Closed dessalines closed 2 months ago
some reasons for making votes public:
the main argument against making votes public for me would be that it makes it a lot easier for people to harass others for their voting behavior without spending some time figuring out a way to access votes elsewhere. this is a low barrier but any barrier is more effective than no barrier and might prevent some harassment.
for the negatives you mentioned:
The positives you listed seem more useful for instance admins and community mods. However, as you and @Nothing4You pointed out, the votes aren't really private and are shown on other platforms, leading to a false sense of privacy.
the main argument against making votes public for me would be that it makes it a lot easier for people to harass others for their voting behavior without spending some time figuring out a way to access votes elsewhere. this is a low barrier but any barrier is more effective than no barrier and might prevent some harassment.
It may seem like a low barrier to us (devs and server admins), but most users aren't able or willing to spin up a server just to expose votes. But ya I agree it does give a false sense of privacy, since at least some eyes are able to see their votes.
I support votes public mainly for the reason that has been mentioned which is that they are visible to all federating admins.
The other reason is that the opacity introduced by making them private is good for sites like Reddit since they are for-profit and it allows them to fiddle with the voting system in ways that benefits them with no scrutiny from users. Like doing stuff like inflating vote count through bot activity. Not accusing them but it is within the realm of possibility.
For a non-profit site I think having votes public imparts a sense of goodwill, trust and transparency. In my personal experience I have never voted on a post where I wouldn't mind people knowing what my vote was. I am not sure how this works out in practice though. It is just a feeling. Since there is an option for admins to disable downvotes I think having votes public should be viable.
The lowest barrier is just going to another federated service like Kbin/Mbin. I've already seen people point this out in comments in Lemmy communities multiple times that they've been looking at who voted on content by going to the community on those other services. It doesn't require any technical skills or server operation.
In a democracy, voting is private for good reasons which transfer pretty well to this situation:
Even though votes already aren't private, because the original votes can be exposed by running your own instance. I think the effort that is currently required to do so is non-trivial for the average user, and significantly reduces the chances of most of the issues mentioned by @rimu being a practical problem.
I think showing the total amount of votes (in either direction) by instance would be a good compromise. It could help fight bot and multiple-account voting and identify voting-patterns from specific servers, but still wouldn't make the ability to harass users who voted easily accessible (unless they host their own instance).
I would also be in favor of adding a warning that makes it clear that, with some effort, individual votes can be traced back to specific users to prevent giving a false sense of privacy.
it's just a count. not linked to any names. good for mods to see for a quick check of community opinion on a post.
@m3t0034 this discussion isn't about showing or hiding vote counts. it's about making individual votes, including the associated names, visible on Lemmy.
Vote lists should be separate from profile pages unless the user opts in, otherwise the meaning of the votes can be misinterpreted. It's kinda hard for me to explain. It could make a vote be falsely seen as a statement of support for the posts, or as a much louder one, or as having a strong intention of making people know something about the user, etc.
For the record, there is a third possibility: Allow access to anonymized nominal votes, i.e. hash all user ids with a secret key when giving vote data. It allows analysis of voting patterns but keeps vote privacy.
@maparent that's not completely private because you could compare the posts, comments, and community between a hash and each user. For example, the posts (and comments if applicable) associated with a user's post/comment votes and the posts and/or parent comments associated with comments written by that user will have a lot of overlap.
@dullbananas Not wrong, but not sure it's such a huge problem in practice. First, I want to make sure we're clear that the userId hashing would only concern voting data, not the post/comment attribution. Second, you're right that even then it is possible to infer plausible associations, but generally not with 100% accuracy. In general, many more people vote than comment, and that should make matching more difficult. This should allow enough plausible deniability. If we want to make inference more difficult, we could also use a different hashing key for different communities, or even per data request. I know deanonymization is a deep field of research, and I do not pretend that what I propose would protect 100% against it; but I think we can provide a "good enough" protection for the most common cases. That said, I think that this should ultimately be a configuration parameter. Servers which have need for extra security should make the choice to hide voting data. I just don't think this needs to be the default.
