[Discussion] Why voting should not be used here at all
Everyone I have something very important to say about The Agora.
The Problem
Let me be super clear here to something people don't seem to understand about lemmy and the fediverse. Votes mean absolutely nothing. No less than nothing.
In the fediverse, anyone can open a instance, create as many users as they want and one person can easily vote 10,000 times. I'm serious. This is not hard to do.
Voting at best is a guide to what is entertaining.
As soon as you allow a incentive the vast majority of votes will be fake. They might already be mostly fake.
If you try to make any decision using votes as a guide someone WILL manipulate votes to control YOU.
one solution (think of others too!)
A counsel of trusted users.
The admin, top mods may set up a group to decide on who to ban and what instances to defederate from. You will not get it right 100% of the time but you also won't be controlled by one guy in his basement, running 4 instances and 1,000 alts.
I'm not on an alt. I'm getting upvotes because I'm right and you're wrong. What the fuck are you even talking about? Are you trying to troll? Is this your sad attempt at trolling?
You clearly have no idea what you're talking about. Just stop trying. Your username alone proves that you're a bullshit liar and here in bad faith.
We have a "counsel of trusted users", it's the mod team who are committed to making our little democracy thrive. We don't want to be in control, we want to facilitate the community in choosing its own direction.
The simplicity of our process works in our favor. If somebody spun up 1000 alts to mess with a vote, we would notice. All of the discussions and votes happen publicly, so anyone can audit the profiles involved if things seem weird. I'll play whack-a-mole with bots every day if I need to, and that can also be audited on the publicly-visible modlog.
No system is perfect. This is the system we decided to try, despite the challenges that could arise from it.
While I like the idea of the agora, and have seen genuine debate on the issues presented there. I can't help but also agree with this. It's hard for multi-billion dollar companies to keep bots from ruining their services, and comparatively lemmy has little defense. I don't know if I like the idea of blocking it off for only a few moderators to make the decisions either, but at the same time I can't think of a better alternative.
I'm not really sure what the best solution is but open voting is obviously not going to work with open federation and users not being validated as real humans. If someone wants me to write a bot and prove what i'm saying I can totally do it. In fact I probably will if votes are used in the future just to prove how easily it is to manipulate things.
This is kind of just ad hominem, "that guy believes 'X' so he can't be right about this!" Doesn't really work. If you read the post they're not saying voting is bad, so much as that voting this way can easily be flooded (and influenced heavily) by bots which is bad for everyone. The solution in the short term could just be not to hold votes, but longer term would likely be better served with just better voting platforms.
This is a valid concern. Our procedure for voting requires that a user comment Aye/Nay. Therefore, anyone is free to view the user profile to assess whether they might be a bot.
We will continue to assess whether we can better protect the decision making process from bots, but due to the small size of this forum, it would seem fairly tricky to influence the vote just yet.
Rest assured that we won't be fooled by one guy in his basement running 1,000 alts.
In the fediverse, anyone can open a instance, create as many users as they want and one person can easily vote 10,000 times. I’m serious. This is not hard to do.
No. We will not be accepting 10,000 votes from Lulzsec.troll in our Agora threads. This is an easy problem to solve.
Then you will need to check every single votes profile. Ensure they have a valid history, with active comments and post. And then you will still likely be dealing with power users who maintain a dozen or more alts.
Bots can mimic this type of thing very easily BTW. You can write scripts to just repost top reddit post, hacker news post.
There are so many ways to game the system I just don't understand what you actually expect to accomplish with votes.
I will check every profile. If people have dozens of alts with active, legitimate comment histories within a month of the platform forming, then I commend them for their activity.
We are following a democratic process here. We aren't delegating the decision making to an oligarchy, even if it would simplify things.
There is no example of the system being manipulated thus far. Wait until you have evidence of that occurring before fearmongering like this.
Bad actors gonna act. How do we determine a council of trusted users? The idea of the agora is to avoid power in the hands of the few because those few might be or become the problem.
I'm not saying your argument is wrong but if someone wants to manipulate a community bad enough, they will find a way.
When the community it big enough to worry about voter manipulation then there will be resources to counter it.
Feels kinda big now. Anyway I don't think you are gonna get better than a few trusted users. Federation already protects against power being in the hands of a few or one.
I just have seen so much manipulation in voting and trolling I don't see why anyone would think votes from anonymous users mean anything at all.
