Remote View

2mo ago

Should we opt out of Lemvotes?

Update: Thanks mateys for participating! Our instance was really split down the middle on this vote - 49% in favour, 51% against.

After reading all the comments, it honestly seems unlikely to me that private voting will ever be a viable option for Lemmy in any meaningful way, because voting data gets federated out all across the fediverse, so I think on balance the best way forward is just to accept that reality and work under the assumption all votes are public. At least then nobody is lulled into a false sense of security.

Having said that there's an argument to be made for both sides and I don't think there's a "right" answer necessarily. Its more down to personal preference about whether you want/expect private (to the users) voting, or you want to embrace public voting. But until Lemmy can guarantee the privacy of user votes then simply pretending they are private seems like the worst of both worlds.

We might revisit the topic of public/private voting again down the road if Lemmy's developers provide privacy enhancements in that area though.

Cheers, Unruffled.

Hi again mateys!

As most of you are probably aware, since the development of Lemvotes Lemmy votes are no longer private for users.

The way lemvotes works right now afaik, is it uses an admin level account to collect voting data from all federated instances, thus enabling the identification of every voter. This method effectively bypasses the guardrails the developers put in place to keep this info more restricted.

However, the developer of lemvotes has recently developed an "opt out" for instances that don't want their user data collected in this way. So now we have a choice of whether or not to continue. For total transparency, I asked the developer to create an opt out because I wanted to give our users the option to choose that path without defederating from the lemvotes instance.

I think there are (at least) two schools of thought on this topic, which I will attempt to succinctly summarize below:

Votes should be kept private to users as they were only ever meant to be viewable by instance admins. Making votes public to everyone via lemvotes, when users have a reasonable expectation of privacy when it comes to voting, is a betrayal of user trust. It also leads to arguments and a lot of unnecessary drama, caused by users trawling though each others' vote histories.
It's good that voting is transparent and that users have the same tools available as admins to conduct their own investigations into other users. This creates a level playing field and helps hold everyone accountable for their voting patterns.

So now you have some of the context, I'd like to ask our community what are your thoughts on lemvotes... is it a social good or a bad idea?

Personally, I quite like it from an admin perspective - it's a handy tool, and a pretty cool project. But I also have an expectation (mainly from other forms of social media) that users' votes should be kept private from other users, so I still think it's problematic from that perspective.

Proposal: To opt out of lemvotes, so that our users' voting data is kept (at least somewhat) private.

To vote FOR the proposal to succeed, upvote the post.
To vote AGAINST the proposal, downvote the post.

This will be a simple majority vote. Similar to the last governance topic, I have no clue what the instance sentiment is towards lemvotes, so let's find out! Feel free to add your comments below.

238 comments

Acknowledged governance topic opened by https://lemmy.dbzer0.com/u/flatworm7591

This is a simple majority vote. The final tally is as follows:
For:
(3),
(3),
(1),
(2),
(2)
Against:
(4),
(2),
(3),
(2),
(1)
Local Community: +0.6
Outsider sentiment: Very Positive
Total: -0.4
Percentage: 49.00%
This vote has concluded on 2025-08-09 01:29:16 UTC
Reminder that this is a pilot process and results of voting are not set in stone.
- Waat the hek du thees emoji signifie? (si, soy _{Nederlandishe})
  
  It's the instance's voting system that classifies users according to their description upon registration and/or their donation to the instance, see this thread: https://lemmy.dbzer0.com/post/35557475 (it's linked in the sidebar)

I don't see much point in opting out. The data will still be available to anyone who spins up an instance, and this could lead to a big game of whack-a-mole.
Better would be to push the Lemmy devs to find a universal solution.

