I recently learned that voting on lemmy is not anonymous. Anyone can get information about who has upvoted and downvoted a post or comment.

In combination with your IP, this is a massive privacy (maybe even physical security) risk. Also, people can target you for your votes.

Sadly, this is something where I would prefer Reddit over Lemmy. Big tech scrapes data from both places anyways, at least Reddit is safe.

  • Dholi@lemmy.caEnglish
    404·
    6 days ago

    at least Reddit is safe.

    Lmao, what!? Reddit tries their best to know exactly who you are, where you live, your education, where you work, etc… And then they sell that data to anyone.

  • socsa@piefed.socialEnglish
    21·
    6 days ago

    A lot of people here still refuse to understand that Lemmy, as it currently exists, is a privacy nightmare, and the voting thing is just the top of the iceberg. There are several de-anonymization attacks possible involving dynamically serving different content to different users. This, combined with the public voting makes it possible that someone can dox an account and expose a lot more information than other forums where that information is more private.

    Public votes also open the fediverse up to much worse astroturfing IMO. It’s incredible feedback for bots and trolls to see exactly who is interacting with their posts and comments. It’s frustrating that a bunch of people here have convinced themselves of the opposite, and insist that public voting is the only way to combat brigades and trolls, which is an incredibly shortsighted stance which doesn’t scale nearly as well as it does in the other direction.

  • Luci@lemmy.caEnglish
    192·
    6 days ago

    I’ll downvote everyone here if I damn well please it!!!

  • Wispy2891@lemmy.world
    33·
    6 days ago

    The IP address thing is not real, though

    Just choose a nickname that is random word+4 random digits and don’t reuse it on other services

  • Xylight@lemdro.idEnglish
    22·
    6 days ago

    If you’re an instance admin, for any post, you can just click “view votes” and see everything tied to usernames, even outside your own instance. Moderators can too, but it’s restricted to the communities they moderate.

    • npdean@lemmy.todayOP
      249·
      6 days ago

      It is nowhere explicitly made clear to users that voting is public. It should be made clear if it is going to be

      • gazby@lemmy.zip
        152·
        6 days ago

        It’s the other way around here: Everything is public except where it’s made clear that it won’t be (e.g. email address, password).

        For what it’s worth, your instance of choice is particularly negligent in regard to informing its users. Compare lemmy.today/legal to lemmy.world/legal, or their respective signup pages for examples. There’s little that Lemmy itself or the community at large can do about that 😞

        • npdean@lemmy.todayOP
          2·
          5 days ago

          It needs to be fixed. Every user is having a different user experience during account creation but everyone’s information is being federated equally.

        • zeca@lemmy.ml
          5·
          5 days ago

          I think its a fair assumption that most people make that whatever data which isnt explicitly displayed to a regular user is not public. Having likes be public but hidden is misleading.

        • npdean@lemmy.todayOP
          72·
          6 days ago

          It is made clear because there is an option to see all the votes right next to the like button. Similarly, many sites allow you to go through activity of people you follow.

            • npdean@lemmy.todayOP
              6·
              6 days ago

              I can see the number of votes but not who voted. This gives the impression that this information is not available publicly. However, it can be accessed by anyone on third party websites.

      • General_Effort@lemmy.world
        53·
        6 days ago

        An EU resident could sue for emotional damages under the GDPR. Or maybe just complain to data protection authorities.

        One day it will happen.

  • teft@piefed.socialEnglish
    473·
    6 days ago

    I like piefed because it lets you see at a glance if someone is a serial downvoter. On each piefed user profile is a thing called “attitude” and it’s a ratio of your upvotes vs downvotes. 100% means the person doesn’t downvote people. 50% means they downvote and upvote equally. 0% is only downvotes. Edit: I saw someone today with negative % so it must be 100% is all upvotes. 0% is half upvotes half downvotes. -100% is all downvotes.

    It shows up for people outside piefed too so i see you too lemmy angry people.

  • jason@discuss.onlineEnglish
    401·
    7 days ago

    Russia really should just leave Ukraine, though. (Sorry, I just saw the context for this a few minutes ago and can’t help myself).

