Should we opt out of Lemvotes?
Update: Thanks mateys for participating! Our instance was really split down the middle on this vote - 49% in favour, 51% against.
After reading all the comments, it honestly seems unlikely to me that private voting will ever be a viable option for Lemmy in any meaningful way, because voting data gets federated out all across the fediverse, so I think on balance the best way forward is just to accept that reality and work under the assumption all votes are public. At least then nobody is lulled into a false sense of security.
Having said that there's an argument to be made for both sides and I don't think there's a "right" answer necessarily. Its more down to personal preference about whether you want/expect private (to the users) voting, or you want to embrace public voting. But until Lemmy can guarantee the privacy of user votes then simply pretending they are private seems like the worst of both worlds.
We might revisit the topic of public/private voting again down the road if Lemmy's developers provide privacy enhancements in that area though.
Cheers, Unruffled.
Hi again mateys!
As most of you are probably aware, since the development of Lemvotes Lemmy votes are no longer private for users.
The way lemvotes works right now afaik, is it uses an admin level account to collect voting data from all federated instances, thus enabling the identification of every voter. This method effectively bypasses the guardrails the developers put in place to keep this info more restricted.
However, the developer of lemvotes has recently developed an "opt out" for instances that don't want their user data collected in this way. So now we have a choice of whether or not to continue. For total transparency, I asked the developer to create an opt out because I wanted to give our users the option to choose that path without defederating from the lemvotes instance.
I think there are (at least) two schools of thought on this topic, which I will attempt to succinctly summarize below:
-
Votes should be kept private to users as they were only ever meant to be viewable by instance admins. Making votes public to everyone via lemvotes, when users have a reasonable expectation of privacy when it comes to voting, is a betrayal of user trust. It also leads to arguments and a lot of unnecessary drama, caused by users trawling though each others' vote histories.
-
It's good that voting is transparent and that users have the same tools available as admins to conduct their own investigations into other users. This creates a level playing field and helps hold everyone accountable for their voting patterns.
So now you have some of the context, I'd like to ask our community what are your thoughts on lemvotes... is it a social good or a bad idea?
Personally, I quite like it from an admin perspective - it's a handy tool, and a pretty cool project. But I also have an expectation (mainly from other forms of social media) that users' votes should be kept private from other users, so I still think it's problematic from that perspective.
Proposal: To opt out of lemvotes, so that our users' voting data is kept (at least somewhat) private.
- To vote FOR the proposal to succeed, upvote the post.
- To vote AGAINST the proposal, downvote the post.
This will be a simple majority vote. Similar to the last governance topic, I have no clue what the instance sentiment is towards lemvotes, so let's find out! Feel free to add your comments below.
Acknowledged governance topic opened by https://lemmy.dbzer0.com/u/flatworm7591
This is a simple majority vote. The final tally is as follows:
This vote has concluded on 2025-08-09 01:29:16 UTC
Reminder that this is a pilot process and results of voting are not set in stone.
Waat the hek du thees emoji signifie? (si, soy
Nederlandishe)It's the instance's voting system that classifies users according to their description upon registration and/or their donation to the instance, see this thread: https://lemmy.dbzer0.com/post/35557475 (it's linked in the sidebar)
Leaves me more confused, as the icon I got marked with doesn't seem to be mentioned.
I don't see much point in opting out. The data will still be available to anyone who spins up an instance, and this could lead to a big game of whack-a-mole.
Better would be to push the Lemmy devs to find a universal solution.
Hi, Lemvotes dev here. As you can imagine, I believe votes on the Fediverse should be public, because that's just how ActivityPub works. Votes are sent out to every subscribed instance, which can then do whatever it wants with them.
We need to stop pretending votes on Lemmy are private, they're not. By letting anyone view votes (well, they can do that without Lemvotes by setting up their own instance, Lemvotes just lowers the entry barrier), users can see, for example, who's serially downvoting their posts or a community's posts.
Also, I don't think votes being public ruins Lemmy. They're public on bluesky and (virtually) no one is complaining. Additionally, platforms like kbin and mbin, which are part of the Fediverse, already make votes public. So even without Lemvotes, people can view the votes on posts. Lemvotes just makes it a bit more convenient.
The only way to fully prevent anyone other than dbzer0 admins from viewing votes is to disable federation.
Just a technical nitpick, this is inaccurate. Lemvotes queries the Lemmy database directly, so instance admins can plug it into the db and Lemvotes is running. I was considering making Lemvotes its own Fediverse actor, so that (1) setting up an instance of Lemvotes would be easier, and (2) opting out would be simpler by simply defederating lemvotes.org (or wherever the instance is running), but after working on it for a bit (the results of my work are on this git branch), I realized I don't know enough about ActivityPub, and that I don't care enough about Lemvotes or Lemmy to spend my time on this, as I have other projects to work on. In case anyone wants to develop that themselves, they're free to do so! Lemvotes is open source.