I think OP raises a valid concern. In the near term, I don't know what will be voted on that will be worth the effort of spinning up a bot army. But it could happen eventually. Large floods of votes might be easier to detect. Smaller bot armies could be harder, but still impactful to the outcome.
Perhaps we could fire up some kind of identity service. A user goes there, puts in their username, solves a CAPTCHA, and gets back a url to a page that contains their username. The pages can be specific to a particular vote so urls aren't reusable. Every time a user votes, they need to solve a new CAPTCHA. User will include their identity url when voting.
Admins can confirm that user names and identity urls match.
Could be more efficient ways to do it, this was my first thought.
A public/private key pair is more effective. Thats how "https" sites work. SSL/TLS uses certificates to authenticate who is who. Every site with https has a SSL certificate which basically contains the public key of the site. The site can then use its private key to sign all data it sends to you, and you can verify that it actually came from them by trying to decrypt it with their public key. Certificates are granted by a certificate authority, which are basically the identity service you are talking about. Certificates are usually themselves signed by the certificate authority so that you can tell that someone didnt just man-in-the-middle-attack you and swap out the certificate, and the site can still directly serve you the certificate instead of you needing to go elsewhere to find the certificate
The problem with this is severalfold. You would need some kind of digital identity organization(s) to be handling sensitive user data. This organization would need to
Be trusted. Trust is the key to having these things work. Certificate authorities are often large companies with a vested interest in having people keep business with them, so they are highly unlikely to mess with people's data. If you can't trust the organization, you can't trust any certificate issued or signed by them.
Be secure. Leaking data or being compromised is completely unnaceptable for this type of service
Know your identity. The ONLY way to be 100% sure that it isnt someone just making a new account and a new key or certificate (e.g. bots) would be to verify someone's details through some kind of identification. This is pretty bad for several reasons. Firstly it puts more data at risk in the event of a security breach. Secondly there is the risk of doxxing or connecting your real identity to your online identity should your data be leaked. Thirdly it could allow impersonation using leaked keys (though im sure theres a way to cryptographically timestamp things and then just mark the key as invalid). Fourth, you could allow one person to make multiple certificates for various accounts to keep them separately identifiable, but this would also potentially enable making many alts.
There may be less agressive ways of verifying individual humanness of a user, or just preventing bots as in that 3rd point may be better. For example, a simple sign up with questions to weed out bots, which generates an identity (certificate / key) which you can then add to your account. That would then move the bot target from various lemmy instances, solely to the certificate authorities. Certificate authorities would probably need to be a smaller number of trusted sources, as making them "spin up your own" means that anyone could do just that, with less pure intentions or modified code that lets them impersonate other users as bots. That sucks because it goes against the fundamental idea that anyone should be able to do it themselves and the open source ideology. Additionally, you would need to invest in tools to prevent DDOS attacks and chatgpt bots.
There most certainly exists user authentication authorities, however it wouldn't surprise me a bit if there were no suitable drop in solutions for this. This in and of itself is a fairly difficult project because of the scale needed to start as well as the effort put into verifying users are human. It's also a service that would have to be completly free to be accepted, yet cannot just shut down at risk of preventing further users from signing up. I considered perhaps charging instances a small fee (e.g. $1/mo) if they have over a certain threshold of users to allow issuing further certificates to their instance, but its the kind of thing I think would need to be decoupled from Lemmy to have a chance of surviving through more widespread use.
Interesting idea, but I don't think it would be practical to verify identities for a global community. If you've ever worked in a bar or other business that checks ID (and are from the US) you know how hard it is just to verify the identity of US citizens. If you're considering a global community, US and EU users would be the easiest to verify, and citizens of smaller countries would be much harder. How do you handle countries that have extremely corrupt governments, where it's easy to bribe an official for "real" documents for fictitious people?
I still hold that "who should get to vote" should depend on what the vote is for; I could see some policies being restricted to donating members when the policy in question involves how actual money should be spent, where votes to add/subtract moderators or amend the instance's policies would be open to all members of the instance.
Given the recently announced policy of votes first being announced a week ahead of time to allow for discussion, I think an effective way to prevent an influx of brigade accounts would be to limit votes to members whose cake days are before the topic was announced. Should cut down on the "signed up a few hundred times to vote" issue.
