Currently, almost anyone in the Fediverse can see Lemmys votes. Lemmy admins can see votes, as well as mods. Only regular Lemmy users can’t. Should the Lemmy devs create a way to make the votes anonymous?

There is a discussion going on right now considering “making the Lemmy votes public” but I think that premisse is just wrong. The votes are public already, they’re just hidden from Lemmy users. Anyone from a kbin/mbin/fedia instance can check out the votes if they are so inclined.

The users right now may fall into a false sense of privacy when voting because the votes are hidden from Lemmy users. If you want to vote something and not show up on the vote list, please create another account to support that type of content and don’t tell anyone.

  • Otter@lemmy.ca
    link
    fedilink
    English
    arrow-up
    90
    arrow-down
    4
    ·
    edit-2
    3 个月前

    Should the Lemmy devs create a way to make the votes anonymous?

    I’m not sure if there is a good way to have the content federate anonymously. Even if there was, it would be a vector for spam.

    Vote manipulation is a growing problem on Reddit. It’s only getting worse with all the AI spam bots and they don’t have an incentive to stop it. Why trust a review on Reddit if bots are upvoting/downvoting on behalf of a company, or worse what happens in news communities when a well funded group wants to change perspectives.

    Admins need to know if the votes/likes coming in are legitimate, else they should block them. It’s too easy to abuse anonymous votes to affect how content is ranked.

    I left a long comment in the other thread which I will link in a moment, but I think either

    1. We keep the current setup, but we put in more effort to make new users aware that vote records are visible to admins/mods
    2. We make it public for everyone and take steps to deal with the new issues that it could cause

    Other comment on the benefits/issues: https://lemmy.ca/comment/11097046

    • Dave@lemmy.nz
      link
      fedilink
      English
      arrow-up
      31
      ·
      3 个月前

      Admins need to know if the votes/likes coming in are legitimate, else they should block them. It’s too easy to abuse anonymous votes to affect how content is ranked.

      This is a very real problem right now. Admins that are on to it use the votes to identify swarms of users that follow each other around upvoting each other’s spam/troll posts.

      • Socsa@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        4
        ·
        3 个月前

        And that is still possible with pseudonymous tokens votes. You just end up banning tokens for malicious voting activity, and users for malicious posting activity. It’s at best a very mild adjustment to moderation workflows.

        • Dave@lemmy.nz
          link
          fedilink
          English
          arrow-up
          1
          ·
          3 个月前

          How does this work? The community issues federates votes but with a linked token instead of a linked user? How do you track vote manipulation across different communities on different instances?

          • Socsa@sh.itjust.works
            link
            fedilink
            English
            arrow-up
            2
            ·
            3 个月前

            As far as I understand it all activity originates from the home instance, where users are interacting with federated copies of posts. The unique user token from a well behaving instance follows the user across the fediverse, allowing bulk moderation for voting patterns using that token. The only difference is that it is not explicitly tied to a given user string. That means moderation for vote manipulation gets tracked via a user’s vote token, and moderation for trolling/spam/rule violations happens via their display name. It may be possible that a user is banned from voting but not commenting and vice versa. It’s is a fairly minor change in moderation workflow, which brings a significant enhancement to user privacy.

            • Dave@lemmy.nz
              link
              fedilink
              English
              arrow-up
              1
              ·
              edit-2
              3 个月前

              Under activitypub, a lemmy community is kind of like a user (actually an activitypub group). When I post here with my lemmy.nz account to this lemmy.world community, lemmy.nz sends my comment to lemmy.world who then sends it to sh.itjust.works for you to see. The community is the controller of all interactions within the community. In this case, lemmy.world is the official source of how many upvotes this post has. And each vote is validated using the user’s public key to ensure it actually came from that specific user - a standard part of ActivityPub.

              So would lemmy.world assign a token for your votes? If your instance assigned the token, Lemmy.world would not be able to validate against your user’s public key. If Lemmy.world assigns the token, it would only be valid in lemmy.world communities, as other instances would have to assign their own token. And both sh.itjust.works and lemmy.world admins could still see the real association.

              Also, changing how votes work would break compatibility with other ActivityPub software (e.g. Mastodon could no longer interpret an upvote as a favourite, Mbin would’t be able to retrieve any data about the votes unless they specifically changed to work in the Lemmy way instead of using standard ActivityPub).

              • Socsa@sh.itjust.works
                link
                fedilink
                English
                arrow-up
                4
                ·
                edit-2
                3 个月前

                Worst case scenario, there is an entirely separate, tokenized identity for votes which is authenticated the exact same way, but which is only tied to an identity at the home instance. It would be as if the voting pub is coming from user:socsa-token. It’s effectively a separate user with a separate key. A well behaving instance would only ever publish votes from socsa-token, and comments from Socsa. To the rest of the fediverse socsa-token is simply a user which never comments and Socsa is a user which never votes.

