Skip Navigation

YSK: Your Lemmy activities (e.g. downvotes) are far from private

Edit: obligatory explanation (thanks mods for squaring me away)...

What you see via the UI isn't "all that exists". Unlike Reddit, where everything is a black box, there are a lot more eyeballs who can see "under the hood". Any instance admin, proper or rogue, gets a ton of information that users won't normally see. The attached example demonstrates that while users will only see upvote/downvote tallies, admins can see who actually performed those actions.

Edit: To clarify, not just YOUR instance admin gets this info. This is ANY instance admin across the Fediverse.

You're viewing a single thread.

1.2K comments
  • I'm already questioning the whole system behind it, not just votes.

    Say you have critical information that you want to delete but other instances can just ignore this deletion request, than I could technically write a plugin that uses an extra instance, to always display all deleted comments to me, despite me being a regular user.

    For other sites you'd need a crawler, catching this information and all this in a rapid fashion to be usable, with a lot of programming extra work.

    At this point we can as well remove the option to delete or edit a comment as everyone can host their own, which wouldn't be possible with proprietary tools.

    If someone can simply see votes the same way, we can as well add a mouse hover function that will display the username of whoever upvoted.

    • Displaying the internal information publicly is indeed the more honest approach. Still, people need to understand that Social Media is Public Media. Deleting and editing depends on the goodwill of the receiver. Just imagine you were sending an email when you send something here. It is about the same level of control. It is not like you had much more control on Facebook or Reddit.

      • Sure, I agree but less technically versed people don't see it that way. It's obfuscated, that delete doesn't mean deleted. If I delete something on Reddit or Twitter, it's hidden for anyone but the owner and maybe a crawler that happen to have snacked it. People try to circumvent this by using sites that cache Reddit, but even there it most often is not available if you deleted it fast enough. It costs money and there's a delay to have a crawler everywhere all at once.

        Of course nothing is ever truly deleted on the web but we have levels of hiding it. I don't think that alone justifies ignoring that issue. It makes a difference if someone can find it with one click or needs effort. One is much easier to abuse to dogpile someone. Sure, you might not agree with me, I still though it was important to voice my concerns.

        • I think the problem is that people post things without informing themselves. I don't know how to change that. People don't read disclaimers. How do you make them know these things? You can't put big red warning labels everywhere. People need to inform themselves.

        • Which is an education problem and has nothing to do with lemmy.

          It is fucking 2023 if you don’t understand how the internet works by now, it’s out of ignorance and likely has to do with this societal aristocratic attitude towards “techy” subjects.

          It is your responsibility to be informed and to understand the consequences of your actions. We’re finally wakin up a bit :)

    • While I agree with others that it is perfectly fine for everything to be irrevocable like email is (there's no real way the system could work otherwise), I do think the Lemmy web UI and popular Lemmy native clients could do a better job making sure users are aware of that. Maybe when writing a comment there could be a little info bar that says "Content posted to Lemmy cannot be permanently deleted. (Learn more)". And then when you click Delete on something, it could have a similar explanation, adding something like "Deleting this comment will remove it from the feed/thread, but it can still be retrieved from the federated database by any instance administrator. (Learn more)"

      I think it is still useful to have a Delete function, or maybe rename it to "Remove" or something, because maybe you realize what you wrote isn't contributing to the discussion or for some other reason isn't useful for most people to have in their feed. There's a difference between deleting data and removing content from the canonical "discussion", and just because we can't have the former doesn't mean there's no value in the latter. Also, the delete function does have meaningful effects like making it impossible for people to reply to the deleted comment, which can still help with harassment. 99.9% of users will never see that comment again.

    • Which is why either

      • Votes should be publicly viewable like they are in kbin. Not necessarily readily viewable to save server resources, but through a click through or something. No need to hide something that is, in essence, public info.
      • Votes should not be federated at all, but that would be awful for very small instances, though this is how Mastodon has always done it.
      • Votes should be federated in aggregate, but this would kind of break federation because it's a new type of Activity.
    • Say you have critical information that you want to delete

      Then you shouldn't have uploaded it publicly.

      other instances can just ignore this deletion request, than I could technically write a plugin that uses an extra instance, to always display all deleted comments to me

      The same was always possible with Reddit and was even implemented. Why is this a problem now?

      For other sites you’d need a crawler

      Only if they don't have an API.

      • People can accidentally reveal there identity or post something, notice this is too private edit or delete it. The chance for someone to have seen it in 1 second is low. The chance for a bit to have crawled that thread, with that comment, is higher but still low as it requires infrastructure, that costs money and a little skill to setup. Something someone for a simple plugin won't do.

        If anyone can host a Lemmy instance and you just need to filter that one line of code that's for forwarding delete or edit requests, you can just push that info into a separate view. You now just need a plugin that will poll from the instance that's not complying to delete requests and display them to the user. Hell that's something even I could do quickly if I ever feel bored.

        • Hosting (or simply just using) a crawler takes less resources and skill than hosting Lemmy let alone modify it the way you intend.

          • Yes, I know, every CS student can program a crawler. I explained in another comment why it's still a huge difference.

            Maybe if hosting a Lemmy instance is that hard, it's enough? I don't know.

            • I found hosting a Lemmy instance pretty easy but I admit I have the experience to readily recognize how fucked the Lemmy docker-compose example is.

              No clue whatsoever how to write a crawler.

1208 comments