this post was submitted on 04 Jul 2023
3515 points (96.2% liked)

You Should Know

33107 readers
474 users here now

YSK - for all the things that can make your life easier!

The rules for posting and commenting, besides the rules defined here for lemmy.world, are as follows:

Rules (interactive)


Rule 1- All posts must begin with YSK.

All posts must begin with YSK. If you're a Mastodon user, then include YSK after @youshouldknow. This is a community to share tips and tricks that will help you improve your life.



Rule 2- Your post body text must include the reason "Why" YSK:

**In your post's text body, you must include the reason "Why" YSK: It’s helpful for readability, and informs readers about the importance of the content. **



Rule 3- Do not seek mental, medical and professional help here.

Do not seek mental, medical and professional help here. Breaking this rule will not get you or your post removed, but it will put you at risk, and possibly in danger.



Rule 4- No self promotion or upvote-farming of any kind.

That's it.



Rule 5- No baiting or sealioning or promoting an agenda.

Posts and comments which, instead of being of an innocuous nature, are specifically intended (based on reports and in the opinion of our crack moderation team) to bait users into ideological wars on charged political topics will be removed and the authors warned - or banned - depending on severity.



Rule 6- Regarding non-YSK posts.

Provided it is about the community itself, you may post non-YSK posts using the [META] tag on your post title.



Rule 7- You can't harass or disturb other members.

If you harass or discriminate against any individual member, you will be removed.

If you are a member, sympathizer or a resemblant of a movement that is known to largely hate, mock, discriminate against, and/or want to take lives of a group of people and you were provably vocal about your hate, then you will be banned on sight.

For further explanation, clarification and feedback about this rule, you may follow this link.



Rule 8- All comments should try to stay relevant to their parent content.



Rule 9- Reposts from other platforms are not allowed.

Let everyone have their own content.



Rule 10- The majority of bots aren't allowed to participate here.

Unless included in our Whitelist for Bots, your bot will not be allowed to participate in this community. To have your bot whitelisted, please contact the moderators for a short review.



Partnered Communities:

You can view our partnered communities list by following this link. To partner with our community and be included, you are free to message the moderators or comment on a pinned post.

Community Moderation

For inquiry on becoming a moderator of this community, you may comment on the pinned post of the time, or simply shoot a message to the current moderators.

Credits

Our icon(masterpiece) was made by @clen15!

founded 1 year ago
MODERATORS
 

Edit: obligatory explanation (thanks mods for squaring me away)...

What you see via the UI isn't "all that exists". Unlike Reddit, where everything is a black box, there are a lot more eyeballs who can see "under the hood". Any instance admin, proper or rogue, gets a ton of information that users won't normally see. The attached example demonstrates that while users will only see upvote/downvote tallies, admins can see who actually performed those actions.

Edit: To clarify, not just YOUR instance admin gets this info. This is ANY instance admin across the Fediverse.

you are viewing a single comment's thread
view the rest of the comments
[–] OmniGlitcher 36 points 1 year ago* (last edited 1 year ago) (2 children)

Agreed, I am incredibly confused by what seems to be the majority reaction to this.

I've never been particularly involved with the FOSS community, though I do use a few FOSS apps and generally appreciate their view on what FOSS means. I also strongly appreciate data privacy, and it was my observation that the FOSS community was (generally) relatively the same way. So to see this reaction is very surprising. It's quite literally the same terrible argument of "Why fear it if you have nothing to hide" used against multiple data privacy concerns throughout the years.

I think the worst are the bad faith "But Reddit...!" arguments. For one, we're not on Reddit anymore, this is about Lemmy's issues that can be corrected. And for two, whilst Reddit potentially outsourcing that data to the highest bidder is far from ideal, at the very least the data wasn't outright PUBLIC to anyone who wishes to set up a simple server.

[–] [email protected] 14 points 1 year ago (1 children)

You say these issues can be corrected but I am not sure they can. ActivityPub is a protocol managed by the W3C. So to have different behavior You'd have to change the specification there. That is possible but it will take some time. Still you'd need a way to make votes not bound to a user and still hard to spoof. That sounds hard. Apart from that upvotes and downvotes are not really the most interesting datapoints you can gather. You can still collect posts. These can't be obfuscated. There is simply no way to have an open network where you can share data between servers where you can make sure that no one harvests the data. It is simply not possible. As soon as it is public it is public. This has nothing to do with FOSS. If you have a solution you can implement it. That is what it means. If you have one then go ahead.

[–] OmniGlitcher 6 points 1 year ago* (last edited 1 year ago) (2 children)

You’d have to change the specification there. That is possible but it will take some time.

Then they should do so, these issues need to be fixed ASAP.

Still you’d need a way to make votes not bound to a user and still hard to spoof.

