As it was recently discussed a lot of the data you generate while using the fediverse is public. If we’re looking at the threadiverse even more of it is public including your votes.
I only know the specifics of Mastodon and mbin, so maybe @rimu@piefed.social @nutomic@lemmy.ml @julian@community.nodebb.org and other devs can chime in here.
Voting on Mastodon is a lot more private than voting in the threadiverse. Only the author of a post (and their instance) knows everyone who voted on a post. Everybody else can retrieve the total numbers, but not the individual votes. Of course this comes with the downside that everyone else has to fetch this data and while the instance could send an Update activity - informing other instances that the numbers changed - Mastodon currently does not do that.
In the threadiverse on the other hand, every single vote gets send around the network, including all the details.
I would like the threadiverse software to get a bit better at privacy. Mastodon is often restrictive with activities for that exact reason and while I do not want to completely screw visibility by not sending anything to anyone, I think the visibility of votes can be improved a lot.
So my proposal would be: votes are only sent to the author of a post. The author then sends an Update activity to their followers and the magazine the post belongs to. The magazine then announces this Update activity to all its subscribers. The post object has to contain the relevant numbers of course and Mastodon and PeerTube use shares, likes and dislikes (PeerTube only). These properties then contain a Collection with a property called totalItems and not a list of the people who actually voted, that would defeat the purpose (looking at you PeerTube)
Because nobody wants to break federation with other software, it would be nice if this could be coordinated between all the threadiverse actors
It’s not clear why voting should be private when posting is not. Your posts reveal much more about you than your votes. Voting only signals to other people that you believe the content is good/a waste of time. Eventually, the arguments for anonymous posting/voting are the same.
It is a problem that it is obfuscated that votes are public. When people don’t know that, then they may be tricked into revealing things they might not otherwise.
I believe there is a place for both anonymous and pseudonymous posting/voting, but not for half measures. Anonymous and pseudonymous posting shouldn’t be mixed. That just opens the floodgates for all sorts of manipulative practices.
The main reasons for me:
- People are not used to votes being public, because (afaik) it was just not this way on “traditional” social media (there only the operators might have had access)
- Votes being public affects far more users than posts, because only a small subgroup of all users actually post anything
- Votes being private is (imo) much more achievable, as they contain the same message each time either “I like” or “I dislike”, more information than that is not conveyable in up- and down-vote-buttons
-
The problem with trad SoMe is that it is monopolistic. That’s because these companies “own” the data and gate-keep access. If you want open social media, you must not have a gate-keeper. Which means that you can’t have someone who controls access. That’s a fundamental trade-off.
-
So what? Should posts be anonymous as long as they are short?
-
No. It’s always data+owner. It doesn’t matter if the data is only a single bit.
- Doesn’t change the fact that people are used to their votes not being seen by other users
- Don’t know what that has to do with me saying that more people vote than post
- of course it is easier with always the same one bit information as it is for something that can be one word or 50k words that are basically never the same. Plus the fact that people want the things they post to be seen, but not necessarily their votes
Yeah, I don’t want my likes being public. My likes are my dollars. As you know, you vote with your dollars. Just as I don’t name-brand and publish my purchases, my votes, I don’t want my likes published.
Who’s to stop my likes from being used to generate a fingerprint of my interests or behaviors? Facebook does this. Why are we making my likes public so that Facebook can scrape them and use them to augment its Shadow Profile ecosystem? Why are we being naïve about data privacy, all of a sudden? Do I need to worry about potential similarities between my Lemmy likes and likes I may have provided to Facebook pages back in the day?
I get that they can do this with my writing style, the posts I choose to respond to, etc. Good point. And so what? You want to make it even easier than that?
I’m not going to like anything in the meantime. Easy enough because I already don’t. At least before, though, I thought this was something I should be working on. Now, fuck that. No votes.
Edit: also, why are we acting like the anonymity can’t be guaranteed by the protocol that facilitates likes? Surely this can be implemented using a bit of cryptography, and nobody needs to remain “in control.”
Edit 2: I’m not arguing with you. Just adding my thoughts, as I was upset that I didn’t see anyone else mention them.
-
Yes, people are used to monopolistic social media. Doesn’t mean that there shouldn’t be an alternative. There simply are a lot of things that you cannot do without an authority that grants or denies access to data. If you want the advantages of openness, you have to accept the downsides.