Thanks for this insight, it swayed me to vote against the proposal. If votes are already semi-public through federation I'd rather it be transparently public than giving the illusion of privacy.
Thanks for adding your voice here Lena, and for clarifying the technical details.
Having read through all the comments (thanks everyone), I'm voting against the proposal. But of course we will respect the voting outcome, whichever way it lands.
what is this supposed to be
A drunken sailor? I think anyways
Why did it decide to reply to me lol
It replies to all top-level comments
I think this is a great write up and shows why it doesn't make sense to opt out, votes on the fediverse like anything else shared over activitypub are public, an opt out doesn't change that.
Personally I think that a service like Lemvotes should fight against this as much as possible, some people have and admins have made slanderous and outright evil accusations towards them as a result but it ultimately doesn't matter. This place is open and public, all activitypub data is shared publicly. If someone running a server doesn't like that, they should move to whitelist mode or turn federation off entirely.
Providing server admins with easy opt-out while still remaining public hurts the viability of a server like that and encourages decisions based on a false sense of privacy.
I'm not exactly sure what you want here.
If you'd like votes to not be federated at all, that would mean instances would only have the local count of votes (i.e. only votes cast by users from that instance), which brings little benefit, and would make small instances unusable.
If you'd like only vote counts to be federated, but not who cast the votes, that would allow people to make accounts spamming votes, with admins from other instances being unable to figure out where the spurious votes are coming from. As in the previous example, it would bring little benefit (votes would be private, sure), but it would cripple moderation tools and make post and comment ranking untrustworthy because of potential (virtually) undetectable bots.
Personally I vote against because security through obscurity, isn't. People who want to get this data for malicious purposes can easily get it. It will only affect people trying to do it causally (i.e. To check if someone is a chud).
I personally find the whole voting system in lemmy flawed but that's another story.
Yeah I've had a change of heart about lemvotes. After reading through all the comments, and realising people only need a kbin or mbin account to see all the votes anyway because of how activitypub works, there is basically no point imo. As many commenters mentioned, opting out of lemvotes will only give the illusion of privacy, and doesn't address the underlying problem. And given our genAI mods rely on that tool to assess troll accounts, I'm kinda hoping it won't pass now.
But really if we were to go along with the public voting paradigm that is part of activitypub, then I think Lemmy should really embrace it. Like create a toggle that allows instances to enable public voting, so any user can see who voted on what in the default UI. Might also help reduce vote manipulation once everyone knows its fully public.
Unfortunately displaying the fact that they're transparent was closed as an issue: https://github.com/LemmyNet/lemmy/issues/4967
If you look through the thread it's the same as here. Divided between "public is public" and "public should only be public to a technocratic elite" and "I am an ostrich"
🙃
*bin only displays who upvotes, not who downvotes. That said this data is public in the ActivityPub stream rn as you say.
Why flawed? Please elaborate, genuinely curious.
Because up and down don't provide anywhere enough for signal. I would prefer them be specific positive/negative emojis which would help with filtering and sorting, lead use properly and avoid misunderstandings
Like slashdot?
Ye
This would be so much better
Votes are public though, pretending that they're not is just deceiving users.
Anyone who admins a federated instance, and any of their friends, knows vote counts.
This is literally just reddit and hackernews, some of the worst and most astro-turfed socmed. Twitter post nazification too I guess.
Against.
Against.
As Lena has indicated, this does not require spinning up a full instance and admin account, but just to spin up a copy of LemVotes, which is open source. Easier than that, I've also read that votes are available without admin rights through queries to the Lemmy API. Even easier,the votes are also already public through the *bins and friendica.EDIT: Lena has clarified that Lemvotes does depend on having a Lemmy instance, and that votes are only available through API to admins.
I understand the use of having a small hurdle to dissuade people, I regularly build them into my scripts at work so people can't accidentally break shit with them. But my point is, removing our instance from LemVotes does not raise that hurdle to any significant degree.
This is a core limitation of ActivityPub. Votes must be sent with username attached for federation to work properly. The data is already out there. Any ActivityPub system that doesn't make them public is just doing so on the front end. It's set dressing, not actual voting privacy.
I don't like that it works this way, but I've chosen to accept it as the cost to be part of the Fediverse, to be uncensorable.
If you want privacy, the path is the same it always has been: rotate accounts regularly.
As far as I'm aware, the only true workaround is in piefed (I think it's piefed at least) where a hidden account with a randomized name is created with your real account, and the hidden one's name is attached to your votes instead of the real account. So it would require your own instance admin to see the link in vote and identity. Or basic levels of observation skills to connect the person posting negative replies is the random username also downvoting.
I also don't like the idea of even being able to opt out. It creates an entirely false sense of security and privacy, and could be seen as a signal that our instance doesn't intend to participate in the wider fediverse transparently and in good faith.
Well stated.