Obfuscating user IDs via a hash or something would seem like the way to make it work. I'm not a professional programmer, I only know a little bit of python, so I have no idea if I'm talking nonsense on that front. And whilst still not an ideal solution, but sharing non-private votes with your own instance admin and have them share only the total vote count with other instances is another solution. That way you need only trust your instance admin, which is choosable and can also be yourself.

That is what it means. If you have one then go ahead.

Putting the onus on me is a shitty thing to do. I'm not the one running this site in any capacity, but this is an issue that many users are unhappy with. If the issue with the site won't or even can't be fixed, then I will simply not use the site. I don't know how many people feel the same on that front, but I'd imagine there's quite a few.

[–] [email protected] 11 points 1 year ago (1 children)

Putting the onus on me is a shitty thing to do

You are the person who has a problem with that and you mentioned FOSS. It is easy to complain. FOSS gives you the tools to change things. But you have to put in the work. You are the one putting the burden the change something to your liking on others instead of doing to yourself.

Obfuscating user IDs via a hash or something would seem like the way to make it work. I’m not a coder, so I have no idea if I’m talking nonsense on that front. And whilst still not an ideal solution, but sharing non-private votes with your own instance admin and have them share only the total vote count with other instances is another solution. That way you need only trust your instance admin, which is choosable and can also be yourself.

Both of your ideas are not compatible with ActivityPub as far is I can see. So you first need to change the specification and then make everyone adopt the specification. Before that any change would make your software incompatible with the rest of fediverse which is counter the idea.

And all of that because people could be mad about a downvote. I am an instance admin. I was downvoted before. I never even thought about looking up who downvoted me. I know people are different but to be honest if someone looks it up and harasses you then you block them. And I really can't imagine that your vote on a post with a pseudonym is really a very useful datapoint for anyone.

I agree that these things have to be communicated better but I don't even know how we would make people aware of this. No one reads disclaimers.

[–] OmniGlitcher 1 points 1 year ago* (last edited 1 year ago) (1 children)

You are the one putting the burden the change something to your liking on others instead of doing to yourself.

To some degree yes. However, I am simply a user. I have no idea where to even begin with attempting such a thing, and whilst I'm sure I could probably find out, even if I did it would take far longer to learn, nevermind getting it adopted. It's a lot easier for the people running the site and who have knowledge of how to do so. It's like going to a restaurant, not liking the way they've done the food, so the restaurant comes back with "Cook it yourself then". The other "solution" is of course going to a different restaurant or simply not going to a restaurant. which if:

your ideas are not compatible with ActivityPub

is truly the case, then it would seem that that is the only viable option for me personally.

And all of that because people could be mad about a downvote

I don't care how people vote me. This isn't strictly about downvotes, it's about specifc content engagement.

And I really can’t imagine that your vote on a post with a pseudonym is really a very useful datapoint for anyone.

It's potentially useful to someone. And I'd just rather not have that data public anyway, it's just that simple. Enough data is already public, what types of content you actively engage with and how you engage with it also being public is just a bad idea in my opinion. These are core analytics almost any site collects, which imply they must have a purpose. Except here it's public, and can also be swooped up by big companies should they dedicate a tiny fraction of computing power to run an instance.

I agree that these things have to be communicated better but I don’t even know how we would make people aware of this.

Making these things directly accessible to end users would be a start. Have a stats button that shows who precisely voted what. Hiding this shit in the backend is just blatant obfuscation.

[–] [email protected] 6 points 1 year ago (1 children)

It seems you have a few options:

  1. Put in the work yourself and change it.
  2. Finde someone who puts in their work to change it
  3. Accept that this is how it works
  4. Leave the fediverse

Option 1. has the highest chance of getting your changes but option 2. might work as well. I wish you luck if you choose these options.

Option 3. seems unlikely from your comments.

Option 4. is maybe the easiest option for you then. And I say that without wanting you gone. I'd like you to stay but I don't think the fediverse can accommodate your demands.

I'd like to point out a flaw with your analogy though: if you go to a restaurant you pay the people to make what you want. The Lemmy Devs do this for free for you. A better analogy is going to a potluck without bringing anything and being unhappy about the lack of steak.

[–] OmniGlitcher 0 points 1 year ago* (last edited 1 year ago) (1 children)

Option 4. is maybe the easiest option for you then. And I say that without wanting you gone.

Oh no, don't take this the wrong way. You've been perfectly amiable about this throughout this discussion, I have no reason to believe you'd want me gone. I am currently considering Option 4 indeed, though I want to stay for a bit to see how this all pans out. I have other issues and concerns with the fediverse anyway.

I’d like to point out a flaw with your analogy though: if you go to a restaurant you pay the people to make what you want. ... A better analogy is going to a potluck without bringing anything and being unhappy about the lack of steak.

