Upvotes seem to just federate as likes and dislikes.
Petty mods or users would abuse this
Mods can already see voting data, at least through the API on the latest version of Lemmy.
The whole concept of the Fediverse as social media is that all the data is public. Stop acting like these servers are giving out private data. This data has never been private, and it never will be. Data like this being shared with any other server is how ActivityPub and the Fediverse work.
I know, but some people assume votes are private.
It’s not good practice. Really one shouldn’t be assuming anything is private or some entitlement to privacy on a service where all content you post is made publicly available to any and all linked instances. They miss the point of a federated public forum. If one wants privacy, data must be kept locally only. That’s why Lemmy has local-only communities, the “private” community aspect that many people want just won’t be federated, because you can’t make something like this private otherwise.
I know, but most people don’t.
I know, it’s a really big problem here and on the Fediverse in general because people get so outraged and entitled over something that just is the way things are, this wouldn’t work any other way.
I don’t think everybody knows that and at least here on Lemmy, it doesn’t show it by default like friendica. The fediverse doesn’t necessarily mean that all data has to be public. It’s just that it’s way harder to have a sense of truth without public data.
I think lemmy instance admins can see this too. Doesn’t even have to be a friendica instance
Any instance admin can see the vote history.
I’m not sure about the downvotes part (i failed to recreate this lmao) but you can already view upvotes with mbin. Piefed solves this problem with a option to make your votes private but only with untrusted instances (but from my tests it didn’t work? weird)
Yes, after all other servers need this information in order to prevent double voting, you can’t just have servers sending each other information “somebody upvoted this” and also tell when servers are allowing users to vote more than once.
So upvotes and downvotes aren’t actually private, never have been, some servers may display them publicly even if most don’t.
The server hosting the post needs it.
It only needs to tell other servers the vote count, and the votes of people on that other server.
That may not be how it actually works, but that’s all that’s neededYes, but then you can have malicious servers sending fake numbers without other server operators being able to check whether this is at all plausible.
(It’s still possible for malicious servers to send fake votes, but server operators can see which users they are stated to originate from, then block that server if that looks like it’s doing that. At least that is my understanding.)
What do you mean “send fake votes”?
Or rather, who do you think should be responsible for identifying and blocking fraudulent votes?And how do you reconcile votes that come from servers that you’ve defederated with? Should everyone have the same view of the post, or should people only see votes from servers that their server is federated with? What about votes from users you’ve personally blocked? Etc
I personally kinda think that the responsibility is on the server hosting the post, and that everyone should see the same (but anonymous) vote count, of which the hosting server is the single source of truth.
A malicious hosting server could use fake points to blast any message to the top of everyone’s feeds until manually banned or defederated
Yes, that’s happened before. They were sending a very large number of votes, so it was immediately obvious. Even a couple dozen from an unknown instance will be noticed, when an admin sees it and says “huh I haven’t heard of that instance” and when they look there’s nothing there.
I’m not sure how giving every server access to the votes solves that.
The malicious server can make fake users to pump up votes. your server admin has to notice, then check the vote logs, then see what’s happening and defederate them. That’s pretty much what you described in your scenario, anyways.It’s way easier to notice and defed when you can see these fake usernames
But it also has to be defended separately by the admin of every server that has a user subbed to that community. Seems like a large burden to put on small-mid instance admins.
I’d be surprised if my server admin was really paying attention that closely to votes on communities I’m subbed to, right?
I have to admit I don’t know the view that admins get of how their server intersects the fediverse.
It’s only fake numbers for posts on the instance.
Not the first malicious instance, wont be the last.
Over thinking.
Only the instance with the post needs the username to register the vote, the count can then be updated by the instance. Simple and lightweight
They should be.
Hashing exists for this use case
Hashing alone if it’s just usernames isn’t enough. Need something like keyed hashes, but then malicious servers can lie about numbers of votes.
Otherwise you need something ridiculously overengineered like public but encrypted logs of user actions and Zero-knowledge proofs of correctness mapping everything to a distinct existing user without revealing who it is.
As I mentioned in another post: for consistency is better to have each server count total votes from their own users, send a signed & timestamped message with the count to the host of the post being voted on. Then the host can display a consistent vote count to everybody that shows where votes are coming from without manipulation of external votes.
Each individual server can lie about its count, but not by too much or else it will be detected and the server can get defederated (or have its votes ignored).
but then malicious servers can lie about numbers of votes.
They already can do that by pretending to have users they don’t have. It’s definitely a quick way to get defederated.
And it wouldn’t be caught quickly or maybe even ever if they opted to use hashes instead of just showing who voted and when.
I get this is obviously intended behaviour on part of actpub but I’d love for there to be a pseudo-anonymous voting system too. Maybe an option to hash user credentials when added to likes to ensure that they’re unique whilst obfuscating the original user.
There is already a foolproof method that is immune to any abuse of trust by admins; create an alt account.
True, but there are other benefits too. Bots can’t crawl through your likes for example. Maybe you want a feature on lemmy or mastodon or whatever with anonymous polling? (ik masto has polls but for sake of argument) Maybe you’re implementing anonymous polling into an app for a trade union that needs total anonymity even from admins? It’s not totally unusual!
IMO it makes sense to do this at a platform level just because there’s a unified implementation of obfuscation across all the fediverse for any platforms that want to use, rather than a bunch of unique solutions that would be duplicated effort.
Hash them with the post ID appended, so a user can’t be identified across posts
I was thinking that it would make sense to federate upvotes, but with the hash of your username instead of your actual handle. Would this work?
One of the advantages of votes being public is that it keeps instance owners honest and, perhaps more importantly, means they know other instance owners are honest.
If they weren’t public it would be easy to modify your lemmy instance to send 10 votes with fake hashes for every real vote. There would be constant accusations of brigading and faking votes.
Just make a rainbow table and get the usernames back.
I wish I could see what scummy lemm.ee mods removed my comments and got me banned
you can, names are shown in other frontends like phtn.app.
Thanks but doesn’t work if you’re site-banned.
You can usually use another instance that shows names if you have an account there, it’ll show at least the federated stuff.
How to fo that?
Asumming you meant “do”, go to friendica (friendica.world) and paste the fedilink (press the rainbow button) into the searchbar.
this is an icky issue because lemmy sends votes with empty addressing, so remote instances should count them but not show them to anyone. however mastodon (and *key) sends likes with empty addressing too, but considers them public. lemmy is (surprisingly) right here and should request that the rest of fedi respects the protocol and hides stuff based on its addressing. maybe open issues on mastodon and friendica
also this issue probably exists when seeing lemmy posts on any microblogging instance
I wish friendica had a mobile app. I spend more time on my phone
Its webui is responsive (i think), its compatible with the mastodon api.
Raccoon for Friendica is great if you’re on Android.
There are some instances that disable downvotes altogether!
Oof, hell no. That’s some Facebook level cancer right there when they removed downvotes.
It’s just a form of white washing that makes the same people who made up being offended by “black lists” and “master branch”.
Edit: Y’all do realize the irony of exercising your ability to downvote a comment that is defending your ability to downvote?
Some people seem to really hate down votes. I don’t give a shit either way.
I don’t know this name, I read its part of the Fediverse… Does this affect us?
That’s pretty cool. Sometimes in an argument there’s that (1/-1) thing going on, would be funny to see how both are downvoting each other.