Hi, Lemvotes dev here. As you can imagine, I believe votes on the Fediverse should be public, because that's just how ActivityPub works. Votes are sent out to every subscribed instance, which can then do whatever it wants with them.
We need to stop pretending votes on Lemmy are private, they're not. By letting anyone view votes (well, they can do that without Lemvotes by setting up their own instance, Lemvotes just lowers the entry barrier), users can see, for example, who's serially downvoting their posts or a community's posts.
Also, I don't think votes being public ruins Lemmy. They're public on bluesky and (virtually) no one is complaining. Additionally, platforms like kbin and mbin, which are part of the Fediverse, already make votes public. So even without Lemvotes, people can view the votes on posts. Lemvotes just makes it a bit more convenient.
The only way to fully prevent anyone other than dbzer0 admins from viewing votes is to disable federation.
The way lemvotes works right now afaik, is it uses an admin level account to collect voting data from all federated instances, thus enabling the identification of every voter. This method effectively bypasses the guardrails the developers put in place to keep this info more restricted.
Just a technical nitpick, this is inaccurate. Lemvotes queries the Lemmy database directly, so instance admins can plug it into the db and Lemvotes is running. I was considering making Lemvotes its own Fediverse actor, so that (1) setting up an instance of Lemvotes would be easier, and (2) opting out would be simpler by simply defederating lemvotes.org (or wherever the instance is running), but after working on it for a bit (the results of my work are on this git branch), I realized I don't know enough about ActivityPub, and that I don't care enough about Lemvotes or Lemmy to spend my time on this, as I have other projects to work on. In case anyone wants to develop that themselves, they're free to do so! Lemvotes is open source.
- Thanks for this insight, it swayed me to vote against the proposal. If votes are already semi-public through federation I'd rather it be transparently public than giving the illusion of privacy.
- Thanks for adding your voice here Lena, and for clarifying the technical details.
  Also, I don't think votes being public ruins Lemmy. They're public on bluesky and (virtually) no one is complaining. Additionally, platforms like kbin and mbin, which are part of the Fediverse, already make votes public. So even without Lemvotes, people can view the votes on posts. Lemvotes just makes it a bit more convenient.
  Having read through all the comments (thanks everyone), I'm voting against the proposal. But of course we will respect the voting outcome, whichever way it lands.
- I think this is a great write up and shows why it doesn't make sense to opt out, votes on the fediverse like anything else shared over activitypub are public, an opt out doesn't change that.
  Personally I think that a service like Lemvotes should fight against this as much as possible, some people have and admins have made slanderous and outright evil accusations towards them as a result but it ultimately doesn't matter. This place is open and public, all activitypub data is shared publicly. If someone running a server doesn't like that, they should move to whitelist mode or turn federation off entirely.
  Providing server admins with easy opt-out while still remaining public hurts the viability of a server like that and encourages decisions based on a false sense of privacy.
- what is this supposed to be

Personally I vote against because security through obscurity, isn't. People who want to get this data for malicious purposes can easily get it. It will only affect people trying to do it causally (i.e. To check if someone is a chud).
I personally find the whole voting system in lemmy flawed but that's another story.
- Yeah I've had a change of heart about lemvotes. After reading through all the comments, and realising people only need a kbin or mbin account to see all the votes anyway because of how activitypub works, there is basically no point imo. As many commenters mentioned, opting out of lemvotes will only give the illusion of privacy, and doesn't address the underlying problem. And given our genAI mods rely on that tool to assess troll accounts, I'm kinda hoping it won't pass now.
  But really if we were to go along with the public voting paradigm that is part of activitypub, then I think Lemmy should really embrace it. Like create a toggle that allows instances to enable public voting, so any user can see who voted on what in the default UI. Might also help reduce vote manipulation once everyone knows its fully public.
  
  Unfortunately displaying the fact that they're transparent was closed as an issue: https://github.com/LemmyNet/lemmy/issues/4967
  If you look through the thread it's the same as here. Divided between "public is public" and "public should only be public to a technocratic elite" and "I am an ostrich"
  🙃
  
  *bin only displays who upvotes, not who downvotes. That said this data is public in the ActivityPub stream rn as you say.
- Why flawed? Please elaborate, genuinely curious.
  
  Because up and down don't provide anywhere enough for signal. I would prefer them be specific positive/negative emojis which would help with filtering and sorting, lead use properly and avoid misunderstandings

Votes are public though, pretending that they're not is just deceiving users.
Anyone who admins a federated instance, and any of their friends, knows vote counts.
But I also have an expectation (mainly from other forms of social media) that users’ votes should be kept private from other users
This is literally just reddit and hackernews, some of the worst and most astro-turfed socmed. Twitter post nazification too I guess.

Against.
Does not stop voting being public
Does nothing for privacy, it doesn't stop how federation sends the info required to vote
Useful for moderators in communities where they have haters despite being self contained.
Useful for users to know when they have a dedicated hater/fan.

