Skip Navigation

YSK: Your Lemmy activities (e.g. downvotes) are far from private

Edit: obligatory explanation (thanks mods for squaring me away)...

What you see via the UI isn't "all that exists". Unlike Reddit, where everything is a black box, there are a lot more eyeballs who can see "under the hood". Any instance admin, proper or rogue, gets a ton of information that users won't normally see. The attached example demonstrates that while users will only see upvote/downvote tallies, admins can see who actually performed those actions.

Edit: To clarify, not just YOUR instance admin gets this info. This is ANY instance admin across the Fediverse.

1.1K

You're viewing a single thread.

1.1K comments
  • Fully expected to be buried since I'm late to the party.

    That's really only half of it, there is no real erasure possible when everyone's holding a cached copy. Personally... I kind of like it, I don't hold any value to the words I contribute here as long as they're for everyone.

    But everything and everyone is living in concentric glass houses here.

    • To be fair, I don't feel comfortable with that. I believe people are so excited about ditching reddit, that they're in denial about any possible flaw or inconvenience about lemmy.

      I hope future updates bring more privacy to the users.

      • This is super interesting to me.

        I think you're right in that the user base has the same expectations despite a huge change in the model. But it's going to be the same on any server, your circle of trust now has to include your instance owner everywhere on the fediverse.

        In general there's no expectation you can delete every email you ever sent either, just your local copies. Most of what you see here is similar with some new attached protocols (votes, markdown etc)

        I'm sure we'll see some evolution, but the entire infrastructure is a call back to when a single service wasn't directly linked to a single business, and it shouldn't be treated like one.

        In other words I'm not sure the concession isn't the price you pay to not have reddit/twitter in charge. Because any other architecture that had the convenience of having a single point to delete from is also going to be a single point of failure.

        • I can see where you came from. We can't expect to be free from powerful corporations without some sort of tradeoff. However, in this particular case, I prefer my upvotes to be private, so I don't feel like I have any incentive to hit that button again. I will only read and comment from now on, because my comments and posts are what I expect to be public.

          Well, the good thing is that we have the option to refrain from voting. But this information isn't easily available to new users.

          • Understandable, and yet if nobody contributes upvotes out of the same concern you end up with nothing standing out in your feed to come comment on. Kind of circular.

            On the other hand having an upvote actually attached to your (and I actually mean your handle here) name would likely give it credibility in a weird sense. There's much less incentive to blindly upvote if it essentially shows what you saw like a slug trail, but if you're selectively giving oxygen to the best of what you see then that trail is valuable to others who value you. It's a functional change from competing to push things for their own sake.

            Im old! I come from an era where there was no such thing as OPSEC as soon as you interact with another party you cant personally name. For every consumer that was the phone company, or literally right out the door. If you transmit (login credentials, personal info, search queries) the expectation is somewhere, someone or something is logging it. Not even maliciously all the time either, sometimes I got to some of this out of boredom. The corporate Internet just kind of acts like a middle man, because that same problem never went away, just siloed into companies.

            Until we get to a future like Transmetropolitan where the expectation is your online presence has some dirty laundry (and hopefully leave out the other stuff), all the bits/bytes, not just upvotes, you transmit should have a limited expectation of privacy. This is just the best/latest reminder because every hack is the same problem, only the company has incentive to keep it quiet so it doesn't hit their bottom line.

    • But everything and everyone is living in concentric glass houses here. You might even call that a Glass Onion 😄

1079 comments