemmy is some kind of shining beacon of drama-free intellectualism, where every idea is discussed without bias or agenda, but I DO think it is valuable to hear from people whose lived experiences led them to a different conclusion than the one I’ve reached. Obviously there needs to be a mechanism to remove trolls from the discussion, but I fear a world where we only see content that we agree with, because then we will truly be removed from reality, and that’s not why I’m here.
There are a lot of people not worth attending to. If you do spend your time listening to these folks you don’t hear new ideas you hear the same bad ones over and over. It would be lovely that having noticed that someone is a persistent holocaust denier he could be added to a list that would disappear not only their contributions but their votes as well for thousands of users.
I want to have the ability to turn on my echo chamber, when I want it, and also to be able to turn it off, when I want to step outside of it for awhile. This doesn’t have to be a toggle - it could be having an alt on a different instance.
I don’t want this choice made for me by people who think they know better how to run my own life than me. They can write an appeal that I will consider, but ultimately I want to make my own choice.
Having votes be publicly viewable allows us all the freedom to do as we choose with that information - including to ignore them entirely. What I would probably do with it is make large block lists of people on lemmy.ml, since it turns out that user blocks of an instance don’t block all that much. Fwiw, for everyone I’ve blocked in the past, I look through the post history to see if they merely are being disagreeable on a particular matter but overall are capable of contributing something substantive to a conversation, or are nothing more than a troll, setting out to vomit their emotions upon everyone worldwide across the Fediverse.
I’ve been a mod before, on Reddit, and am under no illusions anymore that everyone is worth listening to - a downvote from someone rational I will give serious thought about, but an idiot is an idiot, even if a community mod hasn’t banned them (yet?).
It’s like autocorrect: feel free to make suggestions, but it would be nice if I could have control when I want it, including/especially not wasting my time.
Always in favor of taking power from mods that they can abuse and simply do not need.
The 1 “You think you can come into MY instance, and downvote ME?” post I read was 1 too many.
I’m guessing we saw the same one, and that’s literally the only instance I’ve completely blocked.
No, vegantheoryclub.org actually
On Lemmy the concern isn’t even mod abuse - it’s just how much user telemetry is pushed around in plaintext which makes me uncomfortable. I’m sure there are already instances which do nothing but listen to AP traffic actively building activity and interest profiles on Lemmy users. Say what you will, but at least on reddit they have to buy that shit. And if such a rogue admin is even a little bit enterprising, there are a bunch of potential IP deanonymization attacks possible by serving up content targeted to specific users during specific times of day. And probably a bunch of other shady shit I haven’t thought of.
Honestly it’s more than a bit suspicious to me that AP and Lemmy has put seemingly zero effort into mitigating this sort of thing.
The version code hasn’t even hit 0.2 yet. Lemmy was founded by people who got banned from Reddit for being too toxic & extremist leftists, so went off to make their own replacement. They do what they like, and bc Rust is a difficult language to work with, not that many are willing to help.
Then after Huffman’s debacle, we started to see Kbin, Mbin, Piefed, Sublinks, and perhaps more - but none even as advanced as Lemmy yet.
But more to the point, that’s just the nature of an open network. Wouldn’t Wikipedia suffer from the same issues? Though less of an issue than a social media framework I would wager.
