I have been working on Lemvotes, a tool to check who voted on a Lemmy post. In this blog post, I will describe how it works and the ethics of such a tool.
I will describe how it works and the ethics of such a tool.
Where in this post do you describe the ethics of such a tool?
non-technical users believe that their votes are private, which is far from the truth. This attitude could potentially lead to harassment of Lemmings (yes, that’s what we Lemmy users call ourselves) for upvoting a particular post. Lemvotes makes it clear that votes are not private, which could help bring a more accurate picture of the way votes work on Lemmy to its users.
This is what needs discussion. It is this tool which will lead to harassment due to the way someone votes. And the threat or spectre of harassment will lead to the Chilling Effect, ie. self-censorship (of voting) to avoid harassment.
The chilling effect this causes will make communities even more like echo-chambers, as dissent will be pre-emptively squashed.
Without a tool like this existing, people have to go out of their way to find out this information (setting up their own instance, or finding someone who already does this surreptitiously). By making such a tool available to the lemmy community at large, you make it extremely easy for anyone to do this, and so the chance of harassment occurring is much higher.
You might think you’re being clever, or on some kind of crusade to educate the uneducated. But actually your actions are making this (community-built) platform worse. Compare your actions to releasing a 0-day exploit for a security vulnerability instead of responsibly disclosing. It doesn’t help, it just causes chaos until the people who do the actual work can figure out a solution.
Think about how your tool existing now changes the dynamic of Lemmy as a whole. Is it better, or worse? How would you actually solve this problem in Lemmy, instead of exploiting it?
Kbin/mbin already surfaces votes, third party apps can easily show them as well. This is an intrinsic behavior of activitypub and people should know how easy it is to expose that data.
Compare your actions to releasing a 0-day exploit for a security vulnerability instead of responsibly disclosing. It doesn’t help, it just causes chaos until the people who do the actual work can figure out a solution.
This comparison is not fair at all. It’s not like the devs are unaware of this. They could start by removing the API endpoint that lists a post’s votes, but they haven’t, which means they seem to think it’s okay for the instance admins to snoop on votes if they so wish.
The best part of the fediverse is anyone can run their own server. The worst part is anyone can run their own server.
Server Admins would need to defederate that instance, there is nothing else stopping someone from creating a manipulative instance that multiplies votes to influence the larger network.
As I understand it, ActivityPub-compliance basically requires that a vote is tied to an actor. Although, they could have made a dummy actor do it. Maybe they were worried about stopping vote manipulation?
This is already a thing that happens currently. Some admins/moderators don’t like being downvoted and ban people for “vote manipulation” because they vote on things in their feed.
It is leading to exactly that, where people are worried that using the voting system as intended will lead to exclusion from participation in some communities.
This is what needs discussion. It is this tool which will lead to harassment due to the way someone votes.
wrong. voting users are already visible through other services, like mbin. and the information is already there, those who are really interested are already scraping it, this just makes it more accessible and also serves as an eye opener
The chilling effect this causes will make communities even more like echo-chambers, as dissent will be pre-emptively squashed.
If only there was a tool that allowed you to host an instance on a federated network that allowed you to make your own community and control how the rest of the network can interact with it. Why has nobody built this???
Where in this post do you describe the ethics of such a tool?
This is what needs discussion. It is this tool which will lead to harassment due to the way someone votes. And the threat or spectre of harassment will lead to the Chilling Effect, ie. self-censorship (of voting) to avoid harassment.
The chilling effect this causes will make communities even more like echo-chambers, as dissent will be pre-emptively squashed.
Without a tool like this existing, people have to go out of their way to find out this information (setting up their own instance, or finding someone who already does this surreptitiously). By making such a tool available to the lemmy community at large, you make it extremely easy for anyone to do this, and so the chance of harassment occurring is much higher.
You might think you’re being clever, or on some kind of crusade to educate the uneducated. But actually your actions are making this (community-built) platform worse. Compare your actions to releasing a 0-day exploit for a security vulnerability instead of responsibly disclosing. It doesn’t help, it just causes chaos until the people who do the actual work can figure out a solution.
Think about how your tool existing now changes the dynamic of Lemmy as a whole. Is it better, or worse? How would you actually solve this problem in Lemmy, instead of exploiting it?
Kbin/mbin already surfaces votes, third party apps can easily show them as well. This is an intrinsic behavior of activitypub and people should know how easy it is to expose that data.
We’ve opened up issues on other services many months ago about retaining user vote privacy, because lemmy users overwhelmingly don’t want their votes snooped on.
This comparison is not fair at all. It’s not like the devs are unaware of this. They could start by removing the API endpoint that lists a post’s votes, but they haven’t, which means they seem to think it’s okay for the instance admins to snoop on votes if they so wish.
Then couldn’t that give instances free reign to start creating fake votes?
The best part of the fediverse is anyone can run their own server. The worst part is anyone can run their own server.
Server Admins would need to defederate that instance, there is nothing else stopping someone from creating a manipulative instance that multiplies votes to influence the larger network.
As I understand it, ActivityPub-compliance basically requires that a vote is tied to an actor. Although, they could have made a dummy actor do it. Maybe they were worried about stopping vote manipulation?
That’s how piefed works iirc
This is already a thing that happens currently. Some admins/moderators don’t like being downvoted and ban people for “vote manipulation” because they vote on things in their feed.
It is leading to exactly that, where people are worried that using the voting system as intended will lead to exclusion from participation in some communities.
I’ve personally been banned from one community for downvoting too consistently.
The easy solution is to stop engagement on Lemmy. Cool. Cool cool cool.
wrong. voting users are already visible through other services, like mbin. and the information is already there, those who are really interested are already scraping it, this just makes it more accessible and also serves as an eye opener
If only there was a tool that allowed you to host an instance on a federated network that allowed you to make your own community and control how the rest of the network can interact with it. Why has nobody built this???