Against. As Lena has indicated, this does not require spinning up a full instance and admin account, but just to spin up a copy of LemVotes, which is open source. Easier than that, I've also read that votes are available without admin rights through queries to the Lemmy API. Even easier, the votes are also already public through the *bins and friendica.
EDIT: Lena has clarified that Lemvotes does depend on having a Lemmy instance, and that votes are only available through API to admins.
I understand the use of having a small hurdle to dissuade people, I regularly build them into my scripts at work so people can't accidentally break shit with them. But my point is, removing our instance from LemVotes does not raise that hurdle to any significant degree.
This is a core limitation of ActivityPub. Votes must be sent with username attached for federation to work properly. The data is already out there. Any ActivityPub system that doesn't make them public is just doing so on the front end. It's set dressing, not actual voting privacy.
I don't like that it works this way, but I've chosen to accept it as the cost to be part of the Fediverse, to be uncensorable.
If you want privacy, the path is the same it always has been: rotate accounts regularly.
As far as I'm aware, the only true workaround is in piefed (I think it's piefed at least) where a hidden account with a randomized name is created with your real account, and the hidden one's name is attached to your votes instead of the real account. So it would require your own instance admin to see the link in vote and identity. Or basic levels of observation skills to connect the person posting negative replies is the random username also downvoting.
I also don't like the idea of even being able to opt out. It creates an entirely false sense of security and privacy, and could be seen as a signal that our instance doesn't intend to participate in the wider fediverse transparently and in good faith.
- Well stated.
  rotate accounts regularly.
  Thanks for the reminder.
- As Lena has indicated, this does not require spinning up a full instance and admin account, but just to spin up a copy of LemVotes, which is open source.
  Lemvotes currently depends on a Lemmy instance, though I could make it independent with Fedify if I had the time and energy.
  Easier than that, I've also read that votes are available without admin rights through queries to the Lemmy API.
  https://lemmy.readme.io/reference/get_post-like-list
  the API is admin-only, though votes are federated through activitypub, that's why instance admins can see them. That's just how activitypub works.
  I also don't like the idea of even being able to opt out. It creates an entirely false sense of security and privacy, and could be seen as a signal that our instance doesn't intend to participate in the wider fediverse transparently and in good faith.
  yeeeeah, this was the db0 admins' idea, otherwise my instance might have gotten defederated, which I prefer doesn't happen. The solution would be, as I said, to make Lemvotes its own fediverse actor, but I don't have the expertise or energy to do so.
  
  otherwise my instance might have gotten defederated
  Umm, wait what?

I don't want lemvotes. It sounds like some real reddit shit and it's a terribly dumb word. Not to mention I want less tracking and more anonymity on the internet in general.
- This is not going to give anonymity, it at worst gives an increased false sense of anonymity.
  Not only could others spin up more copies of lemvotes, last time I checked every mbin instance shows that info freely.
  For what I'm concerned this proposal would merely make looking up votes slightly less convenient.
  Edit: Yep, mbin still shows votes, no login required: Example
  
  Less convenient means more private if more people give up. I don't expect 100% privacy in my life, but I won't make it easy for anyone.

This data isn’t private in the first place. What point is there in opting out of a pinhole when niagara is right there?

I think that opting out only makes it harder to find out who voted what, I can still find out who voted what by opening a post in friendica (though it misses a good bit of info).
Giving users the illusion that their votes are private is dangerous.

Against.
Facade of privacy is worse. Opting out won't do anything, and it might give people false sense of privacy. Let everyone know their votes are public. In my head, voting on lemmy is equivalent of saying "aye" in real life, that is, you are assenting to something publicly.
I in fact consider this to be a feature, it's helpful in detecting votes manipulation.

Against.
To block it would just further a false sense of privacy. The votes are already public, this just makes that data very slightly more accessible. To pretend otherwise is simply burying our heads in the sand.

This instance is based greatly on sailing the high seas. Privacy should go hand in hand with that. I don't want my votes to be "investigated" as they reflect my personal opinions and that is sacrosanct.
- Understandable but not what this proposal would achieve. The data is available, this is just one of the interfaces showing it.
  This one can be easily opted out of, other existing ones cannot.
- On ActivityPub, all votes are public by design. They are only hidden so users can focus on discussion rather than "who did what". Anyone with an AP instance or tools like this can view your sacrosanct opinions whether you opt out or not.
  