That is a fair point, but this is a free service. There isn't any expectancy about one contributing to it.

Perhaps a more apt analogy from my perspective would be going to a free art museum and being disappointed there isn't any art I like, and several other people agree with me. I can ask the museum team to maybe get some more art in I and the others like, but it's up to the museum to do so, and I can't make art for shit and would take years to make something worthwhile. At worst, I just leave the museum, it owes me nothing, and I owe nothing to it.

I am generally shit at analogies though, so y'know, making an analogy is probably a bad idea.

[–] fluke 2 points 1 year ago (1 children)

I don't have anything technical to add to the discussion, I have absolutely no idea how Lemmy works, just that I despertately wanted somewhere else to go to that wasn't Reddit.

Still not even sure I understand how any of it works, although I do understand why there are privacy concerns and concerns around 'syncing' changes etc.

What I do want to say is that analogies aren't supposed to be taken too literally. That's kind of the point of them. :)

[–] OmniGlitcher 1 points 1 year ago* (last edited 1 year ago) (1 children)

Yeah I'm just bad at making them without them being too literal, haha.

I'm sure loads of people have tried to explain it already. For what it's worth, my basic explanation (as I understand it) is as follows:

Reddit is run off servers owned by a single company, and those servers all talk to each other relatively nicely because they're all owned by the same entity. Lemmy is run off servers owned by lots of different people. These servers talk to each other because their owners have agreed to be "federated". However because of this they can also have more difficulties talking to each other, and individual owner's opinions can also get involved.

[–] [email protected] 4 points 1 year ago (1 children)

then I will simply not use the site

Maybe that's what you should do. But don't do it as a protest. Do it because you don't want to share that data publicly.

The entire point of social media is sharing things publicly. If you're worried about people collecting that data, then you shouldn't have put it in public.

There aren't good ways to keep a public secret. That's inherent to how information works and not a failing of ActivityPub. It's the same reason media will never stop being pirated. If I can see/hear it, I can repeat it.

[–] OmniGlitcher 1 points 1 year ago* (last edited 1 year ago) (1 children)

But don’t do it as a protest. Do it because you don’t want to share that data publicly.

I mean yeah, that's what I'd do it for. It's a suggestion for the site and it's a sentiment that seems to be shared by several people here, but it ultimately falls down to me to decide whether or not I want to continue using it, much the same as with my usage of Reddit.

If you’re worried about people collecting that data, then you shouldn’t have put it in public.

Voting is a core functionality of the site. It's something I don't think should be public as it puts more emphasis on what content I interact with in what is now apparently a public manner. If you want to debate that a mere vote is something I shouldn't put in public, then fine, you do you. But for me, it defeats half the point of me even having an account here. What one comments on are often an incredibly small portion of what one actually votes on simply by ease of voting.

And I know I said "But Reddit...!" is a bad argument earlier, but even so, I'd like to say that even Reddit's voting is not publicly accessible (as in not accessible by other users, even if Reddit almost certainly collects and sells such data), so clearly there should be ways to do it. If ActivityPub requires public voting and the people who have the ability to change it are unwilling or even unable to do so, then fair enough. But equally, I will refrain from contributing to such a site, which seems like a bit of a shame when it seems close to ideal otherwise.

[–] [email protected] 2 points 1 year ago (1 children)

clearly there should be ways to do it

Your votes on Reddit are public to Reddit admins. On Lemmy anyone can be an admin.

Giving vote totals without names makes the system ripe for fraud and abuse. In real life votes the decision to make votes public or private is a major one. In a system like Lemmy, the problems with private votes are exaggerated, and the problems with public votes are much smaller. Your Lemmy name shouldn't be tied to your real name. It's unlikely anyone is going to coerce your vote like they might coerce your political vote.

If you're concerned about anonymity, maybe use more than one name or a different name so that your account isn't so easily tied back to you.

The purpose behind having votes be more public is to have some kind of reputation behind those votes. It's still possible to shill, but it requires more depth and and effort, and the shills may still be discovered if there are too many.

[–] OmniGlitcher 2 points 1 year ago* (last edited 1 year ago) (1 children)

Your votes on Reddit are public to Reddit admins. On Lemmy anyone can be an admin.

Which is my concern. I don't like Reddit having and selling that data, but it's easier for me to trust-ish a singular entity than some entire web of random people, which probably includes some corporate people siphoning data anyway. I know some would likely find that a tad paradoxical, but that's how my brain works. At least then the corporation can be held accountable per the standards of the region they're based in should there be issues, or users can mass target the corporation rather than go "Don't like it, just move to another instance.".

For reference, it's still not ideal, but I'd somewhat trust my instance's admin. Why can't my vote history be shared purely with them? Then give other admins the raw upvote/downvote data of the post/comment. After all, the instance I choose my account to be on is my decision.

