138
Why is public voting a massive privacy and physical threat but public posting and commenting is not?
Would be my question as well. It seems quite obvious that if you participate in publicly viewable discussion, that the stuff you do is publicly viewable.
If you don't want it associated to your physical person, use a VPN and unidentifiable account name.
(And the statement "at least reddit is safe" seems absolutely ridiculous to me.)
load more comments
(30 replies)
dude is just bent out of shape because they got called out for disagreeing Russia should go home and leave Ukraine alone.
I mean it is kind of a dick move to spy on downvotes and then demand that someone respond to you. The dude is wrong as hell, but I do agree with the overall principle that not every vote needs to be subject to someone getting interrogated as to why they voted that way.
Their shock at finding out that it works that way is, of course, why the currently Lemmy UI is badly designed because it creates the illusion for people that their votes are private. They definitely should not do that.
It's not something I usually do, but I'm tired of not calling out people on shitty opinions in regards to fascism. especially when it comes to a simple perspective of "this bad thing is bad".
it's like someone downvoting because a comment said "fuck cancer". like...why? my mind can't even fathom why anyone would dislike that kind of message unless they themselves are cancer or advocate for the advancement of cancer.
typically I don't give a shit about downvotes, but it just really rubbed me the wrong way.
load more comments
(5 replies)
load more comments
(2 replies)
load more comments
(25 replies)
I feel hat posts/comments are much more of a privacy exposure than any vote.
If the OP wants private voting vs their post/comments then two account would be the solution to that - this is how it is done in the backend on piefed
Also if only voting is so bad, just don't vote. Those votes are not used for anything but ranking in lists for others, you'll not see any difference for yourself if you stop voting.
load more comments
(3 replies)
If you're a lurker who votes, voting would be your only exposure.
If you are a lurker that votes then I very little that some random could tie back to your home address or even IP
Which only has rather limited information derivable from it. The most "identifying" would be to vote regularly on a community dedicated to your local area.
If you don't trust your instance with knowing your IP-address, then the issue is not going to be solved by "anonymous voting". Because your instance has to know if you voted on something or not, so votes cannot be done multiple times. This is unavoidable and equal to the situation when using reddit. Except that you can choose a different instance if you distrust the current instance.
OP either did not think through what he is claiming or he is driven by an agenda.
load more comments
(8 replies)
load more comments
(6 replies)
While it is important to know that voting is not private (nor truly is direct messaging), that is not in itself a danger.
Lemmy is community driven, and so it is — broadly speaking — governed by community norms and the platform is responsive to the needs of those norms. If someone is harassing or mistreating you on the basis of your voting, then you can take it up with an admin. I've seen people called out for the use of vote manipulation, but I'm not sure what it would look like to be targeted based on your votes.
By the way, there are also mechanisms for publicly addressing grievances with mods and admins.
Most importantly, recognize that it does take time to adjust to the reality that no one cares about the fake internet points here. Reddit uses dark patterns to manipulate users into equating votes with worthiness. Having a lot of karma on reddit contributes to a person's reputation and credibility there. Here, no one cares, or even sees, a person's vote totals. Like most everything else, it's technically public, but it's not visible or indicated.
Why does reddit want you to care about your karma? For engagement and metrics. If people are only incentivized to share genuine interests and human interaction, then they won't scroll mindlessly for quite as long. If every post and comment is incentivized for maximum virality, then Reddit can sell more eyeballs to advertisers. Plus, if people care enough about their fake points, they will literally pay to buy reputation. Reddit doesn't care about your well-being, just your ad impressions. Like any other social media corp.
Welcome to a better, healthier, more transparent place. We are far from perfect, but no one here will use dark patterns to mine you for content.
if someone is harassing or mistreating you on the basis of your voting, then you can take it up with an amin.
this is a highly demanding solution for a misbehavior that takes very little energy to engage in. at least in my experience with admins, even when you have an effective one that doesn't mean they will be effective in the coming months or years. ultimately a lot of people will end up having to explain somebody else's bad behavior to another who just might not care.
but never mind that. what I've actually got to wonder is what does having votes public even accomplish positively? is the goal to help users understand each other based on actions we made that up to this point we thought were anonymous?