                I am not sure key based ID is actually core to AP anyway. The last time I read the spec it kind of hand waved identity management implementation.

                • Dave@lemmy.nz
                  link
                  fedilink
                  English
                  arrow-up
                  2
                  ·
                  3 个月前

                  Well hey, sounds like you might be able to help. Lemmy devs are actively soliciting opinions on lemmy votes, maybe you could have a say? Most of the comments are around “votes are already sort of public” therefore either a) make them actually public so we aren’t pretending they aren’t, or b) keep them hidden, a little less public is better than completely public.

                  Perhaps you can come in with a c) option to make votes even less public?

                  https://github.com/LemmyNet/lemmy/issues/4967

    • Andy@slrpnk.net
      link
      fedilink
      English
      arrow-up
      20
      ·
      3 个月前

      I will also add that I think in the long run, as we try to figure out how to differentiate between humans and machines, the only real reliably solution I see is to focus on elevating the individual. Having people with long histories validate their reality by living and documenting it.

      I don’t upvote something that I’d be ashamed for someone to see I upvote. I might make an exception for pornographic content, but even with that, if it’s pseudononymous in that it’s not attached to my personal public life, I don’t mind if someone can trace through and see what a specific account I use for those purposes has liked and disliked.

    • Socsa@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      1
      ·
      edit-2
      3 个月前

      The current trust model already relies on a user’s home instance accurately reporting user activity and not injecting fake activity. Hiding real user votes behind pseudonymous tokens doesn’t change that at all.

      As far as I can tell, the activity ranking algorithms don’t actually differentiate between up and down votes anyway. All votes are considered engagement.

  • Resol van Lemmy@lemmy.world
    link
    fedilink
    English
    arrow-up
    6
    arrow-down
    2
    ·
    3 个月前

    At least NOW I can find out exactly who can call me out for saying something stupid, and thank that person for providing me with valuable information and knowledge.

    Downvotes are actually kinda useful, even I benefit from them.

    • MataVatnik@lemmy.world
      link
      fedilink
      English
      arrow-up
      9
      ·
      3 个月前

      In LiveLeak all votes were public. What happened was a lot less downvoting, but also aggrevated users would stalk your page and leave mean messages if you downvoted their comment.

      On the other hand, it was really easy to spot trolls trying to manipulate the narratives, Hasbarah and Russian trolls were really active on LiveLeak. This allowed me to block them and keep them from bombing my comments anytime I said something critical.

  • ZILtoid1991@lemmy.world
    link
    fedilink
    English
    arrow-up
    3
    arrow-down
    2
    ·
    3 个月前

    I can see that in some circumstances, votes might need to be public due to protocol, otherwise public votes have their own uses, and so are private ones.

  • PopShark@lemmy.world
    link
    fedilink
    English
    arrow-up
    4
    ·
    3 个月前

    As I said in another comment in this post - I believe seeing who upvoted or downvoted a post aids in identifying rabid downvoters and bots, though I personally use mobile Lemmy apps and am unable to access that data.

  • x00z@lemmy.world
    link
    fedilink
    English
    arrow-up
    13
    ·
    3 个月前

    I am the admin of a website where we have a place where our users can post custom content and rate the content of others.

    We have discussed how it works and should work many times and came to the conclusion that we’d never want it to be public. Any report of abuse will be checked by the website owner directly in the database and even admins don’t have full access. Everybody tries to stay as far away from the personal ratings as possible.

    We also noticed that it would be a lot more fragile when there are not many voters. A whole group that is negative about something wouldn’t get as much harassment as a single person having a unique opinion.

    On our website we have a comment section that isn’t anonymous, and we even noticed that people often don’t post something negative when it would be obvious that they are the only one who has voted/rated something. (“Negative” is almost always constructive in our case)

    These are just a few things that I think add to this discussion.

  • kenkenken@fedia.io
    link
    fedilink
    arrow-up
    8
    ·
    3 个月前

    Yes, they should ideally. But it’s hard to properly implement them in a way that will guarantee anonymity and be sybil-resistant at the same time.

  • rottingleaf@lemmy.world
    link
    fedilink
    English
    arrow-up
    3
    arrow-down
    7
    ·
    3 个月前

    The users right now may fall into a false sense of privacy when voting because the votes are hidden from Lemmy users.

    Why would you even want anonymous votes but not anonymous comments?

    The former is as good\bad as the latter.

    I know they were already technically public. I think they should be shown.

  • DoctorButts@kbin.melroy.org
    link
    fedilink
    arrow-up
    24
    arrow-down
    7
    ·
    3 个月前

    Votes should be transparent for everyone. Right now the system assumes that mods/admins are somehow inherently more responsible than the average user, but well, just look at the garbage clusterfuck admin/mod teams of certain instances. You’re telling me you’re gonna trust these people with this information and not everyone else? Get the fuck outta here.

