mbin icon indicating copy to clipboard operation
mbin copied to clipboard
verified publisher icon MbinOrg

Privacy of Lemmy votes

Open Nutomic opened this issue 1 year ago • 13 comments

Describe the bug

Votes sent by Lemmy are marked as private, as you can see by the lack of https://www.w3.org/ns/activitystreams#Public:

{
  "actor": "http://ds9.lemmy.ml/u/lemmy_alpha",
  "object": "http://ds9.lemmy.ml/comment/1",
  "audience": "https://enterprise.lemmy.ml/c/tenforward",
  "type": "Like",
  "id": "http://ds9.lemmy.ml/activities/like/fd61d070-7382-46a9-b2b7-6bb253732877"
}

In comparison, posts and comments are marked as public.

On which Mbin instance did you find the bug?

fedia.io but it affects all instances

Which Mbin version was running on the instance? 1.7.1

To Reproduce Steps to reproduce the behavior:

  1. Open any post
  2. Scroll down to 'Activity'
  3. Go to 'Favorites' tab
  4. See names of users who voted from Lemmy

Example: https://fedia.io/m/[email protected]/t/1187925/ich-iel/favourites

Expected behavior

Mbin should respect the privacy level of Lemmy votes and not display the usernames publicly. Votes should only be used internally to calculcate scores. We also display voter names to admins and mods to prevent abuse.

Nutomic avatar Sep 12 '24 09:09 Nutomic

I just want to add that of course its ultimately up to yall to decide how you view vote privacy, but its worth reading through some of the arguments linked in the thread above, to see why lemmy's community overwhelmingly wants to keep their votes private.

dessalines avatar Sep 12 '24 14:09 dessalines

We had a discussion in our matrix room a while back discussing this topic. I actually do not really care whether it is displayed or not (as a user), but I do not get any value from it either.

I think respecting the visibility of incoming votes would be a nice compromise.

BentiGorlich avatar Sep 12 '24 18:09 BentiGorlich

I have never heard of any problems stemming from Mbin or kbin making votes public. If anyone knows of examples or other discussions about this, please share them. Most of the objections in the Lemmy github issue were hypothetical. I'd like to hear from Mbin/kbin users since they have first-hand experience with public votes.

Personally, I found it quite nice on one occasion when I thought a thread I made was being astroturfed. I was neither a mod nor admin, yet I was able to look up the accounts that were voting in the thread. Neither a mod nor admin took any action against the accounts so I don't think "leave it up to the mods/admins" is a solution.

MaximilianKohler avatar Sep 12 '24 18:09 MaximilianKohler

Why does something have to have happened for this to be valid topic to consider?

What do you all think of limiting the display of votes to your own ones? So you cannot view them when you're not logged in

BentiGorlich avatar Sep 13 '24 07:09 BentiGorlich

Why does something have to have happened for this to be valid topic to consider?

The argument is that it would cause a bunch of problems. So if mbin/kbin users haven't reported experiencing any of those problems then it makes the concerns less valid.

I don't think limiting vote visibility to logged in users is a good idea. If I can use archive.today and archive.org to save a history of voting patterns it helps me identify and prove problematic activity.

MaximilianKohler avatar Sep 13 '24 20:09 MaximilianKohler

Privacy through obscurity, since ActivityPub is public by design...

Mastodon also doesn't hide the people who favorited (liked) posts or boost posts.

If you want to have privacy on ActivityPub (whether it's Lemmy, Mbin, Mastodon, PeerTube or anything else), you will need to create an anonymous account. Use VPN + Tor network. And never expose any personal details. That is the only way.

melroy89 avatar Feb 10 '25 13:02 melroy89

The Activitypub spec contains a section on Public Adressing, with a url as public identifier. It indicates that anything not addressing this identifier is not public. Not sure where you got this "public by design" from.

Afaik Mastodon only shows the names from likes or boosts for your own posts. I cant see who liked or boosted a post written by someone else.

Nutomic avatar Feb 10 '25 14:02 Nutomic

Afaik Mastodon only shows the names from likes or boosts for your own posts. I cant see who liked or boosted a post written by someone else.

Mastodon allows you to see this information for all posts, not only your own. (I just checked it, because I wasn't sure. Though I didn't expect it)

BentiGorlich avatar Feb 10 '25 15:02 BentiGorlich

Not sure where you got this "public by design" from.

I mean ActivityPub protocol publish all this data across the network to all instances, which is by design public. And yes Mastodon will show you all the likes/favorites on posts. For example: https://infosec.exchange/@jerry/113981954312941988/favourites

melroy89 avatar Feb 10 '25 22:02 melroy89

I mean ActivityPub protocol publish all this data across the network to all instances, which is by design public.

No, only to the instances which sent a Follow request and received an Accept back. This is also important because Lemmy implements private communities (https://github.com/LemmyNet/lemmy/pull/5076) in the next major version which use the same Public attribute. If Mbin cannot support this then private communities need to block Mbin instances completely.

And yes Mastodon will show you all the likes/favorites on posts. For example: https://infosec.exchange/@jerry/113981954312941988/favourites

Youre right, this is very strange. Lots of users would probably be surprised by this behaviour if they found out.

Nutomic avatar Feb 11 '25 11:02 Nutomic

This is also important because Lemmy implements private communities (https://github.com/LemmyNet/lemmy/pull/5076) in the next major version which use the same Public attribute. If Mbin cannot support this then private communities need to block Mbin instances completely.

Mbin does not really support this, no. We have band-aid for private mentions from mastodon, but we do not really support anything but public, yet (except for DMs the way lemmy implements them). We also do not have support for manually approving following users or magazines/communities.

Both are on the road map in my head, but no ETA on either of them, yet.

I just want to make clear that I personally think that it makes sense to interpret the public/private property of votes the same as we will do with posts in the future, but it seems like the community is against that. For a public magazine/community it might be confusing why the votes would not be public as anyone can subscribe to it and get the votes that way (I think that is what @melroy89 meant by "Privacy through obscurity"). I am personally fine with either way

BentiGorlich avatar Feb 11 '25 11:02 BentiGorlich

At least today and since at least sometime last year, downvotes ("reduces") are not public. Only upvotes ("favorites") are.

aaronliu0130 avatar Apr 28 '25 23:04 aaronliu0130

At least today and since at least sometime last year, downvotes ("reduces") are not public. Only upvotes ("favorites") are.

It was since this PR: https://github.com/MbinOrg/mbin/pull/516. From then on, only upvotes and boosts were public.

jwr1 avatar Apr 29 '25 00:04 jwr1