-
I don’t know how that is an argument for anything. If people are more comfortable voting and not posting, maybe we should make posting anonymous.
-
Repeating a rejected assertion is not going to convince. You strip the username from data. Give me some reason why it would be easier when the data is short. People want their posts to be seen. That doesn’t mean they want their usernames seen.
-
-
Na, having votes in the public means you can spot bad actors over different communities.
Remember when Reddit removed the individual post counts and only gave the % to make manipulation easier, or YouTube removing the thumbs down count so you don’t know if a video is good or bad anymore?
Hiding information makes making an informed decision harder.
So my proposal would be: votes are only sent to the author of a post. The author then sends an Update activity to their followers and the magazine the post belongs to. […] These properties then contain a Collection with a property called totalItems and not a list of the people who actually voted
What’s to prevent the author from faking upvotes, if the votes themselves aren’t public?
If you have malicious software, then nothing. Nothing prevents malicious software to invent users who create like activities either… So in my opinion nothing changes about that
If your instance invents fake users for voting, that is very easy to spot if you view the profile and its all empty. So you need to add a profile picture, bio and some posts as well. But if the names and avatars are all similar, or the posts are obviously LLM generated, its still quite easy to spot manipulation. Or if the modlog for that user has entries for vote manipulation. On the other hand if there is only the total number of votes, there is no way at all to see if they are legit.
I think a much better option for vote privacy is what Piefed tried using “Local-only votes”. So privacy-conscious users can choose that their votes are not federated, and then only the local admin can see them. This could be a simple boolean user setting, or could be more granular to allow/disallow vote federation with specific instances.
That’s more effort to do and easier to detect.
Absolutely disagree
Social media is inherently public. Everything here should always be completely public. Nobody should ever think anything they do here is private at all.My private social media is Signal. All my real world friends use it for our personal communications.
Stop thinking in terms of “votes”. Think of the activities as a “fixed content messages”: John liked this. Alice liked that. Bethany did not like that other thing. Each “vote” is a meaningful interaction. A server that says “2734 people did not like your message” means absolutely nothing.
This is not a political council nor a popularity contest. No one will make critical decisions based on the amount of worthless Internet points.
I do not understand arguments about privacy when we are talking about a public, social network. Social interactions online do not need to be that different from real-world interactions. if you are not willing to say “I did not like / I disagree with you” to someone personally, then you shouldn’t say it at all.
My problem is not saying it to the person itself, my problem is that you can build a rekatively detailed personality profile based on the things someone likes. My proposal was that everything goes to the author and the author alone
Ok.I see. Personally I don’t think it’s a good idea. It’s only a marginal benefit in terms of protection against data scrapers (you can also build that profile based on who they follow, or what they write about…) and it makes things more difficult for moderators and hides important information from other community members.
I preferred kbin’s completely open display of votes for each post/comment within the software and not even needing to do a third party site check. I will take a few people completely misreading intent over obscuring it so that it is far easier to do real vote manipulation.
Voting should not be secret.
> @bentigorlich@gehirneimer.de said in A more private way to distribute votes: > > So my proposal would be: votes are only sent to the author of a post. The author then sends an Update activity to their followers and the magazine the post belongs to.
My concern is that this goes against the implicit assumption that the group actor (the community/magazine/category) is the source of truth.
The group actor is the clearinghouse of data in 1b12 style federation, and it would be a departure to change votes to only be sent to the target.
Fwiw when someone upvotes on NodeBB, it gets blasted everywhere too!
I would recommend that votes continue to be sent to group actors, who then decide whether to announce it (old behaviour) or keep quiet and wait for the update before announcing (new behaviour).
It would mean vote synchronization would be less reliable however.
Also this goes directly against @rimu@piefed.social’s vote batching proposal.
My concern is that this goes against the implicit assumption that the group actor (the community/magazine/category) is the source of truth.
The group actor is the clearinghouse of data in 1b12 style federation, and it would be a departure to change votes to only be sent to the target.
That is true. It could of course be changed to send it to only the group instead of the author 🤔
Also this goes directly against @rimu@piefed.social 's vote batching proposal.
Can you link me to it. Seems that I missed that
Here it is: https://codeberg.org/fediverse/fep/src/branch/main/fep/1a11/fep-1a11.md
By the way sent you a private message, hope you received that.
It seems that the assumption is that there are not and will never be spambots on the Fediverse.
At least, the source of truth shouldn’t be the author of the post.