  So it seems like this discussion should be aimed moreso at ActivityPub, not Lemvotes
- Except that's not how any of this works. Votes are public via the ActivityPub protocol, which is why this tool is possible in the first place. Kbin ane Mbin make votes public, so all you need to do to see this is use one of those instances federated with dbzero. This kind of comment is just being ignorant of the technology and mechanics in place. If you wanted that kind of privacy you shouldn't be on this platform. You should probably not be on a public forum with actual usernames. Maybe try 4chan?

The fact anyone on db0 would advocate for 'transparency' in the name of surveillance makes me believe either I chose the wrong instance or you did.
Sure, that data is available to admins, but this approach will naturally lead to a chilling effect that directly opposes this instance's supposed principles. I understand the why here, but cannot fathom, with how often data is misconstrued by the malicious in the modern age, anyone would operate or advocate for such a service.
- This is exactly why I think we should push for Lemmy as a whole resolving the issue, instead of dealing with vote trackers as they crop up.
- That data is available to admins of any instance. Anything federated. That's an impossibly large number of instances to keep track off over information leaks, especially since votes are saved permanently so any leak of any instance would retroactively expose all votes again.
  This is not even starting to touch on other activitypub software interpreting votes as inherently public and showing them as such. On mbin, anyone can see votes.
  In practice this data simply is irrevocably public until lemmy itself hides it on the protocol layer. Right now, it can't even be properly obfuscated.
- What's the chilling effect? What kind of power does anonymity of voting (even if that were available on lemmy) confer, considering that comments can't be anonymous?
- As someone pointed out this is already public information for anyone using kbin and mbin. Blocking tools like this doesn't really change that, or even make it harder to see. People are saying without it you would need to make your own instance to see who voted, but given kbin and mbin exists this is probably false and misleading.
  Votes being public is an inherent part of the protocol and the software. There isn't much that can be done without redesigning both of those things. Even then it would probably be a case of votes per instance, not fully anonymous voting. Doing that could potentially create moderation problems as well.
- I feel like this would be better served as a discussion around ActivityPub then and not just Lemmy - and not just ancillary softwares based on Lemmy like Lemvotes
  
  Maybe the whole question is just, should an instance show votes. As in, if an instance truly wanted their votes to be anonymous on activitypub, it couldn't happen. So those who are not wanting to have their up/down votes seen, should be opting out of up/down voting. While those who don't care / want their votes to be seen, should be up/down voting.
- in the name of surveillance
  Who surveils who here, though? I can be surveiled but also surveil the surveiler myself, as long as the person is on an instance that hasn't opted out. And isn't viewing people's old comments a pretty similar sort of "surveillance"? The difference comes mainly from how we're used to the reddit model where comments are public and votes are private...
  Lemvotes has been available for many months, yet there's been no "chilling effect" on anyone's behaviour, as far as I see.

I'm for the opt-out. I am aware of the fact that anyone who has looked into the subject knows that it's easy to get that info, but there's a difference between "I need to actually put a small amount of effort into it" vs. "I just copy the URL". If someone wants to look it up and jumps through the hoops, that's fine by me, but it shouldn't be an everyday thing.
I personally vote on nearly every post and comment i read, and even tho i don't want to push any agenda or discriminate any user, someone who i perceive as a bad actor or who regularly comments stuff that screams "i need to touch grass" might construe (wrongly) that i target them. Tbh, most of the time i don't look at the username when voting.
(but it is pretty interesting that i have submitted around 71000 votes since the API reddit exodus lol)

Against. Your comment history is even easier to access and it's usually much more sensitive. If you really care about anonymity you need a stronger method.
Downvotes are not a slap in the face. They're the social equivalent of "hey, I disagree with your content or tone". Really it's not a big deal to me if they're public. I've downvoted by accident, or changed my mind before and upvoted later.
Now if you're talking about lemips, a list of user's ip addresses, that's a different story.

I dislike the comments I sometimes see which threaten people downvoting certain things and imply that the only possible reason anyone would downvote is because they are
<pejorative identity here>
and that they will be stalked and shunned for doing so. I see these kinds of comments in situations where something probably got downvoted because the person was being an asshole or an idiot rather than because downvoters are on the opposite side of their ideology or hateful. So it's like they want to prevent criticism through chilling effects and bullying. I get that it's tough to see that people don't like what you have to say, and that sometimes this is not useful information, but that's what options to hide vote scores are good for, just cut yourself off from this information if you can't engage with it in a healthy way or acknowledge that you might not understand the unstated thoughts of the people clicking up or down.
Even if it is not ultimately concealable information, I think this kind of measure is good because it at least sends a message that toxic vote stalking is disapproved of.