Votes are public more of a side effect of the fact that Lemmy is federated, rather than intentionally as something to be publicly visible, I don't believe you can go find someone's vote history just from the normal Lemmy ui, but someone could create their own Lemmy/mastodon/kbin version (or just some custom scraper that speaks activity pub and pretends to be one of these) to start collecting vote counts.
Votes being tied to accounts makes it slightly harder to do vote manipulation, but only slightly. It would be as simple as having my server tell the server of the original post that 5000 users that totally exist voted on this post. Of course you could do the same by actually creating 5000 fake accounts on your server, but that's marginally more work, and also slightly more detectable. There's a lot of trust in the activity pub protocol.
load more comments
(2 replies)
load more comments
(3 replies)
Why are you saying IP addresses are publicly shown here and why is (almost) no one correcting you? That would've been an enormous privacy risk that would've required intentionally fucking users over. Just doesn't even make sense to write what you did about IP addresses. Seems like you're just hoping to cause some panic.
load more comments
(10 replies)
It's the nature of the beast. Federated software holds no secrets.
Related: https://sopuli.xyz/post/31369487
load more comments
(10 replies)
I don’t think IP addresses federate? I think only your instance admin can see your IP address. In any case, though, you should generally always assume that your up/down votes on any service are recorded and tied to your username. If you can come back later and change your vote, that vote is tied to your username. It may not be visible to other users, but the server admins can absolutely see what you’re doing.
Reddit might not make your votes publicly visible, but they’re absolutely tracking them and using that information to select what you see, including advertising. They might not directly share those votes with advertisers, but they almost certainly are sharing your interests based on your votes. And you should assume Reddit and others will comply if the government comes asking for what users liked a post the government opposes, or who downvoted a post praising a new government initiative.
It depends on your threat model, but your threat model might change. Freedom of speech might be curtailed by politicians even when that’s supposed to be unconstitutional. What might be safe to do online now might become unsafe in a year or two.
YSK: every action you take online, even as simple as an Upvote or Like, might be recorded and may come back to haunt you
My votes are a massive privacy risk? How? I'm putting them out there publicly willingly. As is the nature of the internet.
I dsiagree that transparent upvotes are an issue. In fact i think it's a powerful feature for community to self correct and resist astro turfing.
On reddit votes have become meaningless because they are not 1 person == 1 vote and its completely astroturfed. You can literally got to buyredditvotes dot com (not real but real ones are very close just google it) and stuff any post with votes and nobody will ever know.
Transparent interactions are key for community health even if behind anonymous nicknames. So all interactions should be transparent.
My only issue is that many lemmy instances are blocking popular VPN services which is very dangerous. I understand the bot argument but (even though residential proxies are dirt cheap these days) user safety suffers hard here.
Oh no now the lemmy.ml special mods will know I downvote them when I see them lol
load more comments
(1 replies)
It's currently impossible to have private upvotes and downvotes with a federated service. It could probably be done, but it'd need a big revamp of the ActivityPub protocol, and apps would need to adopt the new protocol version. It's not trivial.
Just hiding the data in the UI doesn't solve it, because the data is still there.
Additionally, a lot of other social media sites have public votes/likes, as long as the content is public. Facebook, Twitter, Instagram, Discord, LinkedIn, Telegram (if you consider it social media?), and probably some others all have public likes by default.
load more comments
(1 replies)
The IP address thing is not real, though
Just choose a nickname that is random word+4 random digits and don't reuse it on other services
load more comments
(1 replies)
How do you do this and where can I find this info because I'd like to know.
I'll start by asking you if I upvoted or downvoted this post.
load more comments
(9 replies)
Cool stuff right? Everyone can spy on you, and you can keep them guessing by behaving incongruent. Lots of fun!
I was unaware that it was unclear to anyone but children and the intellectually behind that anything you do on the Internet is traceable to you without significant countermeasures.
Seems like a good thing to me. Should be a better known feature.