Thanks for the reminder.
Lemvotes currently depends on a Lemmy instance, though I could make it independent with Fedify if I had the time and energy.
https://lemmy.readme.io/reference/get_post-like-list
the API is admin-only, though votes are federated through activitypub, that's why instance admins can see them. That's just how activitypub works.
yeeeeah, this was the db0 admins' idea, otherwise my instance might have gotten defederated, which I prefer doesn't happen. The solution would be, as I said, to make Lemvotes its own fediverse actor, but I don't have the expertise or energy to do so.
Umm, wait what?
Lemvotes gets data from my instance, so if I hadn't made the opt-out option, this community vote would still be run, with the difference that there would be the option of defederating me instead of opting out.
Ah, I see. It sounded quite threatening, tbh (and it technically still is a threat, but now at least I get why it would be necessary to prevent the votes from being counted by Lemvotes...). I hope it won't be necessary, the poll is close to tipping over to not opting out...
I don't want lemvotes. It sounds like some real reddit shit and it's a terribly dumb word. Not to mention I want less tracking and more anonymity on the internet in general.
This is not going to give anonymity, it at worst gives an increased false sense of anonymity.
Not only could others spin up more copies of lemvotes, last time I checked every mbin instance shows that info freely.
For what I'm concerned this proposal would merely make looking up votes slightly less convenient.
Edit: Yep, mbin still shows votes, no login required: Example
Less convenient means more private if more people give up. I don't expect 100% privacy in my life, but I won't make it easy for anyone.
Its not making it harder.
Ita barely even less convenient. You can just got to mbin/kbin (without even being logged in) and see the same info. The only reduction in convenience would be one site not showing it.
Votes on Lemmy are not private and you shouldn't think that they are even remotely, and I think thats something lemvotes does quite well - shine a spotlight on the problem, which should be addressed inside of Lemmy.
I think that opting out only makes it harder to find out who voted what, I can still find out who voted what by opening a post in friendica (though it misses a good bit of info).
Giving users the illusion that their votes are private is dangerous.
This data isn’t private in the first place. What point is there in opting out of a pinhole when niagara is right there?
Against.
Facade of privacy is worse. Opting out won't do anything, and it might give people false sense of privacy. Let everyone know their votes are public. In my head, voting on lemmy is equivalent of saying "aye" in real life, that is, you are assenting to something publicly.
I in fact consider this to be a feature, it's helpful in detecting votes manipulation.
Against.
To block it would just further a false sense of privacy. The votes are already public, this just makes that data very slightly more accessible. To pretend otherwise is simply burying our heads in the sand.
This instance is based greatly on sailing the high seas. Privacy should go hand in hand with that. I don't want my votes to be "investigated" as they reflect my personal opinions and that is sacrosanct.
Understandable but not what this proposal would achieve. The data is available, this is just one of the interfaces showing it.
This one can be easily opted out of, other existing ones cannot.
This sort of software issue needs to be more well known to be fixed in my experience. To either increase the priority for the existing devs to find a solution until they do, or increase the circle of people aware until someone learns of it that fixes it.
This "first step" would make the issue less well known, since some people would see it as already fixed, or on the way to it. But at the same time, it would do absolutely nothing towards fixing the issue; It wouldn't even give any dev practice towards it.
If you find compromise solutions, you risk people taking that and not bothering to request an actual solution. Take the switch from IPv4 to IPv6, then making lemvotes useless would be like introducing NAT, a shitty "solution" only partially fixing the problem, yet the reason we have not been forced to switch 25 years ago. And so, since there is no pressure, the world still runs on IPv4.
I think this is one of the cases where you want to only let the issue be fixed the right way, or it'll never be fixed.
On ActivityPub, all votes are public by design. They are only hidden so users can focus on discussion rather than "who did what". Anyone with an AP instance or tools like this can view your sacrosanct opinions whether you opt out or not.
So it seems like this discussion should be aimed moreso at ActivityPub, not Lemvotes
I absolutely agree. What does lemmy achieve over reddit if it is not more private?
Not corporatly owned and federated. Federation has positives and negatives. This has been a known "negative" from the start. It's why some instances don't show the down vote arrow, or don't show either. It's all about instance choice. But if you opt to vote, it is known by all, because when you click that button, your user just sent a message to everyone on activitypub that you pressed that button.
To echo another user, "should we not be voting about federation with Activity Pub?"
Except that's not how any of this works. Votes are public via the ActivityPub protocol, which is why this tool is possible in the first place. Kbin ane Mbin make votes public, so all you need to do to see this is use one of those instances federated with dbzero. This kind of comment is just being ignorant of the technology and mechanics in place. If you wanted that kind of privacy you shouldn't be on this platform. You should probably not be on a public forum with actual usernames. Maybe try 4chan?
The fact anyone on db0 would advocate for 'transparency' in the name of surveillance makes me believe either I chose the wrong instance or you did.