Your Lemmy name shouldn’t be tied to your real name.

It's not. I am careful about what I put online. Whilst I'm uncertain as I've never particularly tried to do so beyond some cursory Googling, I'm pretty sure you can't tie my username back to me IRL. But even so, there's no need to add to the pile of potentially traceable publically available data.

The purpose behind having votes be more public is to have some kind of reputation behind those votes.

That can still be anonymised behind a hashed ID. If all my votes were registed to some User-XXXX and it wasn't possible to retrieve my username from that, I'd have no issues. Though from my discussion with other people, it seems that's counter to how ActivityPub intrinsically works. I'm increasingly working towards the opinion that the fediverse isn't for me, if it's all set up in a similar fashion and apparently unchangeable. As they say, "different strokes for different folks" I guess.

[–] [email protected] 1 points 1 year ago (1 children)

Then give other admins the raw upvote/downvote data

You can't do this part. It makes it way too easy to just say "This post, -1000. This (shill) post, +1000." Having to put names to those thousand votes makes a difference. A hash really doesn't, as a hash isn't hard to fake. The other solution is like mastodon, where your votes only count on your own instance. That decision would basically kill small instances of Lemmy, so I can understand why they didn't go that direction.

I don't know if you've ever noticed the difference between Reddit's Hot and New, but it's extremely dramatic. Votes are important, and that makes it hard to effectively not use them on smaller instances.

[–] OmniGlitcher 2 points 1 year ago* (last edited 1 year ago) (1 children)

So yeah, I decided to look into ActivityPub. From what I'm reading, it seems like the sacrifices in privacy are an intentional decision by the creators of the protocol so that admins can weed out "undesired interaction".

I can certainly see where they're coming from, and I'll be interested to see how it plays out. But ultimately, I don't like this philosophy for a Reddit-like site, so sadly I don't feel comfortable enough to contribute to it any longer. I guess it's my fault for not looking into it before signing up, but what can ya do.

Regardless, thanks for the discussion, to you and everyone else. Hope you guys do well here.

[–] [email protected] 2 points 1 year ago

Thanks, and good luck. The only parting thought is that if you don't want the public to have that data (and you may have a point), I wouldn't feel comfortable giving it to Meta or Twitter either.

[–] ScaNtuRd 13 points 1 year ago (1 children)

Exactly. When data like that is public, I can guarantee you 10000% that Big Tech and governments are harvesting ALL of it as we speak. If this issue is not resolved and TRUE privacy is not implemented sooner rather than later, Lemmy will not succeed in the Fediverse, period.

[–] [email protected] 9 points 1 year ago (1 children)

If you want privacy you need to use an encrypted chat. You can't have privacy in a public space. That is like stand in the middle of a market place, screaming out your thoughts and then being upset that someone writes them down. It sure would be nice if our data wasn't harvested, but that is not the world we live in. So if you want to say something in private you need to choose a private platform. Otherwise assume that Big Tech and World Governments are listening.

[–] ScaNtuRd 6 points 1 year ago (2 children)

There's a huge difference between what I choose to put out in public vs. data that's being collected on me just by browsing the site. Saying "it's just the world we live in" is just an excuse to ignore the real issues. It is more crucial now than ever that we create a system that's by and for the people, not Big Tech and governments.

[–] [email protected] 9 points 1 year ago

It seems that what you would like is something like 4chan, where the post will get deleted if it's not popular. But even that, there is no way to prevent data harvesting. If it's public, then it is public. There is nothing you can do about it. Encryption wouldn't solve anything either because you want this data to be read by everyone so you cannot really encrypt it.

The fediverse is kind of the same as a public room where anyone can come in and just listen, take note, see who is talking and respond in the same way.

This is the point of social media. If you don't want to participate in it because of privacy, then don't and just lurk (or listen) like most people do.

By definition, if it's on the internet, it's pretty much there forever. People need to be careful on what they share on the public space, in the same way you would when talking to a big crowd. You are not talking with your friends here, you are talking to the world. If you are any privacy, you just cannot have it here. That's impossible.

[–] [email protected] 1 points 1 year ago (1 children)

But on the Fediverse you literally can only see what you put out in the public. Your votes, your posts, your faves. That is your action in public. It is not federated what you look at. There are no trackers here that profile you. It is just your real interactions that count.

[–] Protegee9850 1 points 1 year ago (2 children)
[–] [email protected] 3 points 1 year ago

Where? Not on my instance.

[–] [email protected] 2 points 1 year ago (1 children)
[–] Protegee9850 2 points 1 year ago

The point being raised is that because of the architecture even if your instance doesn’t use trackers any other instances can use trackers and track you as if you were on their instance. At least as I understand it. Correct me if I’m wrong.