Upvotes seem to just federate as likes and dislikes.
Who cares? If your upvote or downvote or any other activity you deliberately perform on a public platform is something you’re embarrassed about and wouldn’t be willing to do in a face to face engagement you probably shouldn’t be doing it.
I agree, and if you absolutely must, then maybe make an alt?
The main problem is most people assume their votes are private, as they are private on reddit.
This isn’t just a Frendica thing; you can see this from Mastodon, mbin/kbin, etc. Many people seem to think upvotes and downvotes are private, but the reality is that they’re publicly available information by default in ActivityPub. Lemmy just hides the information on the front-end for “normal” users; If you’re a moderator you can clearly see everything.
If one wants truly pseudonymous voting, they’re free to try out PieFed. See the announcement post for this feature for more details.
There are some instances that disable downvotes altogether!
Oof, hell no. That’s some Facebook level cancer right there when they removed downvotes.
It’s just a form of white washing that makes the same people who made up being offended by “black lists” and “master branch”.
I mod a small community with like 6 monthly users, I’m the only one who post or comment and the average post have 3/4 upvotes and 1 downvote. And I always ask myself who is downvoting my submissions, because it’s make no sense to me that someone take the job of pressing the downvote button on a link to a EDM set. Couldn’t they just block the community?
Use https://tesseract.dubvee.org/home/all/scaled to show downvotes
Assess whether banning makes sense for someone who only downvotes content
How exactly can I see who downvoted? Can’t seem to find it in the regular view, and the debug info only shows the vote count, not the voter.
I’d also like to know as I’m in the same boat you are. I’m just leaving this comment to remember to look later and see if you got an answer.
It’s not about blocking, it’s about sending a message.
No, sometimes it is about blocking.
If you run a small community like several of us do, even a small amount of downvotes can completely shut down a discussion from ever being seen by anyone else. It’s a way of shutting down conversation.
If someone neither wants to contribute nor lurk, and merely drag down a community, they shouldn’t be part of it.
I understand that if you are exploring on all and so, sometimes some communities you couldn’t care less appear on the feed, it’s happens all the time to me with sports news and related, but I just block them and move on.
Some people just downvote for the sake of it.
That’s pretty cool. Sometimes in an argument there’s that (1/-1) thing going on, would be funny to see how both are downvoting each other.
Petty mods or users would abuse this
Mods can already see voting data, at least through the API on the latest version of Lemmy.
How can I see this in the community I mod?
It’s already possible to see if you really want to look. Friendica is just another way.
I get this is obviously intended behaviour on part of actpub but I’d love for there to be a pseudo-anonymous voting system too. Maybe an option to hash user credentials when added to likes to ensure that they’re unique whilst obfuscating the original user.
There is already a foolproof method that is immune to any abuse of trust by admins; create an alt account.
Hash them with the post ID appended, so a user can’t be identified across posts
I mean, seems pretty pseudoanonymous to me, unless Musk had another kid he named apj2k36 or something.
People have really weird usernames sometimes
this is an icky issue because lemmy sends votes with empty addressing, so remote instances should count them but not show them to anyone. however mastodon (and *key) sends likes with empty addressing too, but considers them public. lemmy is (surprisingly) right here and should request that the rest of fedi respects the protocol and hides stuff based on its addressing. maybe open issues on mastodon and friendica
also this issue probably exists when seeing lemmy posts on any microblogging instance
The whole concept of the Fediverse as social media is that all the data is public. Stop acting like these servers are giving out private data.
I know, but some people assume votes are private.
It’s not good practice. Really one shouldn’t be assuming anything is private or some entitlement to privacy on a service where all content you post is made publicly available to any and all linked instances. They miss the point of a federated public forum. If one wants privacy, data must be kept locally only. That’s why Lemmy has local-only communities, the “private” community aspect that many people want just won’t be federated, because you can’t make something like this private otherwise.
I know, but most people don’t.
I know, it’s a really big problem here and on the Fediverse in general because people get so outraged and entitled over something that just is the way things are, this wouldn’t work any other way.