My 2c as (mostly) just an end user:
I like how vote privacy is currently handled, and am not huge on the idea of them being exposed to all Lemmy users. Although I can see both arguments, I think publishing them would stop anyone who's aware of it from voting honestly. This may create a voting echo chamber where a lot of people either refrain from voting, or only vote with the common consensus.
The only relevant change I'd like to see made is more transparency around votes not being entirely private. I think most people (particularly on Lemmy) realise somebody can see their votes, but the default assumption is likely that it would require digging through databases. I myself didn't realise until I started dipping my toes into running an instance (after a year of just being an end user), that the votes are shown right there in the UI to administrators, including admins from other instances. I won't go so far as to say that foreign admins shouldn't be able to see local users votes, purely because I haven't seen things from an admins PoV yet. But that was my initial reaction.
E: to clarify my stance (since I really didn't do that): I think admins should be able to see votes, end users and mods should not.
mods should not
mods can already see votes in communities they moderate since 0.19.4, so this would be reducing what is visible today:
I'd like to clarify that mods should only be able to see votes for the communities they mod only.
Admins can see all votes.
The votes are already public, they're just hidden from the users. If votes were supposed to be private, then a solution like https://github.com/LemmyNet/lemmy/issues/4967#issuecomment-2286864970 should be implemented. I suggest the votes are exposed so users know that others can see their activity instead of falling into a false sense of privacy.
Public votes (and public community follow-age) should also make easier for users to identify vote brigading if the votes are coming from people outside of a community.
Vote harassment may happen as any other type of harassment, like harassment for a comment you've made, so I don't think it's a big issue.
@laurolima I don't think privacy is a binary thing that one either has or does not - there are degrees of privacy. Currently what we have is mostly private, requiring either technical skill or admin access to circumvent. This is a pretty high bar which 99% of people would not be able to reach. You're proposing removing the bar entirely because it is not high enough.
I'm favour of making votes public as it will increase transparency. Everyone signed up to Lemmy using anonymous accounts, upvoting would be like commenting on a post.
I have no strong opinion on votes being public in the Lemmy UI or not; I lean a little more on the side of making them public, but I can see good arguments both ways.
I think it's extremely obvious that, whatever the behavior is in the UI, there should be a popup the first time a user votes that warns them that their votes are not private. Anyone who wants to spin up a passive instance of their own, or pop over to a server that runs software that shows them, can see them. I think most users have an expectation of privacy when they vote, and since that privacy doesn't exist in a robust sense, we should be letting people know that.
The 3 reasons you provided:
"Could help fight bot and multiple-account voting." "Could help identify voting-patterns from specific servers." "Could quickly expose zero-content downvote accounts (IE accounts that have no comments or posts, only downvotes.)"
Are all mod benefits that you are already aiming to provide. We know that admins can already see this information in a database, so have access to this. The key point with this is, if you want to help mods see these things, you only need to surface functionality to them under correct authorisation so it can help them see this information which is already in the database which part of the team has access to.
With that point, I think you can achieve the positives of this without realising the negatives (loss of privacy to the vast majority of users that are non-technical and don't see this info ; people being comfortable to be straight and honest).
What mastodon and twitter do is irrelevant, it's a platform where people are trying to build their brand and focus on how they are perceived. The focus is on the users rather than the content. It's a digital soapbox. Reddit's power, and now Lemmy's is the focus on the content. That is what link aggregation sites are about. To use a quote to emphasise that "Strong minds discuss ideas, average minds discuss events, weak minds discuss people.” If people wanted to use Mastodon, they would. We're here because Lemmy gives us a platform for quality discussion and engagement. To discuss ideas, and maybe events. People are free to behave in a way they can be honest.
I fear with this feature, you're a solving a problem that most users do not have, to benefit many that do not need this feature in this form. It's a sledgehammer approach to something that requires a scalpel. You've build a great platform that people love and use. Do not kill one of the things that makes it special. I understand the points that this can be visible from some channels, and with some solutions, but knowing that doesn't change users behaviour and how they interact with it like this would.
I would prefer that votes remain obfuscated for those unwilling or unable to do the work to find the data. I realize that Mbin already allows easy access to the data, but the large majority of active accounts are on Lemmy federated services do not have their default UI provide easy access to the data. I hope Mbin also starts obfuscating access to the data as well.
