YSK: Your Lemmy activities (e.g. downvotes) are far from private
Edit: obligatory explanation (thanks mods for squaring me away)...
What you see via the UI isn't "all that exists". Unlike Reddit, where everything is a black box, there are a lot more eyeballs who can see "under the hood". Any instance admin, proper or rogue, gets a ton of information that users won't normally see. The attached example demonstrates that while users will only see upvote/downvote tallies, admins can see who actually performed those actions.
Edit: To clarify, not just YOUR instance admin gets this info. This is ANY instance admin across the Fediverse.
Out of curiosity, is there a particular set of circumstances where knowing how you voted on certain posts a bad thing? I would imagine that if you didn't want people to know you're voting/looking at specific posts, then you either don't vote/look at the posts, or you set yourself up an alt account on a different server. But let's be honest, if you'd be embarrassed by something you're looking at, maybe you shouldn't be looking at it. Just my 2¢.
Some people take unkindly to downvotes. On Reddit they’d just add and “Edit: fuck you guys and your downvotes… pussies!” And be gone.
On Lemmy they can target you personally. Maybe search your post history in an attempt to dox you. Redditors would expect this possibility if they commented and might refrain from doing so to avoid the potential harassment. Most people would never suspect that it could happen as the result of a simple upvote.
Yeah this is definitely a risk if this platform keeps growing. I can definitely see this being a reason to switch off downvotes (some instances have already)
If I understand it right, due to the federated nature where each server has to sync with other servers, any admin from any instance (that is not defederated) can read this data. Which may be a pretty big problem from Lemmy. One of the main selling points is that you're on instances where you are not the product, but it looks like that all an advertising company that collects and sells user data for profit needs is to just quietly set up an innocent looking Lemmy instance for quarter of a cost, and just get call the data served to them from all other servers. For free.
That's actually way worse that just giving your data to one company that sells it later, because you at least know who has it.
I don't know what's the extent of data that are shared between instances, but I think you can create a pretty good picture of someone from their upvotes
Ok, so they create profiles based on what I upvote and downvote with my Lemmy account, and then .. what? How would they use that information, they can't advertise to me here, and they can't match this account back to anything else, so what's the end game?
With that said I do hope the Lemmy Devs keep working on furthering the platform and all the privacy aspects of it (e.g. full delete, don't leave the username).
You being a real person has value for a company beyond the specific identity you have.
Properly aggregated upvotes and downvotes are a paradise for testing and building models that then reach you not as a single entity but on the bulk. Think election campaigns that, say, take advantage of a newfound correlation between people that like cokes and the NBA and being sensitive to the rhetoric of a self-defense war.
I'm not worried about upvotes or downvotes being seen by anyone, but I am very worried about other personal info being seen by any admins. I have a very real, very scary stalker, and if all they had to do was create an instance to see my private information...
To be clear, I know that's not what's currently happening, but it feels like a bit of a slippery slope when pretty much anyone can become an admin and things aren't super secure yet.
I'm kind of regretting giving my email to sign up, now. I just don't know enough about this stuff to know whether or not that's a valid concern.
It's almost certainly fine. Emails are not shared to other instances.
However, when you go around the internet giving your email address to random sites, eventually you're gonna hit the wrong site and at the very least end up with a bunch of spam or having your email sold to advertisers. It's a good idea to use an email privacy service - basically when you sign up for things like newsletters or random sites you generate a new random email, then if anyone emails that email it gets forwarded to your actual email address. Some of the services even let you reply to the email and they make it look like you relied from the alias.
We're on different instances and links can be funny at the moment so I'll copy a recent post I did:
You don't need to provide an email address to sign up at most of the big instances. I think lemmy.world is the exception. Even your instance lemmy.ca does not require an email address.
If you really want to provide one, you could use a service that does email forwarding. Some examples are https://simplelogin.io (owned by Proton Mail), and Firefox Relay (Owned by Mozilla, makers of the Firefox browser). These both have free tiers. There is also https://duckduckgo.com/email/ from the people who make the privacy focused search engine DuckDuckGo. That one I believe gives you unlimited new randomised email addresses for free. Very low attachment size limit but great for something like Lemmy.
You install an extension in your browser then you can generate emails whenever you need.
Personally I pay for Firefox Relay, which has a small free tier (I think 5 emails) but the paid version is $10 for a year which I think is worth it.
Thank you, that's very reassuring! I was able to go in after the fact and delete my email from my account, though I'm not sure how much good that will do. I'm definitely going to look into those, the Firefox relay in particular sounds pretty user friendly. I don't know when I lost my tech savvy, but it's getting harder and harder to keep up with things these days.
Speaking of which, does Lemmy remind anyone else of irc? The organized chaos has been giving me deja vu and I think I just realized why...
I'm pretty sure editing the email removes the record. In general, editing updates the database with the new value while deleting things marks a record in the database as deleted (e.g. so a mod can un-delete something that was accidentally deleted by a mod). Editing the email adress to remove it should just clear that field in the database. Of course your instance will have backups, but they won't keep them forever.
I don’t know when I lost my tech savvy, but it’s getting harder and harder to keep up with things these days.
Things are moving faster and faster these days! I'm not sure that anyone keeps up with everything new.
Speaking of which, does Lemmy remind anyone else of irc? The organized chaos has been giving me deja vu and I think I just realized why…
You're not the first person to make that connection!
Are you sure that every server can see any other server upvotes?
As I know, upvotes are only from your home instance, which means only your instance admin can see that
The votes might be the one from his instance (I've no time to check right now), as I've understanded, upvotes and down votes are instance specific, so, this means for the same post:
Instance a show 10 upvotes
Instance b show 5
(The post is in instance a)
Which means a admin know who are the 10 people but can't know who are the 5 from instance b, and instance b admin know who are his 5 people and not the 10 from instance a.
(I might be wrong, if it's the case please correct me)
I'm sure that someone will dox themselves, then somewhere else mention where they work. Post on some gonewild pages (is that a thing here) and then make a poorly worded opinion on a sensitive subject and lose their job. Of course Internet hygiene is important and you shouldn't dox yourself but after several years you'll slip up and these things will bite you .
Doesn't have to be major slip ups. Just little tidbits over time on a comment here, a post there, and the aggregation of that data can really narrow the results down.
Cue tactical voting, virtue signalling and influencing. By having them anonymous you don't have to worry about those things. There's a reason voting on a political party or candidate is anonymous, and voting on opinions and posts should be so too.