YSK: Your Lemmy activities (e.g. downvotes) are far from private
Edit: obligatory explanation (thanks mods for squaring me away)...
What you see via the UI isn't "all that exists". Unlike Reddit, where everything is a black box, there are a lot more eyeballs who can see "under the hood". Any instance admin, proper or rogue, gets a ton of information that users won't normally see. The attached example demonstrates that while users will only see upvote/downvote tallies, admins can see who actually performed those actions.
Edit: To clarify, not just YOUR instance admin gets this info. This is ANY instance admin across the Fediverse.
There's a reason nobody has to publicly announce who their voting for in democratic countries, and that there's no mechanism to check that. People can be grouped, ostracized, persecuted, canceled, or worse.
You don't publicly announce it, but the government still knows it's you who voted. Except in this case the site is open source. Knowing who voted is the only way to prevent vote manipulation.
Okay, yea, that does make sense. I was thinking of electronic votes, in which case there wasn't much stopping them from storing that data. But you can get a paper ballet where your name isn't on it. Regardless, actual voting isn't a good analogy. You can change your vote on an internet forum, you cannot with a ballet.
Let's say on lemmy, up or down vote, it reported "Bazoogle has voted" and simply adds a number to the variable without my name tied to it. If I wanted to undo my vote, it wouldn't know whether to subtract an up vote or down vote unless it knew which one I did in the first place. The only other option would be to try and encrypt the username with some sort of identifier that can't easily be decrypted. Which might be possible, but is beyond my current knowledge of cybersecurity.
It’s as simple as sharing vote counts but not individual identifiers between instances. Problem solved.
A user doesn’t even have to comment to be doxxed by publicly viewable upvotes. They upvote a post in a community for their local state, then upvote a post about how to get an abortion. The state subpoenas the instance admin and gets their IP and email address.
You were saying in the example of the government requesting the data. That's not any different for reddit or Lemmy. If anything, it would be harder to get from Lemmy since it's decentralized. And reddit is known to comply with government warrants.
No one is forcing anyone to upvote or downvote. There's not even karma or anything here. If people don't want others to know how they feel, then they shouldn't say anything, no matter what form the speech takes.
This is an issue of privacy, though. There is a reason why people dislike google or their neighbour having access to their information, however mundane.
Err, up/down voting is just a quick way to agree or disagree. If one is voting because they feel they can't stand behind their opinion if they expanded it in text... I don't know what to tell ya.
One of the reasons I really disliked Reddit and stopped using it years ago was this way of using the voting system. If I make a post, and it gets voted something like +4-10, and a reply that is some rewording of "that's a dumb statement", what am I to think? I'm certainly not going to change my mind, no one gave me a good reason to.
If one is voting because they feel they can’t stand behind their opinion if they expanded it in text… I don’t know what to tell ya.
I'm inclined to believe a lot of people do this. This is not to say they are terrible for doing this, it's that it's human nature. Replying to someone with a well thought out post takes effort and, from my experience, makes the me realize i don't know shit about the subject. Point is, this way of using the voting system breeds half-thought opinions which is a host of a lot of other problems.
Umm, anything you access on the Internet has to know your IP address, that's how the Internet works. Whether or not they choose to keep the logs is a different matter.
Ok, sure. But the difference is that I can’t make my own Reddit instance and then see all Reddit users IP addresses.
What is the vetting process of getting an instance federated?
Like if I was an authoritarian henchman, could I make an instance with a community about cats, get federated, then see all the IPs of users calling my boss a pooh bear, on all other instances?
Ok, sure. But the difference is that I can’t make my own Reddit instance and then see all Reddit users IP addresses.
There's no difference, you don't get IPs of other instances' users just an id
Like if I was an authoritarian henchman, could I make an instance with a community about cats, get federated, then see all the IPs of users calling my boss a pooh bear, on all other instances
This sounds a lot like “not my problem.” I am familiar with this type of response, but usually this level of irresponsible indifference comes from those evil VC backed companies. Except they don’t usually say it out loud.
If this is the attitude of the devs, I am deleting all my glowing recommendations of lemmy on other sites.
I suppose if you ignore the part where I said the problem doesn't actually exist (IPs are not included in federated content) then It can look like a not my problem response.
I wonder if you will also delete the FUD and misinformation you posted on this thread.
Even if lemmy itself doesn't support it, there are plenty of ways to log visitors ips and correlate that data with lemmy to figure out who the user is.
EX: Using a revese proxy like cloudflare or nginx, which are both very common.
Even if lemmy itself doesn't support it, there are plenty of ways to log visitors ips and correlate that data with lemmy to figure out who the user is.
EX: Using a revese proxy like cloudflare or nginx, which are both very common.
Your public IP stays the same for long periods of time, is geographically tied, and also associates you to certain ISPs based on your address space. How long does it stay the same? Months - Years potentially depending on the lease set on the IP.
every website logs ip. The question is whether the admin maintains those logs. However a web server needs your IP so they can route traffic back to you. That IP gets logged so that if something is not working the admin can review the logs and figure out what is going on. Many websites that are privacy focused either turn the logging off or dump the logs fairly quickly. Doing something like that means the admin needs to take steps to create other avenues for troubleshooting that don't factor user data into the scenario. With smaller projects like instances hosted on lemmy that might not always be feasible for volunteer admins. This doesn't necessarily mean they are doing anything wrong. Lots of websites maintain logs that include IP addresses.