Absolutely not. Privacy is not a binary thing as this poll treats it as, and I don't want the door wide open to vote stalkers to just be able to go digging around in whatever I've looked at and voted on. Voting is so second-nature to me on a platform like this that I would legitimately leave Lemmy immediately if this change went through. Mbin exposes them, sure, but this would be a dramatic reduction in privacy by trivializing the process.
Copying my comment from lemmy on this topic, made in this post made by rimu on fediverse at lemmy dot world
I think the best way to think about this is in terms of "affordances" of the platform and the balance of their merits. "Affordances" just mean the actions and behaviours enabled by the platform's features (a jargon-y but useful word I've seen others use in these discussions).
Broader principles like privacy are important too, but I think can easily lead to less productive and relevant discussions, in part because many of the counters or complications will come down to the actual affordances.
From what I've read so far, I think everyone shares a pretty clear understanding of what public votes will lead to ... a more heated and polarising dynamic, with potential abuse vectors opening up, and less honesty and openness in voting. And I think most share a distaste for that scenario. Either way, I do, and I'd encourage others to think about how it's likely result of public votes and with the internet being the internet, is unlikely to be pleasant or fruitful.
While others have access to vote data, namely admins of instances, mods (for their communities) and members of platforms that make votes public like k/mbin, I don't think this is decisive.
It's about the behaviours that are being enabled and the balance of behaviours and how they interact to form community dynamics, with the fediverse itself being an important factor. An admin or mod having access to votes is part of making their job easier, which is a good thing. It's power and responsibility. And the moment they violate the bounds of their role by "doxing" someone's voting data, that'd obviously be a bad thing, but with countermeasures we can take. We can leave their instance or community and our instance can defederate from them ... their account can be blocked and possibly banned by admins. On balance, this seems stable and fair enough to me.
In the case of other platforms, like k/mbin, that's definitely more tricky. But again, defederation is always a possibility here if it becomes problematic enough (however dramatic that could end up). This is just the nature of the fediverse, that platforms will differ on things like this. Again, if people start abusing that information from other platforms and instances, blocking, banning are options, as is the nuclear option of defederation with any such instances (which is a core balancing feature of the fediverse).
As it presently stands, k/mbin are a minority of users on the threadiverse and so whatever their platform choices are don't really affect the rest of the threadiverse.
In the end, you can only make the best platform that you can. That k/mbin do something we don't want to do isn't a good reason for following suite. If anything, it's a good reason to stick with what we prefer and continue to make the argument with them on their choices.
I agree it's an issue that it seems votes are private when they aren't. Again, I come back to the balance of affordances, and I think they're better as they are than with public votes. However misleading the privacy situation is, it can be handled by being more transparent with users by providing warnings etc.
Ultimately, the privacy problem on the fediverse is not going away any time soon ... it's the nature of decentralisation, and this should maybe be made more clear to more people! But making a better platform is a real problem in front of us right now and I think it's better to focus on that than how the general issue of privacy or consistency with privacy is best served.
I think I saw someone mentioning in the GitHub dicussion that other platforms expose vote data. While true, many of those would be microblogging platforms (mastodon, twitter, bluesky etc), where, again, the balance of affordances becomes relevant. A "vote" there, normally called a "like" is a personal action between user accounts that are likely to follow each other with such being the core mechanic of the platform. On aggregators like lemmy/reddit, the core mechanic is making popular posts so that your content gets to the top of the feed (roughly anyway). While there's a lot of overlap, there's more angst here around what gets voted on and what doesn't and less inter-personal accountability and bonding. Posts and discussions are more public affairs and less conversations between people.
I wonder if making votes public would create the need or desire for enabling more post-specific options for users, such as making a post that can't be voted on or that doesn't provide public voting data?
In the end, my bet would be that at the scale that lemmy is at, it won't make too much of a difference if votes were made public. I think some would definitely encounter more unpleasantness and some would definitely find voting a more stressful affair, but we're cosy enough that we'll cope. Going forward though, public voting for an aggregator feels dangerous and hard to undo. Yes, it could be technically removed, but if a culture is established that is accustomed to it and become desensitised to the negatives, they'll probably want to hold on to it.