  • discosnails@lemmy.wtf
    146·
    5 days ago

    I was unaware that it was unclear to anyone but children and the intellectually behind that anything you do on the Internet is traceable to you without significant countermeasures.

    • Dozzi92@lemmy.world
      8·
      7 days ago

      I did this last night putting my son to bed, said heads you go to bed, tails we stay up. Jokes on him though, double heads. And he fell for it, what a sucker. Hope it works when he’s not four, or I at least don’t need to do it.

    • moseschrute@lemmy.zip
      4·
      6 days ago

      You get 3 accounts. Say you want to upvote something. You downvote in 1 account (randomly selected), upvote on another, and upvote on the third. So it’s net +1 and the only way to see how you voted is to piece together all 3 of your accounts voting history. Need more privacy? No problem, just use 5 accounts instead of 3.

      /s

  • M0oP0o@mander.xyz
    267·
    7 days ago

    In combination with your IP, this is a massive privacy (maybe even physical security) risk. Also, people can target you for your votes.

    No.

  • bdonvr@thelemmy.club
    26·
    7 days ago

    In combination with your IP, this is a massive privacy (maybe even physical security) risk.

    Your IP would only be seen by your instance (which is inevitable, you gotta connect to it after all). But there’s no way for anyone else to look up your IP.

    • MountingSuspicion@reddthat.com
      9·
      7 days ago

      I read that since images are hosted on the instance they were posted to, any instance hosting pictures you load, even if they’re DMd to you can get your ip. So someone could just DM you a picture from their own instance if they wanted it for whatever reason. I have not personally verified, but just adding it here because this comment seems to be the most succinct and accurate one I currently see.

      • bdonvr@thelemmy.club
        10·
        7 days ago

        even if they’re DMd to you

        Really only if they’re DMs. Because a publicly posted picture yeah, they’ll see your IP loading it but they will also see everyone’s, with no way to tell who is who.

        And a fairly recently Lemmy was updated to not show embedded images in DMs so that wouldn’t even work. (This depends on your client, but on the most recent official web version external images are blocked)

  • yermaw@sh.itjust.works
    215·
    7 days ago

    Seems like a good thing to me. Should be a better known feature.

    How would I go about seeing this information for myself?

    • mic_check_one_two@lemmy.dbzer0.comEnglish
      8·
      6 days ago

      Yeah, at worst it’s a necessary evil to prevent a rogue user on a second instance from mass downvoting. Your username is tied to your vote, because otherwise a rogue user could just spam downvotes at whatever they didn’t like.

      Instance 1 has a post. Instance 2 has a user who disagrees with that post. User is able to spam downvotes, because instance 2 is not binding their username to the vote. So Instance 1 has no way of knowing if the votes are multiple different users, or all one user. The only real solution here is to disable external voting, but the entire point of the fediverse is cross-compatibility and self-hosting. By binding the username to the vote, instance 1 is able to detect repeat votes and disregard them.

      • socsa@piefed.socialEnglish
        3·
        6 days ago

        Public votes do absolutely nothing to stop people from making a bunch of users on a bunch of instances and voting from those users. Voting agents are a simple solution to the issue, since you can still just ban the voting agent if it seems problematic.

        But there’s a deeper context here, which is we are drawing a weird line between voting being a fundamental, if not critical part of the application, but also apparently grounds for imposing sanctions on users for doing it wrong? That’s a fundamentally flawed mechanic no matter how you swing it, since you can’t standardize any singular set of rules, and we are already seeing a rapid escalation of tit for tat vote bans. This is just unsustainable and is pushing things towards an obvious endpoint where there is such a chilling effect on voting that it negates the entire utility of the mechanic for sorting and content curation.

            • anarchiddy@lemmy.dbzer0.comEnglish
              1·
              5 days ago

              Why? I don’t see a benefit to the button at all. Even being able to register disapproval is better done via comment, anyway, and having to articulate it makes you far more likely to self-reflect and temper yourself than if you can just downvote every comment in a thread

      • anarchiddy@lemmy.dbzer0.comEnglish
        3·
        6 days ago

        Important to note here, too, is that ip addresses of users arent synced across instances.

        This is only a problem for people who care about the reputation of their user account - which is something people should be rotating out anyway if they care about their privacy.