search

MbinOrg / mbin

Mbin: a federated content aggregator, voting, discussion and microblogging platform (By the community, for the community)
https://joinmbin.org
GNU Affero General Public License v3.0
241 stars 17 forks source link

Privacy of Lemmy votes #1115

Open Nutomic opened 2 months ago

Nutomic commented 2 months ago

Describe the bug

Votes sent by Lemmy are marked as private, as you can see by the lack of https://www.w3.org/ns/activitystreams#Public:

{
  "actor": "http://ds9.lemmy.ml/u/lemmy_alpha",
  "object": "http://ds9.lemmy.ml/comment/1",
  "audience": "https://enterprise.lemmy.ml/c/tenforward",
  "type": "Like",
  "id": "http://ds9.lemmy.ml/activities/like/fd61d070-7382-46a9-b2b7-6bb253732877"
}

In comparison, posts and comments are marked as public.

On which Mbin instance did you find the bug?

fedia.io but it affects all instances

Which Mbin version was running on the instance? 1.7.1

To Reproduce Steps to reproduce the behavior:

  1. Open any post
  2. Scroll down to 'Activity'
  3. Go to 'Favorites' tab
  4. See names of users who voted from Lemmy

Example: https://fedia.io/m/ich_iel@feddit.org/t/1187925/ich-iel/favourites

Expected behavior

Mbin should respect the privacy level of Lemmy votes and not display the usernames publicly. Votes should only be used internally to calculcate scores. We also display voter names to admins and mods to prevent abuse.

dessalines commented 2 months ago

I just want to add that of course its ultimately up to yall to decide how you view vote privacy, but its worth reading through some of the arguments linked in the thread above, to see why lemmy's community overwhelmingly wants to keep their votes private.

BentiGorlich commented 2 months ago

We had a discussion in our matrix room a while back discussing this topic. I actually do not really care whether it is displayed or not (as a user), but I do not get any value from it either.

I think respecting the visibility of incoming votes would be a nice compromise.

MaximilianKohler commented 2 months ago

I have never heard of any problems stemming from Mbin or kbin making votes public. If anyone knows of examples or other discussions about this, please share them. Most of the objections in the Lemmy github issue were hypothetical. I'd like to hear from Mbin/kbin users since they have first-hand experience with public votes.

Personally, I found it quite nice on one occasion when I thought a thread I made was being astroturfed. I was neither a mod nor admin, yet I was able to look up the accounts that were voting in the thread. Neither a mod nor admin took any action against the accounts so I don't think "leave it up to the mods/admins" is a solution.

BentiGorlich commented 2 months ago

Why does something have to have happened for this to be valid topic to consider?

What do you all think of limiting the display of votes to your own ones? So you cannot view them when you're not logged in

MaximilianKohler commented 2 months ago

Why does something have to have happened for this to be valid topic to consider?

The argument is that it would cause a bunch of problems. So if mbin/kbin users haven't reported experiencing any of those problems then it makes the concerns less valid.

I don't think limiting vote visibility to logged in users is a good idea. If I can use archive.today and archive.org to save a history of voting patterns it helps me identify and prove problematic activity.