Sure, that data is available to admins, but this approach will naturally lead to a chilling effect that directly opposes this instance's supposed principles. I understand the why here, but cannot fathom, with how often data is misconstrued by the malicious in the modern age, anyone would operate or advocate for such a service.
This is exactly why I think we should push for Lemmy as a whole resolving the issue, instead of dealing with vote trackers as they crop up.
That data is available to admins of any instance. Anything federated. That's an impossibly large number of instances to keep track off over information leaks, especially since votes are saved permanently so any leak of any instance would retroactively expose all votes again.
This is not even starting to touch on other activitypub software interpreting votes as inherently public and showing them as such. On mbin, anyone can see votes.
In practice this data simply is irrevocably public until lemmy itself hides it on the protocol layer. Right now, it can't even be properly obfuscated.
What's the chilling effect? What kind of power does anonymity of voting (even if that were available on lemmy) confer, considering that comments can't be anonymous?
I understand what a chilling effect is. But you can't post here without your user name being attached to it. So posting is not relevant to this issue about votes, is it?
As someone pointed out this is already public information for anyone using kbin and mbin. Blocking tools like this doesn't really change that, or even make it harder to see. People are saying without it you would need to make your own instance to see who voted, but given kbin and mbin exists this is probably false and misleading.
Votes being public is an inherent part of the protocol and the software. There isn't much that can be done without redesigning both of those things. Even then it would probably be a case of votes per instance, not fully anonymous voting. Doing that could potentially create moderation problems as well.
I feel like this would be better served as a discussion around ActivityPub then and not just Lemmy - and not just ancillary softwares based on Lemmy like Lemvotes
Maybe the whole question is just, should an instance show votes. As in, if an instance truly wanted their votes to be anonymous on activitypub, it couldn't happen. So those who are not wanting to have their up/down votes seen, should be opting out of up/down voting. While those who don't care / want their votes to be seen, should be up/down voting.
Who surveils who here, though? I can be surveiled but also surveil the surveiler myself, as long as the person is on an instance that hasn't opted out. And isn't viewing people's old comments a pretty similar sort of "surveillance"? The difference comes mainly from how we're used to the reddit model where comments are public and votes are private...
Lemvotes has been available for many months, yet there's been no "chilling effect" on anyone's behaviour, as far as I see.
I'm for the opt-out. I am aware of the fact that anyone who has looked into the subject knows that it's easy to get that info, but there's a difference between "I need to actually put a small amount of effort into it" vs. "I just copy the URL". If someone wants to look it up and jumps through the hoops, that's fine by me, but it shouldn't be an everyday thing.
I personally vote on nearly every post and comment i read, and even tho i don't want to push any agenda or discriminate any user, someone who i perceive as a bad actor or who regularly comments stuff that screams "i need to touch grass" might construe (wrongly) that i target them. Tbh, most of the time i don't look at the username when voting.
(but it is pretty interesting that i have submitted around 71000 votes since the API reddit exodus lol)
Against.
An illusion of privacy is dangerous. If voting isn't anonymous (it isn't, and wouldn't be after an opt-out) then it's better for users to know that and act accordingly.
I dislike the comments I sometimes see which threaten people downvoting certain things and imply that the only possible reason anyone would downvote is because they are and that they will be stalked and shunned for doing so. I see these kinds of comments in situations where something probably got downvoted because the person was being an asshole or an idiot rather than because downvoters are on the opposite side of their ideology or hateful. So it's like they want to prevent criticism through chilling effects and bullying. I get that it's tough to see that people don't like what you have to say, and that sometimes this is not useful information, but that's what options to hide vote scores are good for, just cut yourself off from this information if you can't engage with it in a healthy way or acknowledge that you might not understand the unstated thoughts of the people clicking up or down.
Even if it is not ultimately concealable information, I think this kind of measure is good because it at least sends a message that toxic vote stalking is disapproved of.
Against
This information is already public. Something like kbin or mbin which already shows votes could theoretically be used to show them for any federated instances anyway. It's pointless trying to obscure this information as it's not actually protected in a technical manor. If you didn't want this information public you chose the wrong platform.
Voting for the proposal, would be nice to opt out of extra tracking beyond what already gets tracked/logged during typical Lemmy usage.
But in the grand scheme of things this is more of a Lemmy network problem, if that site exists then surely other sites/tools exist (or will soon) to do the same thing. I've always kind of figured it doesn't take much to start up a Lemmy instance, federate with others, & just start logging the info being sent across the instances (in this case upvotes/downvotes).
You've kind of got me wondering how Piefed handles that but that's another topic really.
Everything you do on lemmy is public forever. That's how activitypub works. Even if you delete everything no server has to respect that.
Anything you upload is public record forever until proven otherwise.
I'd like to opt out of lemvotes
I doubt there's any practical way to keep votes 100% private, there's always a workaround. Playing whack a mole on this stupid little thing is not worth it
Against.