  • Landless2029@lemmy.world
    link
    fedilink
    English
    arrow-up
    11
    ·
    3 个月前

    One benefit to vote transparency for admins is mod monitoring options.

    Reddit is infested with vote manipulation via bots. At least on the Fediverse it seems like both admins and mods might have more options.

  • troed@fedia.io
    link
    fedilink
    arrow-up
    38
    arrow-down
    18
    ·
    3 个月前

    Keep the Fediverse bot- and troll-free.

    The whole idea of being able to behave like a shithead without accountability needs to go.

  • TechLich@lemmy.world
    link
    fedilink
    English
    arrow-up
    12
    ·
    3 个月前

    How about pseudonymous as a compromise? Votes could be publicly federated but tied to some uuid instead of the username. That way you still have the same anti spam ability (can see that a user upvoted these things from this instance at this time) but can’t tie it directly to comments or actual user accounts without some extra osint.

    It might be theoretically possible to correlate the uuids with an account’s activity and dox the user in some cases, especially with some instances having a single user, but it would be very difficult or impossible to do on larger instances and would add an extra layer. Single user instances would be kind of impossible to make totally private anyway because they can be identified by instance.

    • Amju Wolf@pawb.social
      link
      fedilink
      English
      arrow-up
      1
      ·
      3 个月前

      Votes could be publicly federated but tied to some uuid instead of the username. That way you still have the same anti spam ability (can see that a user upvoted these things from this instance at this time) but can’t tie it directly to comments or actual user accounts without some extra osint.

      The issue with that is with malicious instances that could engage with vote manipulation by just generating new IDs and voting for whatever they want. If you can’t look back at the profile and determine whether it’s a real, non-spam account, it’s a pretty big issue unfortunately.

      You also have an issue where someone could potentially vote with “your” ID without any way to detect that it’s not actually “you” who sent the vote.

      • TechLich@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        3 个月前

        Yeah, that’s fair enough, though I’m not sure it’s very different from malicious instances creating normal user accounts?

        You can see when users from an instance are all suspiciously voting the same way at the same time regardless of whether they are usernames or IDs.

        There’s lots of legitimate users that only vote but never post so doing it based on that doesn’t seem very effective?

        The second problem is solved using public key cryptography, the same way that you can’t impersonate someone else’s username to post comments. Votes and comments are digitally signed (There would need to be a different public key for voting to maintain pseudonymity though).

      • Pika@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        2
        ·
        3 个月前

        they could do similar to another platform had done, which is tie voting to a shadow account that only the instance admin team can link to a user, this allows for moderation while providing the ability for obscurity.

        I still disagree it should be public in the first place, but I know it’s a hard requirement for federation so it’s unlikely to become more concealed

  • asudox@lemmy.world
    link
    fedilink
    English
    arrow-up
    1
    ·
    3 个月前

    If that were to happen, the receiving end wouldn’t know who sent which vote, thus making spamming extremely easy.

    • r00ty@kbin.life
      link
      fedilink
      arrow-up
      3
      ·
      3 个月前

      I did think of a few ways round it (in kbin/mbin) a year or so ago. But, it wouldn’t work unless everyone using ActivityPub recognized it. It’s also really a small problem in reality. It’s likes and dislikes.

  • MagicShel@programming.dev
    link
    fedilink
    English
    arrow-up
    11
    ·
    3 个月前

    I’ve been thinking about this for several hours since I first became aware of the debate.

    I don’t care that much in theory if anyone sees my votes. They aren’t anything I’m particularly private about. I care about conversation way more than up/down votes.

    However, some people get a little upset about being downvoted. I think it will result in retaliatory downvotes. You already see that when two folks are arguing. I don’t normally waste my time downvoting a post I’m writing a rebuttal to, but when they are downvoting me I tend to do it back. I think if everyone had easy access, they would hunt down their down voters posts and retaliate regardless of the quality of the comments.

    Lastly, I wonder if this will give rise to a client that lets you use one account to post/comment and a different one to vote. And if it does, will that be better all around? Then no one will be able to associate votes with a user. But it seems unnecessarily wasteful to create a whole account that does nothing but vote. It seems like it would deny mods (and everyone) a useful tool for identifying bad actors.

    Technically, anyone could get access to the voters identity if they try hard enough but 99% of the users won’t put in that much effort. And technically someone could already use different accounts for different activities, but without reason to create a client to support that it’s too much of a pain to be worth the effort.

    So I really think I’m on team status quo here.

    • rglullis@communick.news
      link
      fedilink
      English
      arrow-up
      2
      arrow-down
      7
      ·
      3 个月前

      I don’t normally waste my time downvoting a post I’m writing a rebuttal to, but when they are downvoting me I tend to do it back. I think if everyone had easy access, they would hunt down their down voters posts and retaliate regardless of the quality of the comments

      That would stop as soon as people start reporting this behavior to mods who felt enabled to ban users based on unjustified downvoting.