Against
This information is already public. Something like kbin or mbin which already shows votes could theoretically be used to show them for any federated instances anyway. It's pointless trying to obscure this information as it's not actually protected in a technical manor. If you didn't want this information public you chose the wrong platform.

Against.
An illusion of privacy is dangerous. If voting isn't anonymous (it isn't, and wouldn't be after an opt-out) then it's better for users to know that and act accordingly.

Against.
Pretty much eeveeryone have clarified the good reasons Against already, and I share most of them. The one that I want to emphasize more is that regarding this point:
But I also have an expectation (mainly from other forms of social media) [...]
Half the point of lemmy is that it's not like other forms of social media, at least the big ones. This is not Twitter where we know already everyone is nazis, or Reddit where people can just brigand and go bomb-review software projects or stuff like that with impunity. The other half is that it's federated and public. That, by nature, has to somehow include the votes.
We're on lemmy. Let's own it.

Voting for the proposal, would be nice to opt out of extra tracking beyond what already gets tracked/logged during typical Lemmy usage.
But in the grand scheme of things this is more of a Lemmy network problem, if that site exists then surely other sites/tools exist (or will soon) to do the same thing. I've always kind of figured it doesn't take much to start up a Lemmy instance, federate with others, & just start logging the info being sent across the instances (in this case upvotes/downvotes).
You've kind of got me wondering how Piefed handles that but that's another topic really.
- Everything you do on lemmy is public forever. That's how activitypub works. Even if you delete everything no server has to respect that.
  Anything you upload is public record forever until proven otherwise.

I'd like to opt out of lemvotes

Against.
As it turns out, upvotes are public regardless! As that's the case, I really just don't care either way.

Against.
User votes have never been private as it seems. Lemvotes only made this loophole mainstream. This has to be fixed by lemmy devs, an opt out would give a false sense of security and leave the other lemvotes type tools that are not known yet untouched.
- It's not even a loophole, this is how ActivityPub is designed

I doubt there's any practical way to keep votes 100% private, there's always a workaround. Playing whack a mole on this stupid little thing is not worth it

voting for. i understand the info is available either way, but im in favor of raising the hurdle for this data to be collected.

Voting against, succinctly:
"opt out" implies unearned trust, from the jump
mechanically, no data is less or more available, with sufficient motivation
preferring the illusion of privacy is a self-defeating pattern of behavior, it has run amok
I'm generally against concentration of info access, on principle
I think there are good reasons to disagree, but I won't make that case as well as someone who does, so I'll leave it to others.

FOR
Yes the data is available to anyone, but at least it involves some technical prowess.
The amount of times i have seen people discuss some users votes and what they interpret into it is just weird. let them at least dig for the stuff a little bit.
from a privacy standpoint it would be great, if the data could even be hidden from admins. while still allowing to do some verification (like in these governance threads). but that is a problem for the lemmy devs.
- Votes are public on kbin and mbin too. Without even logging in.
  Regarding hiding votes from admins, that's impossible without crippling moderation tools and allowing vote spam to happen freely, because admins would not be able to investigate. And that's just not how ActivityPub works. Votes are public.
  
  i don't know activity pub well enough to say what is possible to do on it. i was just saying what would be cool, to avoid tyrading users, based on what sometimes seems to be one or two votes.
  IMO vote spam is just buildt into lemmy. spinning up your own instance and pretty much nuke any post, user, community, ... you want is not that hard. i thought of writing my on POC for a 1 click script like that - but did not end up doing so, as i was too lazy.
  i guess that is my main motivation behind being against easily accessibly insight into votes: most ppl are too lazy to do it themselves. it is good to know anyone can access it. but they have to put a little effort into that.
  you and i will probably not agree on that, but that is fine.

ITT people not understanding that their votes are basically public no matter what. This tool might as well be one of a thousand and we're just playing wack-a-mole. Kind of a waste of time to bother with it, instead lemmy should get better.
- I wonder how many people will up vote the post without reading it just because it's what your supposed to do for discussions you want promoted. Some people might say, oh a public announcement for the instance, up vote and move on.
  