Pretty much eeveeryone have clarified the good reasons Against already, and I share most of them. The one that I want to emphasize more is that regarding this point:
Half the point of lemmy is that it's not like other forms of social media, at least the big ones. This is not Twitter where we know already everyone is nazis, or Reddit where people can just brigand and go bomb-review software projects or stuff like that with impunity. The other half is that it's federated and public. That, by nature, has to somehow include the votes.
We're on lemmy. Let's own it.
Against.
User votes have never been private as it seems. Lemvotes only made this loophole mainstream. This has to be fixed by lemmy devs, an opt out would give a false sense of security and leave the other lemvotes type tools that are not known yet untouched.
It's not even a loophole, this is how ActivityPub is designed
FOR
Yes the data is available to anyone, but at least it involves some technical prowess.
The amount of times i have seen people discuss some users votes and what they interpret into it is just weird. let them at least dig for the stuff a little bit.
from a privacy standpoint it would be great, if the data could even be hidden from admins. while still allowing to do some verification (like in these governance threads). but that is a problem for the lemmy devs.
Votes are public on kbin and mbin too. Without even logging in.
Regarding hiding votes from admins, that's impossible without crippling moderation tools and allowing vote spam to happen freely, because admins would not be able to investigate. And that's just not how ActivityPub works. Votes are public.
i don't know activity pub well enough to say what is possible to do on it. i was just saying what would be cool, to avoid tyrading users, based on what sometimes seems to be one or two votes.
IMO vote spam is just buildt into lemmy. spinning up your own instance and pretty much nuke any post, user, community, ... you want is not that hard. i thought of writing my on POC for a 1 click script like that - but did not end up doing so, as i was too lazy.
i guess that is my main motivation behind being against easily accessibly insight into votes: most ppl are too lazy to do it themselves. it is good to know anyone can access it. but they have to put a little effort into that.
you and i will probably not agree on that, but that is fine.
Against.
As it turns out, upvotes are public regardless! As that's the case, I really just don't care either way.
voting for. i understand the info is available either way, but im in favor of raising the hurdle for this data to be collected.
Voting against, succinctly:
I think there are good reasons to disagree, but I won't make that case as well as someone who does, so I'll leave it to others.
I'm voting FOR. To be honest, after reading the comments, I do find the argument convincing that we shouldn't enable the illusion of security. But, on the other hand, I strongly believe that creating a tool to specifically investigate particular individuals, even if it was already technically possible, is ripe for abuse.
Literally any barrier to entry can give some angry individual a chance to cool down before they go on a brigade against the target of their rage. I'd slightly prefer if we don't enable them.
All that said, if it's not this tool it will probably be another, so my vote is mostly symbolic.
Maybe it would be better for everyone to have access to this tool, rather than just a select few who have the time or know how to setup their own instance to collect this data?
I mean, maybe, I really can't say for sure. Taking this to its logical extreme - should everyone have access to Clearview or one of the many facial recognition databases? There are clear upsides and stark downsides.
Obviously this case is a lot less everything than that hypothetical, but I think it's all part of a larger conversation about privacy and access to ostensibly private information, or even how private information should be.
I'm not prepared to believe that humanity is ready for all the privacy we've enjoyed to be lost so quickly.
Against. Generally I prefer the option of being anonymous, but we shouldn't promote a false sense of security with a tool that doesn't accomplish the job.
ITT people not understanding that their votes are basically public no matter what. This tool might as well be one of a thousand and we're just playing wack-a-mole. Kind of a waste of time to bother with it, instead lemmy should get better.
I wonder how many people will up vote the post without reading it just because it's what your supposed to do for discussions you want promoted. Some people might say, oh a public announcement for the instance, up vote and move on.
Judging by the previous vote in c/governance, not very many imo. I think most of our users who take the time to vote have already formed an opinion one way or the other, and judging by the quality of the comments, they are informed about the topic. It's also nice to see some undecided folks reading the comments and being swayed one way or the other.
I'm trying to stay out of the debate and act as a (fairly) neutral arbiter so as not to influence the outcome. But it seems so far that around 2/3 of our users prefer votes to be kept (somewhat) private. The other 1/3 prefer public votes, for a variety of reasons.
As someone else mentioned in the comments, a lot of us came over from Reddit, so that might partially explain why the sentiment is skewed towards private voting - it's simply what most folks are used to. But I can also see an argument can be made for transparent public voting, as a means of keeping everyone honest and accountable to each other. I haven't completely decided which way to vote yet.
I don't think so, votes are public by nature, and it is useful to be able to find where and how users vote to make judgements based on vote manipulation. I say this as someone who has dealt with huge amounts of vote manipulation in my own communities.
Although the fact they are offering opt outs from instance admins instead of making it censorship/defederation hardened does make me lose faith in the integrity of lemvotes as a service since it no longer will show a majority of votes due to admins opting out.