I'm also going to ask: What votes are we going to hold here in the shitjustworks agora that will attract that much attention? Electing mods of !main and !agora?
Hey TGB! Just so you know, this isn't a voting thread. We currently divide posts here between [Discussion] and [Vote], and this one is just about discussing OP's take/proposal (which I guess is suspending the Agora system entirely).
I see you've been here for a little over a week now - I'm curious what your thoughts are about what OP's saying based on what you've seen so far?
You're not wrong that the integrity of online voting is hard to protect - like, REALLY hard. However:
a) Our last vote on whether voting rights should be extended to members of other instances landed on it being sh.it.heads only. If it comes to a revote (or if the current vote thread is actually still live, it's not super clear to me how the pre-mod voting threads are being dealt with), that might change, but if it holds this at least cuts out the bot instance vector.
b) While you might be right about bots being in this instance (I have no hard facts to support replacing that 'might be' with 'are'), the community has bandied about different means of evaluating what other factors should matter for counting a user's vote. There is a LOT of disagreement on this at the moment, but whatever is finally landed on should be designed with bots and bad actors in mind (stuff like age of account, participation metrics [could extend to patterns that suggest human activity* v. bot activity, where/if possible], linked e-mail or donation, manual user evaluation, etc. etc.). I don't know if whatever's landed on will be successful, or if anything tried will be useless in practice, but I say shit, why not try? Hell, it's a long shot, but in the experiment we could land on something that works and could be ported to other instances - who knows?
While SysOp (and Council) as Benevolent Dictator - where there is no vote, but there is a suggestion box, and it is looked at and discussed by a small number of people who aren't ass-clowns - is the tried-and-tested method for online community governance, I say why not at least entertain the experiment? The absolute worst case scenario that happens is that it goes to shit, TheDude says fuck it and closes shop, and users migrate** to other instances. Sucks, but it's not life-threatening.
*I don't know about y'all, but for instance I edited this thing like 7 times over 30 minutes. I do this on pretty much all of my posts longer than 4 sentences. Is this routine practice of a bot or human? Is this information stored somewhere to evaluate my meatiness?
**There's a lot of hand-wringing about instance migration, as right now it pretty much means "Make a new account elsewhere and start from scratch". Doesn't matter all that much to me, but I'm also not the sentimental type - shit, my history here is some of the longest I've kept without pruning in a while. But as portability of accounts increases (which is a challenging, but insistent feature being asked for across many instances), this may turn into a complete nothingburger in general.
Then we lose basically all voting power and it's just people who don't represent the community voting on behalf of us. There should be some limit on the voting like old users with posts and comments that consistently post and engage with the community. I don't think there are that many botted accounts on this instance yet.
I think rather than voting we have discussions. It's a bit more complicated than writing an up voting script and will hopefully get points across that a mere yes/no would never.
This is assuming complete inactivity on the side of the admin & mods. When issues arise, we can address them.
To paraphrase many people in these comments: the baby may be yeeted into the stratosphere, but the bathwater has the potential to maybe have some fungus grow in it! Shoot the lot into space.
I'm not entirely opposed. But gaining membership in this trusted subset of users should be a fairly open process somehow. Like, have a community where people can post an intro about themselves, have conversations about themselves with others, and, if most superusers who bother to vote deem them human enough, they are inducted into the club.
I have no idea of how the trusted users would be chosen. For starters though, I recommend they be proven real humans. They can always primarily use another alt to keep their privacy.
The only way a council of trusted users could work (and still maintain democratic legitimacy)is if it's chosen by something like sortition for each issue individually. This would be from a larger pool of active and at least verified non-bot users.
Even with that, the tools to set this up don't exist, and it would require far more community participation than is likely to actually happen. Without going through a process like sortition you end up with a council of clerics effectively ruling by decree.
The exact solution is difficult. That's why no one has done it, but the proposed method is clearly flawed with many ways to game it by a few bad actors.
Sure, but your solution is to abandon democracy entirely and rely on someone to rule over you. I'd rather the effort be put into making democracy work.
To elaborate: I actually think the yea/nay is too limiting, or at the very least we jump to that simple vote instead of reaching consensus. I had gotten the impression from TheDude that he wanted to run this instance along the lines of direct democracy, which means we should be trying to figure out ways to increase democratic input beyond first-past-the-post and simple majorities.