      • MagicShel@programming.dev
        link
        fedilink
        English
        arrow-up
        5
        arrow-down
        1
        ·
        edit-2
        3 个月前

        I’m really skeptical about that. Either that they would do it or that such “justified” downvoting would be a clear cut or fair decision. Most people don’t vote the right way. How many people downvote content they agree with or find funny but doesn’t add to the discussion? How many people upvote content they disagree with that does add to the discussion?

        And am I really going to take up a mod’s time because someone got mad at me and downvoted—the most accessible and innocuous way to express displeasure with someone? How many more complaints about downvote bullying are mods going to have to field?

        I don’t know. You could be right, but I’d want to see it successful in a small scale, if possible, before deploying it everywhere. Maybe the folks suggesting it should be up to the server admin are right. That would be another differentiator and people could go to communities on servers that have their preferred visibility policy. That would serve as an A/B test and let people vote with their feet.

        • rglullis@communick.news
          link
          fedilink
          English
          arrow-up
          2
          arrow-down
          3
          ·
          3 个月前

          How many people downvote content they agree with or find funny but doesn’t add to the discussion?

          Again, this is only a problem because we have lost this sense of shared culture. If we really want to have an established “community”, these guidelines will have to be one way or another be restored and enforced.

          How many more complaints about downvote bullying are mods going to have to field?

          Here is an idea: instead of trying to remove power from people, let’s give more of it. Hiding votes is hard, but creating a finer-grained permission system for moderation is not. Let’s build a system where mods can assign other mods for specific types of reports. Then, we can have few mods who would be “all powerful” like they are now and we could have a bunch of “issue-specific” trusted users who could access/triage specific reports.

          We shouldn’t need mods to figure out what is “basic” spam and we shouldn’t need powerful mods to say “user A is reporting that B has downvoted their last 5 posts in different conversations. This is a violation of the community rules and therefore should be banned.”

    • threelonmusketeers@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      2
      ·
      edit-2
      3 个月前

      The question of whether Lemmy votes should be anonymous is an important one, balancing transparency with privacy. Public voting can encourage accountability, but anonymity might lead to more honest and unbiased voting behavior. If you’re interested in exploring the pros and cons of this issue further, chatgpt 日本語 can provide a detailed discussion and help you form a well-rounded opinion on the matter.

      Hello, low-effort bot.

      • [email protected]@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        3
        ·
        3 个月前

        Yup.
        This kind of spam has been going on for a while and is usually removed promptly.
        Sorry, I think our local murder bot was offline at the time.
        Anyway, they’ve since been banned along with a several alt accounts.
        Don’t hesitate to report those if you see more.

        Oh and I think we would rather not advertise their spam URL if you wouldn’t mind editing the link out from the quoted part.

        Thanks,

        • threelonmusketeers@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          3
          ·
          3 个月前

          Don’t hesitate to report those if you see more.

          Thanks, will do.

          editing the link out from the quoted part

          Done. Thanks for all the work you do to keep this place running smoothly.

    • threelonmusketeers@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      6
      ·
      3 个月前

      레미에 대한 공개 투표는 커뮤니티 내에서 투명성과 책임성을 강화하여 사용자가 특정 콘텐츠를 지지하거나 반대하는 사람을 확인할 수 있게 해줍니다. 그러나 이는 또래의 압력이나 원치 않는 감시로 이어질 수도 있습니다. 온라인 상호작용에서 프라이버시와 자유를 원하는 사용자에게는 익명성이 더 바람직할 수 있습니다. 온라인 개인정보 보호 도구에 대해 자세히 알아보려면 챗GPT 를 방문하세요.

      lemie daehan gong-gae tupyoneun keomyuniti naeeseo tumyeongseong-gwa chaeg-imseong-eul ganghwahayeo sayongjaga teugjeong kontencheuleul jijihageona bandaehaneun salam-eul hwag-inhal su issge haejubnida. geuleona ineun ttolaeui ablyeog-ina wonchi anhneun gamsilo ieojil sudo issseubnida. onlain sanghojag-yong-eseo peulaibeosiwa jayuleul wonhaneun sayongja-egeneun igmyeongseong-i deo balamjighal su issseubnida. onlain gaeinjeongbo boho dogue daehae jasehi al-abolyeomyeon chaesGPT leul bangmunhaseyo.

      Public voting for Remi increases transparency and accountability within the community, allowing users to see who supports or opposes certain content. However, it can also lead to peer pressure or unwanted surveillance. For users who want privacy and freedom in their online interactions, anonymity may be preferable. Visit ChatGPT to learn more about online privacy tools.

      I’m sorry, what?