You can always run your own instance of lemvotes
Its open source.
in FAVOR: even if it's a bit of a facade, it gives off the signal to future devs that privacy is still very much a desired thing, even here, and not an after thought.
As others have said, it seems that comments and votes on Lemmy are public by default, and the issue of anonymization should be directed towards redesigning how Lemmy and even ActivityPub shares information.
That being said, we on db0 have less control over those softwares because they underpin our instance here on Lemmy. For what we do have control over, I'd expect this instance to preserve the privacy of its users as much as possible.
I also agree with others that opting out of Lemvotes means one more deterrent for bad actors to abuse the system. We don't want to make it easier for people to spy on and stalk others, even if this opting out doesn't fix the root cause.
I vote Aye for now, only so far as we continue this conversation to address privacy overall in the Fediverse.
Against. Votes being public makes me vote better. It stops me from angrily downvoting stuff I dont like when im in a bad mood.
Interesting, I was wondering about that. If they were completely public by default it might make people more thoughtful about their voting in general.
They are public, and that doesn't stop anyone being insane. More transparently public might be good though.
Personally I think transparency is almost always good. Nobody is stopping you making an account for being a creep and a loser on, but that might earn you derision. I can see no compelling reason for hiding votes, there's this abstract "oh I can support true but unpopular positions" ok well for good causes secret support is pretty much worthless and if I might become a goose with a knife for a moment: What are these secret opinions of yours? Because as someone who occasionally looks at voting patterns it is always the conservative takes lmao.
Lmao, so true!
Not just unpopular but also personally conflictual. You might want to just lurk for various reason. health concerns, pending life changes, personal issues. Or a comm that is local to you.
There are all sorts of things which as value-neutral ephemeral whims. Sometimes you vote based on agree/disagree, or based on the quality of the comment, or just based on your mood.
I can't understand your first paragraph.
You know your entire comment history is also public right? Voting isn't an agree disagree button, and even if it was. All non Nazi socmed is public, all endorsement in life except nonsense bougie spectacle is public.
Society doesn't fall apart because people can see you nodding along and hear you going "Good point" when talking to people.
It's all moot anyway, activitypub is public, everything you do is public and must be thought of as archived indefinitely. The only remotely "private" thing is PM and that's visible to any admin and any snooping infrastructure on the way.
So uhhh yeah, stick your head in the sand if you want but your votes are public to half the threadiverse lmao.
votes are not private on activitypub platforms. it's all accessible via activitypub.
Also, the stakes on Lemmy are not nearly as high as in democracies.
They should be public imo, for moderation. Otherwise, spamming votes with a not would be very easy.
And, excuse my ignorance, just how are votes on Lemmy as important as in democracies? I think votes being public is also useful to make people think before downvoting.
And I don't see how opting out of Lemvotes will improve the situation. People can just go to mbin and see the votes.
There's also not a whole lot of a problem with votes being public, for example, they're public on bluesky and complaints are rare.
This comment is nuts.
It is already public. Every server on the network has it. I only have to go to kbin and browse this thread to see how you've voted, or spin up an instance and federate.
Please read about how activity pub works if you are so concerned.
also read this https://www.usenix.org/system/files/1401_08-12_mickens.pdf
It does to me. When I first joined the fediverse i was on kbin where votes were public and it made me think twice if something was truly downvote worthy then I got on fedia.io where downvotes were hidden and I caught myself downvoting more and more comments that I disliked or disagreed with wothout them being inherently "bad" coments. Then here I've been trying to be more concious of how I vote but, tbh, is kinda hard to keep my inner redditor under control when I think I can get away with it. A few days ago I learned about the lemvotes thing and that has reminded me of keeping my voting habits under controll, I know i should be mindfull of it regardless but is somewhat easier for me when someone might be watching.
Against.
A harder question for me is whether or not to get rid of public downvotes altogether. I think most interactions would be less hostile without the downvote option at all.
In my opinion, it's a good thing. Anyone wanting the information for nefarious purposes only needs to spin up their own instance and they get it. This just gives the tools to everyone easily.
I think the illusion that votes are private should be crushed, because they aren't and you should be aware of that.
I support it but it feels pointless given it's just trying to treat symptoms and not the core issue which is the ability to get them in the first place. I don't think that there's even any good solution for that given the decentralised nature of the fediverse which sucks.
No, I just happened to see the notification for this post on matrix on my phone so I manifested my presence to critique lemmy only to afterwards dissipate into nothingness like I once was.
It is complicated but possible.
You can anonymize votes, peertube is doing something like that.
I can imagine even more complicated systems that limit the instances with that info to 2-3, a number small enough to make it plausible no leaks happen, while still making it very hard to fake votes with a malicious server.