I don't see a point in associating votes with an individual's ID. The reason IRL votes are private is because people were pressured, shamed, and harassed into voting a certain way. Even if your ID is anonymous, there's always the chance that the vote will be made public and the person will be doxxed and ostracized for what they thought was their free expression.
Some of the reasons stated for making votes public (anti-bot, anti-brigading) could be technically accomplished without exposing an individual's opinion (proxy IDs, etc.) I would even go farther and hide the voting data from mods and admins. It is way too easy for a mod to block people who vote the opposite way than the mod's personal opinions. Mods should make decisions based on content, not on who up/down voted something.
Lastly, open display of votes will stifle participation of those, especially in marginalized groups, who are rightfully worried about being targeted. There is a long history of voter intimidation and vote buying that led to the practice of private voting. Upvoting a shitpost may not seem that important, but the principle is the same.
Against due to the issues with harassment and circlejerk that others have mentioned, but I want to (somewhat unrelatedly) mention an issue that may arise in the future regardless if instance admins can see who voted in which ways:
Being able to see votes if you have an instance could easily lead to someone setting up a website showing all of the votes seen from their instance, and then potentially connect that to a userscript or extension so that some(!) users can see the votes anyways (people will mod(ify) lemmy, and some of those people will be bad actors.) This has somewhat been seen with the Discord Undeleter plugin.
(This is unrelated, but could someone explain why admins are allowed to see how people not on their instance voted? Is this to prevent bad actors from inventing fake votes?)
My perspective is coming from a regular user perspective and as someone who has no experience moderating or administering a community.
I like the level if privacy where it is now. I think if votes were completely public bad actors would still behave poorly. Even if the public voting helps address the problems mentioned I would be concerned that a lower barrier to entry with identifying individuals and their votes on certain topics for bad actors. That could lead to harassment that follows users around the internet.
The current setup establishes an asymmetry between moderators/admins and regular users. I can understand why this would be necessary for something like reports (reports are anonymous to prevent retaliation), but I see no reason for it to apply to votes.
People complaining about circlejerking or vote policing have no faith in their admins to develop their instance's culture's expectations surrounding the changes. This is just as much a human issue as it is a technical or logistical one. Toxic instances are going to be toxic whether you give them more tools to do so or not. I don't see this proposed change making any non-toxic instances suddenly devolve into chaos and would go as far as to say that worries about that happening are catastrophizing about the situation.
An average user absolutely benefits from being able to see who voted on a post or comment and what their vote was. A person noticing that someone is actively down voting their content in a deliberate way empowers the user to have it dealt with. Mods might not queue into that kind of targeted harassment.
All these comments comparing a vote on Lemmy to a vote within a democratic election are incredibly juvenile frankly. Its reductionist when saying Electoralism is equivalent to a Lemmy Vote and egotistical when saying a Lemmy Vote is equivalent to a ballot cast in a democratic election.
Your vote isn't private in either case regardless. At most you need to know someone's birthday, first name, and last name to find someone's voting record in America (might depend state by state). Someone willing to set up a Lemmy instance to see your votes is also capable of then setting up bots to specifically target you with down votes, which is the more egregious of the two actions.
Given the ease in which someone could create a bot network for the purpose of targeting someone or a group of people with a downvote campaign, I think it's only just to allow regular users the power to see votes and act on that information. Why should this information be gate kept to only the technically capable?
Keeping votes "hidden" maintains a kind of voyeuristic experience for those with the power or technical knowledge and resources while maintaining this illusion of privacy for the masses.
Make them visible to all.
@ViableSystemModel
The current setup establishes an asymmetry between moderators/admins and regular users. I can understand why this would be necessary for something like reports (reports are anonymous to prevent retaliation), but I see no reason for it to apply to votes.
To make it easier for admins & mods to do their job so that the overall culture can be better. Analysing voting behaviour can help an admin/mod infer intent, especially when it comes to the more serious actions like banning and how a large collection of smaller pernicious actions can be hard to notice but paint a clear picture when viewed together.
TBH, I'm not sure how you come to say "... I see no reason for it to apply to votes".
