Wait… the Lemmy logo is a Lemming?? I’ve spent the last 6 days thinking it was a gerbil. And this whole thing was referencing the Lemmiwinks episode of South Park.
I’m very curious to see how (actual) websites / ways to access this data will change how Lemmy not only deals with this as a potential security issue, but how it will change the culture of Lemmy and they way people interact on here
Obviously I’m concerned with the ramifications as well, but I’m also very intrigued how things will go
I think it would be good to have some kind of a concept of “trust levels” between federated instances where the default level isn’t full trust. Then the amount of information that gets shared depends on the trust level.
Things these days should be designed with the fact that there’s bad actors out there, some driven purely by greed, some driven to specifically cause problems either for individuals (trolls) or society in general (troll farms). And it isn’t always clear who is who.
I don’t think that site would be problematic. After all, we’re just talking about custom interfaces to analyze public data.
A big part of the solution is that users should have an awareness that their activity is public. Every once in a while someone gets burned not knowing that anyone can view what a specific Twitter user or Instagram user liked (like politicians liking risque thirst trap photos).
Another is easy alts and throwaways, with tips to avoid correlations:
Don’t use the same verified email address
Don’t reuse usernames, including across platforms
Try not to use the same instances, such that instance admins can see whether login activity is coming from the same place, unless you absolutely trust that the admins won’t analyze your data OR inadvertently leak their records.
Be aware of the techniques used to correlate users: analysis of timestamps, linguistic/grammatical quirks, etc.
This is a public place, so people should be aware that this is a public place. That means they can still find this useful space, as with many other public places, but should be aware that the more they do on this platform, the easier it is to correlate with a real life identity.
Thinking about this some more, I don’t mean to put everything on the user.
The platform itself, through its design and architecture and settings, should also do stuff to make super detailed analysis more difficult:
Don’t log unnecessary metadata, such as views/visits, clicks, scrolls, time spent on specific posts, etc. Information that is never observed/logged can’t be shared/published.
Don’t share unnecessary information with other instances. For example, with an update to the protocol, an instance might be able to hide which local users voted for what in local threads, while maintaining the proper count internally of what the vote totals are, who has already voted, etc. Non-local users would have to have their votes publicly known, though.
Make the public nature of each action obvious. Make votes more obviously public through the interface (perhaps by allowing people to view who upvoted or downvoted). Make people’s comment history and like history easy to view within the native interface, so that people understand that the information isn’t private to begin with.
Commit to deletion in a public, auditable way. Let instance administrators know that being a good citizen on the fediverse requires adherence to norms about privacy and deletion, and have watchdogs publish stats on how long it takes for an instance to delete a comment or vote or whether it retains edit/delete history.
That last point is completely impossible. Don’t forget that I don’t have to run the official lemmy software on my instance. I can make changes: for example, I can add a feature to my instance like “log every post in a separate, local database before deleting it from lemmy”. Nobody else but me will know this feature exists. Or (to be AGPL compliant) have a separate tool to regularly back up my lemmy database, undoing deletions.
As for the second point: I’d say making local votes private and non-local public will be worse for privacy due to causing confusion.
I was thinking yay that sounds like an awesome data visualization platform, that would be great. Until I got to the “just kidding” part.
You are right, all this information is readily available. And we would be really naive if we think that no one is collecting this yet.
You, or someone else, should build this, such that it is clearly visible for everyone what data is available. And not just visible to the select few who builds their own closed data mining systems.
This would be a pretty bad idea. Not only are companies going to steal all the data from that site, but its going to lead to people going through every user’s history to block people who don’t have the same “color politics” as them. Its going to lead to hyper echo chambers, even worse than other social platforms.
I think it would be better if this data is obfusicated even from instance admins. Does this present a bigger challenge in identifying malicious users? Probably, yes. However, it protects the Fediverse first and foremost from the vampire companies stealing consumer data, and protects the Fediverse from becoming the loudest echo chamber on the planet.
Differing opinions, viewpoints, and politics are important to genuine discussion. These “color politics” don’t have to even be part of the discussion to influence what people say. I don’t know about you, but being in a thread where people only ever agree with me and offer no alternative ideas is not a place I want to spend a lot of time in. Because who knows, maybe my ideas are wrong, and I might (shudder), change my mind.
Hey, I completely agree with you, in that the most interesting discussions are among groups where I don’t agree with everyone. This is where I learn and grow as a person.
But in saying that, aren’t you also saying that some people, like you and me, would not use such a database to filter out the users we do not agree with?
And would it not be a logical conclusion to make, that people who likes to build and stay in their echo chambers, would not be more inclined to listen to different opinions just because they don’t have a more efficient tool to sort out people they disagree with?
What I am saying is, all information that is technically available will be collected and analysed. Better make a public and open platform showing everything, such that everyone can see exactly what can be collected and surmised from the already public information, than to keep users blind from what information they actually leak publically.
Hey, I completely agree with you, in that the most interesting discussions are among groups where I don’t agree with everyone. This is where I learn and grow as a person.
But in saying that, aren’t you also saying that some people, like you and me, would not use such a database to filter out the users we do not agree with?
And would it not be a logical conclusion to make, that people who likes to build and stay in their echo chambers, would not be more inclined to listen to different opinions just because they don’t have a more efficient tool to sort out people they disagree with?