Interesting, is it actual anonymity or just static obfuscation where after simple data analysis you'd be able to tie all past and future data to the user moving forward? Do you have the source for that? I have issues finding anything despite trying out different keywords.
I'm against opting out. Whether Lemvotes, vote federation, or the voting system as a whole are good or bad isn't the matter at hand. This vote is either for or against plugging our collective noses and pretending everything eternally smells like lilacs.
Against: you depend on the lemvotes instance implementing the opt-out feature, you can just as easily fork it and remove it
The opt-outs are not hard-coded in the source code, it's just an environment variable. Forking would be unnecessary.
Anything that makes it harder for the average .world brigarder to harass people because of their voting patterns is a welcome change. So naturally I'm voting "aye" and for opting out of any further such tools/other instances of them when they will eventually pop up.
I am aware that votes are not private, but the bar for exploiting that is on the flor when you just have to copy a URL
IN FAVOR OF OPTING OUT
Public voting is one of my least favorite features of lemmy/threadiverse.
I don't know if it's possible to have a federated network where votes are totally private but it would be a strong preference for me. I thought there were already some tools instances could use to protect their users privacy?
If it is implausible to totally obscure it, then I think we need more user controls to avoid accidentally voting for something that leaves a breadcrumb trail about you. Such as reminding new users their votes are public, having an easy way to see overview of all your own votes, option to remove the vote buttons from the UI, being able to unvote all your past votes (which would still be imperfect of course).
After reading the comments in this topic, I am voting AGAINST.
For.
Opt Out. We don't want others spying our internet updoots.
I'm not a fan of this, it gives a false sense of privacy in the Fediverse. Voting data is public even if specific tools to view it decide to cater to the desires of admins. It's very easy for developers to just not do that, and it has been done before.
Against.
I'm in favor of opting out of this, but not because of privacy concerns. Being able to identify how users vote would take away from conversation, as well as discourage users who would rather avoid being dragged into the conversation from voting at all. Sure, the data is already available to those willing to spin up an instance, but the overwhelming majority of people wouldn't bother. This really should be opt in instead of opt out.
I haven't looked into it in the slightest, but I was just thinking that it probably wouldn't even take all that much work to just create a userscript that just pulls that information from kbin or mbin (since it doesn't even require being logged into to view) and have it easily accessible on every post, no matter which instance you are apart of. Once made public, anyone can install it with a couple clicks.
Wouldn't it be better for people to assume it is easily accessible information and treat it as such instead of giving themselves a false sense of privacy or thinking that it might protect them from being dragged into a conversation?
Even less work, if I understood correctly, it pulls the info directly from the API. See the comments of Lena here.
Against.
Not that I would use it anyway, but I bet it helps in finding bots that manipulate certain posts. R****t has ton of these and they end up undetected, especially with new private profile settings. I'd rather show everyone what I voted for and let them know I am real rather than have bunch of people in threads promoting corpo things as if they are real people.
Like putting plywood over the cistern pit. The privacy risk exists, lets not hide it to make ourselves feel better.
For. More privacy > less privacy, even if it's minimal.
The privacy would be a facade tbh.
I've read a few comments here. I'm not sure I fully understand, but,
With Lemmyvotes anyone can see anyone's voting history.
Without Lemmyvotes, someone would either need to be an admin (is mod enough?) of an existing federated instance, or they could spool up their own instance to become an admin, which in turn makes them able to see my votes.
Option 2 makes it more work and I'd rather there was a hurdle to seeing my vote history than not.
See Lena (the dev)'s explanation. Option 2 also includes just using Kbin and Mbin.
exactly, and it's a STANCE for privacy. It gives off the signal for the future devs that privacy is still desired
There is no path forward within the activity pub universe to achieve that. Voting would need to be completely removed.
Not quite. Pifed or something does a like slushfund for votes. When you make an account it makes a user that votes for you. Admins of course know who is whom.
Still vulnerable to correlation attacks and stuff but we're getting pathological now. Still YOUR COMMENT HISTORY is necessarily public and eternal, so maybe just realising that social media is public is the thing to do.
Go to dread and enjoy that if you want anon socmed. It has good and bad aspects, activitypub is for broadcasting to all listeners how crap you are :p
That’s actually an avenue I hadn’t thought of. Though it does open things up to malicious/spam voting with a bit of a smoke screen that requires admins from another instance to cooperate to handle.
Opt out
I say opt-out, less easy-access data is always better.
Against. Occasionally I snoop through someone else's up/downvotes ("oh yeah, this guy is a cunt, just as I thought"). However, it seems unfair that I get to check the votes of people from servers that haven't opted out, while as a dbz0 user myself I'd be safe from such "inspection". (Have any other major servers opted out anyway?) It's a problem (if it is a problem) that should be resolved across the board, not just from individual instances.
Is the div0 bot broken right now?
Yes the voting thread encountered a bug and had crashed, fixed and restarted now.