It seems like an obviously useful tool. Rimu's admin tools on Piefed might be relevant here. Rimu, as stated in the discussions above, is against public vote data, but, AFAIU, has implemented moderation tooling specifically for allowing mods to analyse vote data.
People complaining about circlejerking or vote policing have no faith in their admins to develop their instance's culture's expectations surrounding the changes.
There's a big difference between "faith" and managing workloads. Why not just prevent the moderation work in the first place and not risk overload?
This is just as much a human issue as it is a technical or logistical one.
Yes, and so anticipating the human responses and the effect they can have on the culture is the first and most important consideration.
Toxic instances are going to be toxic whether you give them more tools to do so or not. I don't see this proposed change making any non-toxic instances suddenly devolve into chaos and would go as far as to say that worries about that happening are catastrophizing about the situation.
This feels like a mush of various fallacies. It doesn't need to be catastrophic to be a bad idea, defeatism around toxic instances is irrelevant, you "not seeing" it without further substantiation is also irrelevant, and "suddenly devolving into chaos" is a strawman.
Is it a good or bad idea ... will it have a net positive or negative effect on the behaviours and affordances of members of the platform?
I don't think I've seen any positive arguments as to what good would come from public votes that couldn't be addressed by some other means that are also likely to be more direct treatments of their specific issue. But I have seen a bunch of decent arguments about what negative things could come about. Downplaying those arguments as excessive "catastrophizing" when you might just be strawmanning these concerns strikes me as irresponsible.
If public votes exposes the users to possible harassment, so do public comments. It's up to the mods and admins to handle that if it matters to the community (if that even happens).
Maybe in the future add an option to vote anonymously, but until then anyone who wants to see what you have voted will be able to. The barrier is not that high to see what someone voted for.
It's like having a community pool party with a 170cm wall to deter peeping toms from spying, but forgetting to tell the attendants that any peeping tom taller than 170cm will be able to see everything. Just destroy that wall and tell everyone that they're in a public space and there should be no expectation of privacy. There is no "public spectrum", it either is public or isn't.
It should be server setup based.
Here is an example of an admin, who can see votes, abusing his access - https://lemm.ee/comment/13768482
Now imagine that, everywhere, all the time.
Here is an example of an admin, who can see votes, abusing his access - https://lemm.ee/comment/13768482
Now imagine that, everywhere, all the time.
That will continue happening anyways. It's up to the moderators and the community to fix that if they want.
Here is an example of an admin, who can see votes, abusing his access - https://lemm.ee/comment/13768482
Now imagine that, everywhere, all the time.
I actually don't see a problem with that. They asked the user why they downvoted, the user gave a response, and everyone learned from it. Some people on Lemmy are unnecessarily hostile, regardless of the situation, but I don't see an inherent problem with that situation.
Personally, I like how kbin/mbin have public votes on threads & comments. I think that is less problematic than having a user's vote history on their profile, but it may not be possible to allow one and not the other.
If Lemmy decides to implement "true block" it would allow people to identify antagonistic users and block them. I suspect that there are people on Lemmy whose purpose is to make Lemmy unwelcoming, and thus make people want to go back to reddit. I think "true block" + visible votes may help decrease those people's influence by allowing users to block them. But if they regularly make new accounts that wouldn't work. And it also has the downside of allowing someone to attack you while preventing you from responding (or even seeing their post/comment).
There are benefits and detriments to either choice. It's a tough one. I'm leaning towards public votes.
Has anyone discussed it with kbin/mbin users, mods, and admins? They have the most experience with it, so hearing from them about whether or not it has been problematic would be useful.
Votes are already public anyone can spin up an instance and see votes. Allowing everyone to see them simply increases equallity.
This is clearly a controversial topic, on the same level as whether downvotes should be a thing or not. Which makes the solution blatantly obvious (because it's the same solution to the downvote discussion): Make it configurable per instance.
This has the advantage that admins can decide for themselves how their instance should be. It additionally enables users to go to the instances that has the setting they prefer, just like whether or not downvotes are enabled.
It should definitely be a configurable option, probably with options something like this:
Vote Visibility (dropdown with options):
This way, each instance can choose for itself, just as they do with downvotes being enabled or not. Then we don't need to have this discussion, since each instance and user can choose for themselves.
