YSK: Your Lemmy activities (e.g. downvotes) are far from private

Muddybulldog · edit-2 1 year ago

YSK: Your Lemmy activities (e.g. downvotes) are far from private

@Bazoogle · 1 year ago

Okay, yea, that does make sense. I was thinking of electronic votes, in which case there wasn’t much stopping them from storing that data. But you can get a paper ballet where your name isn’t on it. Regardless, actual voting isn’t a good analogy. You can change your vote on an internet forum, you cannot with a ballet.

Let’s say on lemmy, up or down vote, it reported “Bazoogle has voted” and simply adds a number to the variable without my name tied to it. If I wanted to undo my vote, it wouldn’t know whether to subtract an up vote or down vote unless it knew which one I did in the first place. The only other option would be to try and encrypt the username with some sort of identifier that can’t easily be decrypted. Which might be possible, but is beyond my current knowledge of cybersecurity.

@sauerkraus · 1 year ago

It’s as simple as sharing vote counts but not individual identifiers between instances. Problem solved.

A user doesn’t even have to comment to be doxxed by publicly viewable upvotes. They upvote a post in a community for their local state, then upvote a post about how to get an abortion. The state subpoenas the instance admin and gets their IP and email address.

@Bazoogle · 1 year ago

They could already do that with Reddit. Is that something that happens?

@sauerkraus · 1 year ago

With Reddit that data could be kept between the users and admins.

I do not have any insider knowledge regarding whether Reddit has received requests for user data.

@Bazoogle · 1 year ago

You were saying in the example of the government requesting the data. That’s not any different for reddit or Lemmy. If anything, it would be harder to get from Lemmy since it’s decentralized. And reddit is known to comply with government warrants.

@sauerkraus · 1 year ago

A warrant is still more secure than public access.