How would I go about seeing this information for myself?
load more comments
(11 replies)
It's a good thing to be concerned about privacy! While voting patterns/voting retaliation is certainly possible on Lemmy, I think following good general security practices can go a long way towards mitigating those things. (Anyone who's new to online privacy or needs a helping hand to get started should def check out the EFF's Surveillance Self-Defense site.)
In combination with your IP, this is a massive privacy (maybe even physical security) risk. Also, people can target you for your votes.
No.
load more comments
(6 replies)
A lot of people here still refuse to understand that Lemmy, as it currently exists, is a privacy nightmare, and the voting thing is just the top of the iceberg. There are several de-anonymization attacks possible involving dynamically serving different content to different users. This, combined with the public voting makes it possible that someone can dox an account and expose a lot more information than other forums where that information is more private.
Public votes also open the fediverse up to much worse astroturfing IMO. It's incredible feedback for bots and trolls to see exactly who is interacting with their posts and comments. It's frustrating that a bunch of people here have convinced themselves of the opposite, and insist that public voting is the only way to combat brigades and trolls, which is an incredibly shortsighted stance which doesn't scale nearly as well as it does in the other direction.
iirc someone got banned from like 25 subs because they downvoted a single post that said "I want YOU to generate more AI slop" and the mod got pissed and power tripped super hard
load more comments
(5 replies)
Anyone can get information about who has upvoted and downvoted a post or comment.
In combination with your IP, this is a massive privacy (maybe even physical security) risk.
Why?
load more comments
(7 replies)
view more: next ›
this post was submitted on 10 Aug 2025
138 points (77.0% liked)
You Should Know
40576 readers
158 users here now
YSK - for all the things that can make your life easier!
The rules for posting and commenting, besides the rules defined here for lemmy.world, are as follows:
Rules (interactive)
Rule 1- All posts must begin with YSK.
All posts must begin with YSK. If you're a Mastodon user, then include YSK after @youshouldknow. This is a community to share tips and tricks that will help you improve your life.
Rule 2- Your post body text must include the reason "Why" YSK:
**In your post's text body, you must include the reason "Why" YSK: It’s helpful for readability, and informs readers about the importance of the content. **
Rule 3- Do not seek mental, medical and professional help here.
Do not seek mental, medical and professional help here. Breaking this rule will not get you or your post removed, but it will put you at risk, and possibly in danger.
Rule 4- No self promotion or upvote-farming of any kind.
That's it.
Rule 5- No baiting or sealioning or promoting an agenda.
Posts and comments which, instead of being of an innocuous nature, are specifically intended (based on reports and in the opinion of our crack moderation team) to bait users into ideological wars on charged political topics will be removed and the authors warned - or banned - depending on severity.
Rule 6- Regarding non-YSK posts.
Provided it is about the community itself, you may post non-YSK posts using the [META] tag on your post title.
Rule 7- You can't harass or disturb other members.
If you harass or discriminate against any individual member, you will be removed.
If you are a member, sympathizer or a resemblant of a movement that is known to largely hate, mock, discriminate against, and/or want to take lives of a group of people and you were provably vocal about your hate, then you will be banned on sight.
For further explanation, clarification and feedback about this rule, you may follow this link.
Rule 8- All comments should try to stay relevant to their parent content.
Rule 9- Reposts from other platforms are not allowed.
Let everyone have their own content.
Rule 10- The majority of bots aren't allowed to participate here.
Unless included in our Whitelist for Bots, your bot will not be allowed to participate in this community. To have your bot whitelisted, please contact the moderators for a short review.
Rule 11- Posts must actually be true: Disiniformation, trolling, and being misleading will not be tolerated. Repeated or egregious attempts will earn you a ban. This also applies to filing reports: If you continually file false reports YOU WILL BE BANNED! We can see who reports what, and shenanigans will not be tolerated.
If you file a report, include what specific rule is being violated and how.
Partnered Communities:
You can view our partnered communities list by following this link. To partner with our community and be included, you are free to message the moderators or comment on a pinned post.
Community Moderation
For inquiry on becoming a moderator of this community, you may comment on the pinned post of the time, or simply shoot a message to the current moderators.
Credits
Our icon(masterpiece) was made by @clen15!
founded 2 years ago
MODERATORS