I think this is something that should be set by admins on per instance basis.
(And when toggled on, it should be in big, capitalized, red letters when people sign up).
I am strongly in favor for privacy for reasons already mentioned.
But having the option has merit too:
E.g. using lemmy as an exclusive but somewhat grassrootsy voting platform, where already known people submit ideas and make public votes. Like professors at a university submitting proposals for research subjects or finances and backing them.
In that case, who is taking which position is obvious anyway, the opinions expressed would be strictly professional. Or at least not more personal and exposing than is already the case.
tldr: make it optional to admins and then make it obvious to the end user which mode they're in.
If a website could be sure none of their users are malicious/bots and all of the users are perfectly rational and virtuous then public or private voting wouldn't matter either way. That being nearly impossible, why not a reputation based system like Stack Exchange? Only when an account meets certain requirements they can vote.
To boot, on the website tweakers.net one can actually vote -1, …, +3.
Privacy issues aside public voting has the potential of building a rather unique feature down the line; displaying votes only (or more boldly) from trusted users. This could work on multiple levels, but I imagine a user being able see that something is up/down voted by who they chose to trust (accounts, communities, instances...) might be valuable.
This could be the best possible answer to the spam-iness of the general internet. This could be some protection against brigading ie. you trust members of one community, so their votes are highlighted, but distrust another one so it's members votes are a greyed out number in the back. If that were combined with ie. communities with some proof-of-life verification or say hyper-local instances for a city or village - this small piece of internet could be reclaimed from automated manipulation. You dont care if a bunch of unknown accounts or trolls up or downvote an issues, most of the time it's more relevant of the people around you think so - even if you do not want to be cut out of the global flow of information.
How are any of the positives real?
An instance admin, or mod, i.e. rhe people who would take action against those users, already have access to this.
Rather than make them easier for people to see, spend time making administration of those users easier for those who can already see.
Here is an example of an admin, who can see votes, abusing his access - https://lemm.ee/comment/13768482
Now imagine that, everywhere, all the time.
Lol this is exactly what I'm talking about! Voyeurism! And no one else has the right to dig through this users' vote history, because of "privacy". Great! Good system [sarcastic]. The only other people who can confirm if they're lying are other mods or admins. So again, why should they have the right to expose the votes simply because they have the time, money, and energy to configure and deploy a Lemmy Instance?
I'm glad this person exposed themselves as a voyeur, so I know to avoid them. Such behavior should be exposed and dealt with. The way you do that is by giving people access to the votes. Such behavior will result in moderation in my communities.
Here is an example of an admin, who can see votes, abusing his access - https://lemm.ee/comment/13768482 Now imagine that, everywhere, all the time.
Lol this is exactly what I'm talking about! Voyeurism! And no one else has the right to dig through this users vote history, because of "privacy". Great! Good system. The only other people who can confirm if he's lying are other mods or admins. So again why should they have the right to expose the votes simply because he has the time, money, and energy to configure and deploy a Lemmy Instance?
I'm glad this person exposed themselves as a voyeur so I know to avoid them. This kind of behavior should be exposed and dealt with. The way you do that is by giving people access to the votes. This kind of behavior will result in moderation in my communities.
Agreed. Admins shouldn't see this "right in the UI" either. They should have tools that list users who massively vote, have odd ratios, and other such things. A per-post UI isn't helpful to anyone. Make the voyeur dig through the DB.
The first positive you listed has nothing to do with why it should be public, but rather why it should be visible to mods/admins, which you already mentioned it pretty much is.
The second positive you listed isn't really a positive or a negative.
The third positive you listed is again, yet another mod/admin thing and not reasoning for it to be public.
The positives don't seem like strong enough reasoning to go through with this.
The privacy concerns alone are reason enough to not go through with adding this. The amount of harassment and toxicity that would be possible because of this would make it not worth it. I'm sure you can see with the thumbs up to thumbs down ratio, people are majorly against this idea. I hope you won't go through with adding this, it would be a big mistake to go through with this.
@maparent
If we want to make inference more difficult, we could also use a different hashing key for different communities, or even per data request.