If you’d only ever interacted with Lemmy and not read up on how ActivityPub works then that’s a reasonable assumption, it’s not like anything (that I’ve noticed!) actually tells you that your votes are public, and they don’t look to be public in the places you’re likely to see!
Lemmy likes aren’t meant to be public, this is just other software failing to respect the privacy Lemmy indicates.
That’s almost as bad as using robots.txt to claim sites are private and secure and just whining that people/bots should respect it.
You should assume voter data is fully public and fully open. It otherwise is in the federated ecosystem.
The comparison doesn’t work because both Lemmy and Mbin are implementing the same standard, while robots.txt is mostly an honour system.
You should assume voter data is fully public and fully open. It otherwise is in the federated ecosystem.
Information not being private isn’t the same thing as information being public.
Information not being private isn’t the same thing as information being public.
I’m not sure that is a realistic expectation these days.
Except ActivityPub data is by in large already not private, it is handed out to any tom dick and harry who run a server and have subscribed to actors on this one, and most of the time, it doesn’t even really require extra authorization. That is fundamentally how ActivityPub and federation work, but you can’t have any expectation of privacy in this system when it comes to the content shared. Expecting it to be private because it’s labeled is as dumb as expecting your website not to get scraped because you said so in robots.txt.
Oh. If the only thing stopping the votes being public is a label saying pretty please don’t make this public then it does seem very open to abuse.
Especially in federated networks where the data isn’t under access control, doubly so if the privacy extension is optional
I don’t think everybody knows that and at least here on Lemmy, it doesn’t show it by default like friendica. The fediverse doesn’t necessarily mean that all data has to be public. It’s just that it’s way harder to have a sense of truth without public data.
I wish I could see what scummy lemm.ee mods removed my comments and got me banned
you can, names are shown in other frontends like phtn.app.
Thanks but doesn’t work if you’re site-banned.
I think lemmy instance admins can see this too. Doesn’t even have to be a friendica instance
Any instance admin can see the vote history.
I was thinking just now how there seems to be people who downvotes threads for no apparent reason, even seemingly innocuous and neutral ones… for example “Kingdom Come has sold 2 million units” 3 downvotes; “This New Algorithm for Sorting Books Is Close to Perfection” 5 downvotes; you get the idea. Now everyone is entitled to their opinion, but It makes me wonder if someone(s) is spam downvoting for some motive.
Every thread will get downvoted by someone for some reason. You would go insane trying to make sense of it.
That’s true, but since witnessing the waves of spam that flooded Kbin before its disappearance, I try to keep an eye open for this kind of shit.
The first isn’t really interesting, and the second is clickbait. I wouldn’t say there is no reason for downvoting them.
You are NOT supposed to downvote things that “aren’t really interesting”, you are actively ruining other people’s user experience on here by doing that as downvoted posts get less visibility.
Some people might think it’s not interesting because it’s not appropriate content for that community, and that by downvoting they are improving the quality for everyone. I don’t think every instance/community has a unified consensus on how exactly to use voting, and some people are always going to do their own thing regardless.
This is one of the reasons why I’d love to see a more expanded method of reacting to content rather than simply upvoting or dowvoting; something like, say, user-side thread or post tagging, with things like “verified”, “clickbait”, and mood reacts like “happy” vs “sad”, and usefulness reacts like “solved, thanks” vs “closed as duplicate”, etc. We need more and better axes.
(Axises? Axeses?
Asses?)Interesting idea, but how do you decide on what the universally-agreed on reactions are? Have too many and they may as well just be comments!
A fair point that I admittedly don’t know how to solve. The closest I’ve got to a “functional” idea is to focus on splitting the two (I think? maybe three) things that an “upvote” is interpreted as, and supplementing with also the opposite / counter message:
- “I like what this post is about” (basically a like / heart / kudos)
- “I found this information useful / verified / checked” (a more proper upvote)
- (optionally) “I want this information to be more easily found”
Pretty much everything else can be a comment, as you say, but the purpose and reception of a message should also be as streamlined to communicate as possible.
