this post was submitted on 04 Jul 2023
3367 points (96.1% liked)

You Should Know

33205 readers
120 users here now

YSK - for all the things that can make your life easier!

The rules for posting and commenting, besides the rules defined here for lemmy.world, are as follows:

Rules (interactive)


Rule 1- All posts must begin with YSK.

All posts must begin with YSK. If you're a Mastodon user, then include YSK after @youshouldknow. This is a community to share tips and tricks that will help you improve your life.



Rule 2- Your post body text must include the reason "Why" YSK:

**In your post's text body, you must include the reason "Why" YSK: It’s helpful for readability, and informs readers about the importance of the content. **



Rule 3- Do not seek mental, medical and professional help here.

Do not seek mental, medical and professional help here. Breaking this rule will not get you or your post removed, but it will put you at risk, and possibly in danger.



Rule 4- No self promotion or upvote-farming of any kind.

That's it.



Rule 5- No baiting or sealioning or promoting an agenda.

Posts and comments which, instead of being of an innocuous nature, are specifically intended (based on reports and in the opinion of our crack moderation team) to bait users into ideological wars on charged political topics will be removed and the authors warned - or banned - depending on severity.



Rule 6- Regarding non-YSK posts.

Provided it is about the community itself, you may post non-YSK posts using the [META] tag on your post title.



Rule 7- You can't harass or disturb other members.

If you harass or discriminate against any individual member, you will be removed.

If you are a member, sympathizer or a resemblant of a movement that is known to largely hate, mock, discriminate against, and/or want to take lives of a group of people and you were provably vocal about your hate, then you will be banned on sight.

For further explanation, clarification and feedback about this rule, you may follow this link.



Rule 8- All comments should try to stay relevant to their parent content.



Rule 9- Reposts from other platforms are not allowed.

Let everyone have their own content.



Rule 10- The majority of bots aren't allowed to participate here.

Unless included in our Whitelist for Bots, your bot will not be allowed to participate in this community. To have your bot whitelisted, please contact the moderators for a short review.



Partnered Communities:

You can view our partnered communities list by following this link. To partner with our community and be included, you are free to message the moderators or comment on a pinned post.

Community Moderation

For inquiry on becoming a moderator of this community, you may comment on the pinned post of the time, or simply shoot a message to the current moderators.

Credits

Our icon(masterpiece) was made by @clen15!

founded 1 year ago
MODERATORS
 

Edit: obligatory explanation (thanks mods for squaring me away)...

What you see via the UI isn't "all that exists". Unlike Reddit, where everything is a black box, there are a lot more eyeballs who can see "under the hood". Any instance admin, proper or rogue, gets a ton of information that users won't normally see. The attached example demonstrates that while users will only see upvote/downvote tallies, admins can see who actually performed those actions.

Edit: To clarify, not just YOUR instance admin gets this info. This is ANY instance admin across the Fediverse.

(page 4) 50 comments
sorted by: hot top controversial new old
[–] [email protected] 18 points 1 year ago

I've been in forums where upvotes were public. It's not something that I expect to be anonymous by design.

That being said. If something is public, it should be clear that is public (and available to everyone), if it's not it should be protected.

I think Lemmy should go one way or the other, or upvotes are public to everyone, or they are available only for you instance admins.

[–] [email protected] 18 points 1 year ago (12 children)

Bad post. Ofc the person running the server can see who votes. Your original post made it seem like anyone has access to this data.

[–] [email protected] 17 points 1 year ago

Your original post made it seem like anyone has access to this data.

Literally anyone can access this data. It's not private at all just by the way ActivityPub works.

load more comments (11 replies)
[–] [email protected] 17 points 1 year ago

I see that IP addresses are logged.

Are those public as well then?

[–] [email protected] 17 points 1 year ago (3 children)

Back in my day everyone knew that once you put something on the internet it's there forever to be seen by all. Has everyone already forgotten this? This is nothing new and in fact the way it's always been! Now get off my lawn!

load more comments (3 replies)
[–] [email protected] 15 points 1 year ago

Well, that's probably a wrong kind of 'open' to what FOSS means by 'open' yet I'm not convinced. With the whole 'anybody can make an instance and collect all the data they wan't it's kind of awkward and messy. How much of the said data you can obscure/encode without losing the openness between instances?