  Judging by the previous vote in c/governance, not very many imo. I think most of our users who take the time to vote have already formed an opinion one way or the other, and judging by the quality of the comments, they are informed about the topic. It's also nice to see some undecided folks reading the comments and being swayed one way or the other.
  I'm trying to stay out of the debate and act as a (fairly) neutral arbiter so as not to influence the outcome. But it seems so far that around 2/3 of our users prefer votes to be kept (somewhat) private. The other 1/3 prefer public votes, for a variety of reasons.
  As someone else mentioned in the comments, a lot of us came over from Reddit, so that might partially explain why the sentiment is skewed towards private voting - it's simply what most folks are used to. But I can also see an argument can be made for transparent public voting, as a means of keeping everyone honest and accountable to each other. I haven't completely decided which way to vote yet.

I don't think so, votes are public by nature, and it is useful to be able to find where and how users vote to make judgements based on vote manipulation. I say this as someone who has dealt with huge amounts of vote manipulation in my own communities.
Although the fact they are offering opt outs from instance admins instead of making it censorship/defederation hardened does make me lose faith in the integrity of lemvotes as a service since it no longer will show a majority of votes due to admins opting out.
- You can always run your own instance of lemvotes
  Its open source.

Against.
A harder question for me is whether or not to get rid of public downvotes altogether. I think most interactions would be less hostile without the downvote option at all.

I'm voting FOR. To be honest, after reading the comments, I do find the argument convincing that we shouldn't enable the illusion of security. But, on the other hand, I strongly believe that creating a tool to specifically investigate particular individuals, even if it was already technically possible, is ripe for abuse.
Literally any barrier to entry can give some angry individual a chance to cool down before they go on a brigade against the target of their rage. I'd slightly prefer if we don't enable them.
All that said, if it's not this tool it will probably be another, so my vote is mostly symbolic.
- Maybe it would be better for everyone to have access to this tool, rather than just a select few who have the time or know how to setup their own instance to collect this data?
  
  I mean, maybe, I really can't say for sure. Taking this to its logical extreme - should everyone have access to Clearview or one of the many facial recognition databases? There are clear upsides and stark downsides.
  Obviously this case is a lot less everything than that hypothetical, but I think it's all part of a larger conversation about privacy and access to ostensibly private information, or even how private information should be.
  I'm not prepared to believe that humanity is ready for all the privacy we've enjoyed to be lost so quickly.

Against. Generally I prefer the option of being anonymous, but we shouldn't promote a false sense of security with a tool that doesn't accomplish the job.

As others have said, it seems that comments and votes on Lemmy are public by default, and the issue of anonymization should be directed towards redesigning how Lemmy and even ActivityPub shares information.
That being said, we on db0 have less control over those softwares because they underpin our instance here on Lemmy. For what we do have control over, I'd expect this instance to preserve the privacy of its users as much as possible.
I also agree with others that opting out of Lemvotes means one more deterrent for bad actors to abuse the system. We don't want to make it easier for people to spy on and stalk others, even if this opting out doesn't fix the root cause.
I vote Aye for now, only so far as we continue this conversation to address privacy overall in the Fediverse.

in FAVOR: even if it's a bit of a facade, it gives off the signal to future devs that privacy is still very much a desired thing, even here, and not an after thought.

Against. Votes being public makes me vote better. It stops me from angrily downvoting stuff I dont like when im in a bad mood.
- Interesting, I was wondering about that. If they were completely public by default it might make people more thoughtful about their voting in general.
  
  They are public, and that doesn't stop anyone being insane. More transparently public might be good though.
  Personally I think transparency is almost always good. Nobody is stopping you making an account for being a creep and a loser on, but that might earn you derision. I can see no compelling reason for hiding votes, there's this abstract "oh I can support true but unpopular positions" ok well for good causes secret support is pretty much worthless and if I might become a goose with a knife for a moment: What are these secret opinions of yours? Because as someone who occasionally looks at voting patterns it is always the conservative takes lmao.
  
  It does to me. When I first joined the fediverse i was on kbin where votes were public and it made me think twice if something was truly downvote worthy then I got on fedia.io where downvotes were hidden and I caught myself downvoting more and more comments that I disliked or disagreed with wothout them being inherently "bad" coments. Then here I've been trying to be more concious of how I vote but, tbh, is kinda hard to keep my inner redditor under control when I think I can get away with it. A few days ago I learned about the lemvotes thing and that has reminded me of keeping my voting habits under controll, I know i should be mindfull of it regardless but is somewhat easier for me when someone might be watching.