Some people only browse global feeds and downvote stuff as if they’re trying to train the Netflix recommendation algorithm, completely ignoring the rules of the community it originates from
I remember that being a problem back on Reddit (though I always found people upvoting low-effort stuff that wasn’t community/sub-appropriate to be more of a problem). It’s kind of a site-wide UX issue though really, if a new casual user is just presented with a list of posts then they might genuinely be unaware of (or perhaps just uninterested in) where they came from and what their votes mean.
Well yes, the visibility thing would be the point. Interesting and relevant content is upvoted, becoming more visible to more people, and uninteresting and irrelevant content is downvoted, becoming less visible and shown to fewer people.
Your interests are not identical with interests of other people.
My guess is accidentally hitting the button while scrolling, and too lazy to change it.
Might just be people who are used to having an algorithm so they dislike stuff they don’t want to see more of.
Which is a problem
Yes, after all other servers need this information in order to prevent double voting, you can’t just have servers sending each other information “somebody upvoted this” and also tell when servers are allowing users to vote more than once.
So upvotes and downvotes aren’t actually private, never have been, some servers may display them publicly even if most don’t.
There are plenty of ways to handle double voting without plaintext user strings. The fact that it’s done this way is just lazy and poor design and doesn’t actually do anything to prevent a rogue instance from vote spamming with fake users.
Hashing exists for this use case
Hashing alone if it’s just usernames isn’t enough. Need something like keyed hashes, but then malicious servers can lie about numbers of votes.
Otherwise you need something ridiculously overengineered like public but encrypted logs of user actions and Zero-knowledge proofs of correctness mapping everything to a distinct existing user without revealing who it is.
As I mentioned in another post: for consistency is better to have each server count total votes from their own users, send a signed & timestamped message with the count to the host of the post being voted on. Then the host can display a consistent vote count to everybody that shows where votes are coming from without manipulation of external votes.
Each individual server can lie about its count, but not by too much or else it will be detected and the server can get defederated (or have its votes ignored).
but then malicious servers can lie about numbers of votes.
They already can do that by pretending to have users they don’t have. It’s definitely a quick way to get defederated.
And it wouldn’t be caught quickly or maybe even ever if they opted to use hashes instead of just showing who voted and when.
They should be.
Over thinking.
Only the instance with the post needs the username to register the vote, the count can then be updated by the instance. Simple and lightweight
The server hosting the post needs it.
It only needs to tell other servers the vote count, and the votes of people on that other server.
That may not be how it actually works, but that’s all that’s neededYes, but then you can have malicious servers sending fake numbers without other server operators being able to check whether this is at all plausible.
(It’s still possible for malicious servers to send fake votes, but server operators can see which users they are stated to originate from, then block that server if that looks like it’s doing that. At least that is my understanding.)
It’s only fake numbers for posts on the instance.
Not the first malicious instance, wont be the last.
What do you mean “send fake votes”?
Or rather, who do you think should be responsible for identifying and blocking fraudulent votes?And how do you reconcile votes that come from servers that you’ve defederated with? Should everyone have the same view of the post, or should people only see votes from servers that their server is federated with? What about votes from users you’ve personally blocked? Etc
I personally kinda think that the responsibility is on the server hosting the post, and that everyone should see the same (but anonymous) vote count, of which the hosting server is the single source of truth.
A malicious hosting server could use fake points to blast any message to the top of everyone’s feeds until manually banned or defederated
I’m not sure how giving every server access to the votes solves that.
The malicious server can make fake users to pump up votes. your server admin has to notice, then check the vote logs, then see what’s happening and defederate them. That’s pretty much what you described in your scenario, anyways.It’s way easier to notice and defed when you can see these fake usernames
Yes, that’s happened before. They were sending a very large number of votes, so it was immediately obvious. Even a couple dozen from an unknown instance will be noticed, when an admin sees it and says “huh I haven’t heard of that instance” and when they look there’s nothing there.
Same was the case on /kbin, and while Mbin got rid of the downvotes, it still has public upvotes.
kbin also got rid of the ability to view downvotes. I believe either before the fork or at least before the implosion while mbin were still mostly just pulling from upstream.
How to fo that?
Asumming you meant “do”, go to friendica (friendica.world) and paste the fedilink (press the rainbow button) into the searchbar.