If you obfuscate it too much, it'll make it impossible to filter out bad actors, vote brigading or even instances that just spam votes in whatever way they want.
There should be a middle ground but I'm not sure it's even technically possible to obfuscate voter identity while still being able to figure out if it's actual users voting. Because if you can't look up a user account from a vote, a malicious instance could spam votes and it'd be potentially impossible to detect.
Also noteworthy is that reddit and lemmy are unique in keeping vote privacy: mastodon, twitter, and most other platforms expose them.
Apart from Twitter recently disabling them being visible, I don't view Lemmy votes the same as likes on micro blogging platforms. Upvotes aren't directly correlated with agreement or enjoyment.
I want to preface this comment saying that I have votes disabled in the first place because I find them counterproductive to a healthy environment.
As such I think that extending the information that the already(in my opinion) broken vote system has is a bad idea. As is the current system allows for targeted Harrassment based off Argumentum ad populum/bandwagon effect. Making the vote be public to all will just exponentiate that effect, allowing for anyone who voices their dissent to be the potential target for harassment.
As stated above this system will reduce the amount of people who disagree with the populus decision from wanting to voice their opinion through the upvote down vote system. Please be aware that this does not mean that those same people will leave a comment explaining their opinion of the matter, it will more likely mean that they just won't give their opinion, which will just worsen the echo chamber effect.
Firmly believe that this feature should remain with the technically advance(because I don't think it can be defended against) and the admin/mods.
The first positive you listed has nothing to do with why it should be public, but rather why it should be visible to mods/admins, which you already mentioned it pretty much is.
If it is public, regular users will be able to identify patterns in voting and bring it to admins attention. They will be more invested in finding these patterns than the admin team. Vote harassment isn't as easily identified within the overall volume of votes an admin has access to. Individual users, or a community of users will be able to crowdsource the scrutiny, taking the load off the admins, allowing things to be caught that might otherwise be missed.
The second positive you listed isn't really a positive or a negative.
There are absolutely reasons you need to identify voting patterns. Marginalized communities are subject to all sorts of harassment, including vote harassment. If you're trying to make a space inclusive, and you have users from other instances seeing posts on their all feed, and regularly down voting the content from those communities, you would want to know.
The third positive you listed is again, yet another mod/admin thing and not reasoning for it to be public.
This, again, relates back to point one. You make these votes public, the masses will identify these actors faster than the admin team / mod team. This leads to better response time over all.
The positives don't seem like strong enough reasoning to go through with this.
The privacy concerns alone are reason enough to not go through with adding this. The amount of harassment and toxicity that would be possible because of this would make it not worth it. I'm sure you can see with the thumbs up to thumbs down ratio, people are majorly against this idea. I hope you won't go through with adding this, it would be a big mistake to go through with this.
"Privacy" really is the man made of the most straw. I do not mean to imply that it is a fallacy, but instead that is "imaginary". How exactly does your vote history factor into the threat model surrounding your own privacy, and how is it any different from your comment and post history? I could build a pretty reliable cut out of anyone based strictly on post history and comment history.
The data points from those alone are far more damning than the nature of your vote. Your current history already provides me with your interests, your disinterests, your activity window, and any other revealing information you neglect or elect to include as part of that history.
Your votes, by that measure, are a small patch in the quilted blanket of information you produce through posting and commenting.
No way. I once got an email sent to my boss because I liked a tweet. Let's not enable this kind of harassment
What of the people who voted on nsfw lgbt content expecting the vote to be hidden from the public.
This could unwittingly out someone in locations where they may be prosecuted for their sexuality.
I think this discussion should be about fixing the security situation that any federating instance admin can see the list of up/down-voters
Question
I'd like to hear everyone's thoughts on possibly making votes public. This has been discussed in a lot of other issues, but here's a dedicated one for discussion.
Positives
Negatives
Also noteworthy is that reddit and lemmy are unique in keeping vote privacy: mastodon, twitter, and most other platforms expose them.
We've already added most of the work to show votes, but this is only shown to admins and moderators (for the communities they mod). It would take very little work to make this available to all.
cc @kartikynwa @Nutomic @SleeplessOne1917 @phiresky @dullbananas
4088 #4924 #4086 #4052