I'm against opting out. Whether Lemvotes, vote federation, or the voting system as a whole are good or bad isn't the matter at hand. This vote is either for or against plugging our collective noses and pretending everything eternally smells like lilacs.

I'm not a fan of this, it gives a false sense of privacy in the Fediverse. Voting data is public even if specific tools to view it decide to cater to the desires of admins. It's very easy for developers to just not do that, and it has been done before.

I support it but it feels pointless given it's just trying to treat symptoms and not the core issue which is the ability to get them in the first place. I don't think that there's even any good solution for that given the decentralised nature of the fediverse which sucks.
- It is complicated but possible.
  You can anonymize votes, peertube is doing something like that.
  I can imagine even more complicated systems that limit the instances with that info to 2-3, a number small enough to make it plausible no leaks happen, while still making it very hard to fake votes with a malicious server.
  
  Interesting, is it actual anonymity or just static obfuscation where after simple data analysis you'd be able to tie all past and future data to the user moving forward? Do you have the source for that? I have issues finding anything despite trying out different keywords.

In my opinion, it's a good thing. Anyone wanting the information for nefarious purposes only needs to spin up their own instance and they get it. This just gives the tools to everyone easily.
I think the illusion that votes are private should be crushed, because they aren't and you should be aware of that.

IN FAVOR OF OPTING OUT
Public voting is one of my least favorite features of lemmy/threadiverse.
I don't know if it's possible to have a federated network where votes are totally private but it would be a strong preference for me. I thought there were already some tools instances could use to protect their users privacy?
If it is implausible to totally obscure it, then I think we need more user controls to avoid accidentally voting for something that leaves a breadcrumb trail about you. Such as reminding new users their votes are public, having an easy way to see overview of all your own votes, option to remove the vote buttons from the UI, being able to unvote all your past votes (which would still be imperfect of course).

Anything that makes it harder for the average .world brigarder to harass people because of their voting patterns is a welcome change. So naturally I'm voting "aye" and for opting out of any further such tools/other instances of them when they will eventually pop up.
I am aware that votes are not private, but the bar for exploiting that is on the flor when you just have to copy a URL

Against: you depend on the lemvotes instance implementing the opt-out feature, you can just as easily fork it and remove it
- The opt-outs are not hard-coded in the source code, it's just an environment variable. Forking would be unnecessary.

Opt Out. We don't want others spying our internet updoots.

After reading the comments in this topic, I am voting AGAINST.

For.

Against.
Not that I would use it anyway, but I bet it helps in finding bots that manipulate certain posts. R****t has ton of these and they end up undetected, especially with new private profile settings. I'd rather show everyone what I voted for and let them know I am real rather than have bunch of people in threads promoting corpo things as if they are real people.

Against.

I'm in favor of opting out of this, but not because of privacy concerns. Being able to identify how users vote would take away from conversation, as well as discourage users who would rather avoid being dragged into the conversation from voting at all. Sure, the data is already available to those willing to spin up an instance, but the overwhelming majority of people wouldn't bother. This really should be opt in instead of opt out.
- I haven't looked into it in the slightest, but I was just thinking that it probably wouldn't even take all that much work to just create a userscript that just pulls that information from kbin or mbin (since it doesn't even require being logged into to view) and have it easily accessible on every post, no matter which instance you are apart of. Once made public, anyone can install it with a couple clicks.
  Wouldn't it be better for people to assume it is easily accessible information and treat it as such instead of giving themselves a false sense of privacy or thinking that it might protect them from being dragged into a conversation?
  
  Even less work, if I understood correctly, it pulls the info directly from the API. See the comments of Lena here.

For. More privacy > less privacy, even if it's minimal.
- The privacy would be a facade tbh.
  
  I've read a few comments here. I'm not sure I fully understand, but,
  With Lemmyvotes anyone can see anyone's voting history.
  Without Lemmyvotes, someone would either need to be an admin (is mod enough?) of an existing federated instance, or they could spool up their own instance to become an admin, which in turn makes them able to see my votes.
  Option 2 makes it more work and I'd rather there was a hurdle to seeing my vote history than not.

I'm for - whilst I'm aware lemmy votes are attainable via one mean or another, opting out sends a message that whilst yes, it is possible to attain voting information, it should not be considered normal and socially acceptable to do so.

238 comments