Thanks db
I don't know if it's related, but this user got incorrectly assigned the landlubber tag...
landlubber is just a user who doesn't have any other flair assignment
Ah, sorry for bothering then, I thougt it's only for users from other instances :/
Ye I saw @[email protected] saying that elsewhere. That is usually the case, but it doesn't have to be.
Lol, just another excuse to get doxxed by a psycho.
This info is already public. All you have to do is go on kbin or mbin.
Technically DoX info is also "public"
I have to believe some sort of system could be designed that can preserve privacy while preventing abuse. Maybe zero knowledge proofs, packet filters or fail2ban. Adaptations would have to be made, of course.
But I expect that exposing everyones' voting habits would enable more vengeance and spite than it would cooperation.
In holding out for a better solution. I choose the lesser evil of risking anonymous abuse over the greater evil of open discord.
This whole software seems like it adds nothing to the fediverse. I abstain, and wish to defederate and avoid software like this in the future.
voting for
Public votes are the biggest problem on Lemmy, and it should be a development priority to make them properly anonymous.
Pointless regardless of how you feel, am I wrong? Like wouldn’t other instances that have federated with this instance lead to comments from here
Private votes are a mixed bag. On one hand they can be abused and lead to brigading and making them public defuses this easily. On the other hand sensitive topics obviously are something one may not want to leave a receipt over. Dunno
Is it at all possible that we could edit the ActivityPub protocal for just our instance to NOT report who upvoted or downvoted what to the wider fediverse?! And if it is possible (I genuinely don't know how it works, so pls feel free to tell me otherwise), would any of us want to develop that?? (Feel free to remove this if this comment is too unhelpful or it shouldn't be discussed here)
I use it for moderation, so having less data will severely hamper my ability to work.
This is something I have never understood. How would you use this for moderation? I'm a moderator of the biggest community on this instance, c/piracy, and not once have I needed to look at people's voting behavior. What do you assess by looking at their votes? Which benefit does it provide for your moderation work? I find it quite weird that this feature exists in the first place. It just leads to mods behaving completely erratically, leading to cases like this https://lemmy.dbzer0.com/post/50067209
This kind of thing will happen more often, not less, without something like lemvotes. The default moderation tools can only show you votes one post at a time, making it difficult to see the big picture and avoid false positives when looking for malicious activity.
Not having enough surveillance seems adversarial to db0 values, or maybe I've misunderstood the community.
this is an anarchist/GLOSS/pirate instance; freedom of information is tied closely with anarchism and the hacker ethic.
for me: it's less about whether this type of information should exist (it shouldn't) and more that i reject privileged information conceptually. i don't think this type of information should just be available to admins and people with the technical resources and expertise.
i would prefer (in my uneducated opinion) that this information only be visible to the user (on their own posts), community moderators (in their own communities) and admins (on the voter's home instance), and anonymised elsewhere (for example, only showing a source instance).
but since that is not how it works, then i would rather have access to the same level of information that anyone else has over me. i also feel more in control of my own data when i have access to my own voting history. thus, i think that's why there's a sentiment that there is a different approach to this problem, and it won't end with just blocking one tool.
That would also be my preference. It's a shame we can't have that in Lemmy without that info leaking out all over the place.
Good points, and I agree with your conclusion.
@[email protected]
That would make vote manipulation incredibly easy, and impossible to prove, since there would no user names shown. If there are suddenly a whole bunch of votes from accounts that have been created 2 minutes ago, that's very obvious. If only a number is shown with no user list, how would you prove anything?
How would you fix ActivityPub for db0 then? Seems like we need to start talking about that more than whether people can spin up their own instances
Without a searchable list of votes, I'd have to check posts individually for activity. That would slow me down a lot.
Not sure how I feel about this. Anyone have a TL/DR on the situation or can point to a good discussion on this?
Is it possible to only opt-out of viewing downvotes while preserving the ability to view upvotes?
This is what the mbin interface does by default.
P.S.: Not relevant to the discussion at hand, but interestingly when I use lemvotes on my main @kbin.melroy.org, it can only see the upvotes and none of the downvotes. It also doesn't display my post downvotes from this account.
Can just abstain from voting if you don't want that public. Better be included so we can file bug reports.
How does one opt out? I don't see a mechanism on the lemvotes site for it?
Alternatively, what is the instance URL?
Just get in touch with the developer, Lena. Seems they just need to set an environment variable for you in lemvotes.
Thank you 😊
Why do Lemmy people think votes should be private? Seems to me that just makes for less accountability..
Pretty much no other social media has private voting. I think the only one that does is reddit. I get that Lemmy is originally design to clone reddit functionality, but is "that's what reddit does" actually a good reason for a design feature? Or have people actually thought about the consequences in a comprehensive and decided that there's some value making votes private? (If so, what is that value?)
Bad bot
Why not? We're all going to need practice fighting back against bots in the coming decades, might as well get it where you can