Because if one instance can't verify actions of another then you have an issue dealing with bots and overall the platform becomes way more obscure and less reliable as a source of information.

And like if the buttons themselves had an ability to openly show who upvoted/downvoted a post - how much of a difference would've been here? I don't feel like it's such a concern.

The point about deletion/edits - it's not about removing your info from the internet, it's about correcting what's wrong for the sake of providing correct. If it's on the internet once it's there forever. I don't see people complaining about weyback archive doing their thing. Yet it's doing exactly the same thing possibility of which upsets so many people here.

If you monkey brain posted you home address and where the keys are - it's on you, not on the internet for storing the info.

The only real point I see here is corporations/governments scraping all this data for their use. Yet as long as they can federate there's nothing much to do and if you try to restrict federation then it's just a bunch of forums with extra features.

[–] [email protected] 15 points 1 year ago* (last edited 1 year ago) (1 children)

Yes.

Just muddling around I've built queries that: (a) list all of my post & comments, everybody who voted on them, and their votes (b) tally how many times specific users have upvoted or downvoted me. (c) identifies the most prolific voters across the Fediverse and the communities they are voting in (d) identifies users with the same username or display name across all instances and correlates the activities across those accounts.

These are all for the sake of learning and are innocuos the way I'm using them. It is plain to see that someone with skills and an agenda could make more out of it than I have.

load more comments (1 replies)
[–] [email protected] 15 points 1 year ago (5 children)

Obviously, this isn't ideal. But this isn't as damning as some of the other commenters believe.

The way reddit operates, is that they are "trusted" with all our data. They can (and do), sell any data they like, to whomever they like. They store much more information than simply who upvoted what. They can't simply allow upvotes with no claimant, they'd have no way of stopping or identifying bots or illegitimate upvotes.

This system is not ideal, but it's also not necessarily worse. We're still operating under that system, the only real difference is, we get to choose who that trusted party is. We get to move instances if the hosters interests become misaligned with our own.

Ultimately, there needs to be a smart solution to this problem to ensure it's not abused. We can't completely remove collection of the data, otherwise upvotes will be meaningless and hijacked by agendas. We can't simply encrypt the data, if there's a genuine use for it (which we've discussed), who SHOULD be allowed to decrypt it?

I completely understand the concern, and I share it. But this isn't an issue so much with Lemmy, it's an issue with upvotes on distributed social media.

Edit: Okay, ANY instance admin is where the issue lies. That much I agree with.

load more comments (5 replies)
[–] [email protected] 14 points 1 year ago (1 children)

For transparency, this is what a Like payload looks like. The first part is just context for the activitiypub protocol and is pretty much the same for each message. The second part contains the actual data of the message, and the most personal detail in it is the url of your own profile, and the url of the post/comment you like:

{
	"@context": ["https://www.w3.org/ns/activitystreams", "https://w3id.org/security/v1",
	{
		"lemmy": "https://join-lemmy.org/ns#",
		"litepub": "http://litepub.social/ns#",
		"pt": "https://joinpeertube.org/ns#",
		"sc": "http://schema.org/",
		"ChatMessage": "litepub:ChatMessage",
		"commentsEnabled": "pt:commentsEnabled",
		"sensitive": "as:sensitive",
		"matrixUserId": "lemmy:matrixUserId",
		"postingRestrictedToMods": "lemmy:postingRestrictedToMods",
		"removeData": "lemmy:removeData",
		"stickied": "lemmy:stickied",
		"moderators":
		{
			"@type": "@id",
			"@id": "lemmy:moderators"
		},
		"expires": "as:endTime",
		"distinguished": "lemmy:distinguished",
		"language": "sc:inLanguage",
		"identifier": "sc:identifier"
	}],
	"actor": "--URL OF THE USER PROFILE--",
	"object": "--URL OF THE POST OR COMMENT--",
	"type": "Like",
	"id": "-- URL TO THE INSTANCE THAT PASSED THE MESSAGE--",
	"audience": "-- URL TO THE COMMUNITY THE POST IS PART OF--"
}
load more comments (1 replies)
load more comments
view more: ‹ prev next ›