What I am saying is, all information that is technically available will be collected and analysed. Better make a public and open platform showing everything, such that everyone can see exactly what can be collected and surmised from the already public information, than to keep users blind from what information they actually leak publically.
By seeying most reactions ro your post, I can only think that most lemmy users don’t care about privacy at all. Or, at least, didn’t fully understand the implications.
For myself, I’ve already just assumed this stuff is public. I don’t know why I’d assume it was private, in fact. I have a few different accounts and I use them for different things, but anything I want to keep off the public internet doesn’t go on the public internet, on Lemmy or Reddit or Facebook or anywhere. It’s 2023, I think most people have some understanding of this already. Threatening to out data I already assumed no privacy on is not terribly threatening.
That YSK thread from yesterday inspired me to create a new account with an anonymous relay email, instead of my personal email. I’m not sure how much I would’ve actually had to worry about if I kept using my personal email, but I figure it’s better to be safe than sorry.
I also probably could’ve just changed the email in my first account instead of creating a brand new account, but I don’t really know how data is persisted or anything. That was another case of better to be safe than sorry.
Even if this was real, I think it’s irrelevant. If you make a public post, then that’s what that means, it’s public. What happened to the saying that once uploaded to the internet, it’s there forever? I always thought this was common knowledge. To prevent these things, it shouldn’t be possible by design. That’s why in Lemmy and Mastodon, the fact I can click anyone’s username and see their entire post history is insane to me. Why there no option to make that private, and why the hell is it public by default?
The same people crying about possible data scraping are the same ones who see zero issue with all your profile data being completely public to any possible random internet query.
Frankly, I think someone should actually do that. Except maybe use open source AI instead of ChatGPT.
The fact is, in a federated setting all this data will be accessible. For example, if lemmy tried to hide who made each vote, and just federate totals, that would allow my malicious instance to report 1M upvotes for my post.
When lemmy tries to hide this data, all this does is instill a false sense of privacy with users. IMHO the best thing is to make all this de facto public data, officially public, so everyone knows and can act accordingly.
As for privacy, I’d say the best thing to do is, keep your account anonymous.
It’s actually a real problem on reddit where people spin up fake users to manipulate votes. Reddit hasn’t published how they detect that exactly, but one way to do that is to look for bad voting patters, like if one account systematically upvotes/downvotes another. But you pretty much can’t without knowing the votes.
Nice play, I already wondered why the page does not load.
So the two biggest issues seem to be:
Voting is public (but invisible to users who are thus oblivious about it)
Post/comment history is public, entirely
I’m not sure if (1) can be changed regarding the ActivityPub protocol, but I would appreciate it. There is at least a communication issue since most users probably expect votes to be anonymous.
A shallow research made me hope something like zk-SNARK could be a solution. Voters must be able to identify themselves (to revoke or change their votes later), but servers must be unable to track individual users across multiple votes. A lesser, but still desirable achievement could be to make it impossible to track individual voting behavior across multiple servers.
Agree to @[email protected] about (2). It should be possible to restrict how much of my post history others can see. On the other hand, crawlers and scrapers could still gather the data from browsing publicly available posts and comments, and reconstruct individual post histories. This would then resemble (1) again; users expecting some privacy when they actually have not.
You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: [email protected]
A community to talk about the Fediverse and all it’s related services using ActivityPub (Mastodon, Lemmy, KBin, etc).
If you wanted to get help with moderating your own community then head over to [email protected]!
Rules
Posts must be on topic.
Be respectful of others.
Cite the sources used for graphs and other statistics.
Wait… the Lemmy logo is a Lemming?? I’ve spent the last 6 days thinking it was a gerbil. And this whole thing was referencing the Lemmiwinks episode of South Park.
I was told it was a lemur…
Does the instance owners read your DMs? Does Reddit read your DMs? You never really know.
Jokes on them. I already know what’s in my DMs. /j
Just post everything in public and never have to worry about it in the first place.
I’m very curious to see how (actual) websites / ways to access this data will change how Lemmy not only deals with this as a potential security issue, but how it will change the culture of Lemmy and they way people interact on here
Obviously I’m concerned with the ramifications as well, but I’m also very intrigued how things will go
I think it would be good to have some kind of a concept of “trust levels” between federated instances where the default level isn’t full trust. Then the amount of information that gets shared depends on the trust level.
Things these days should be designed with the fact that there’s bad actors out there, some driven purely by greed, some driven to specifically cause problems either for individuals (trolls) or society in general (troll farms). And it isn’t always clear who is who.
Yeah, trust is a critical part of socializing
I don’t think that site would be problematic. After all, we’re just talking about custom interfaces to analyze public data.
A big part of the solution is that users should have an awareness that their activity is public. Every once in a while someone gets burned not knowing that anyone can view what a specific Twitter user or Instagram user liked (like politicians liking risque thirst trap photos).
Another is easy alts and throwaways, with tips to avoid correlations:
This is a public place, so people should be aware that this is a public place. That means they can still find this useful space, as with many other public places, but should be aware that the more they do on this platform, the easier it is to correlate with a real life identity.
Thinking about this some more, I don’t mean to put everything on the user.
The platform itself, through its design and architecture and settings, should also do stuff to make super detailed analysis more difficult:
That last point is completely impossible. Don’t forget that I don’t have to run the official lemmy software on my instance. I can make changes: for example, I can add a feature to my instance like “log every post in a separate, local database before deleting it from lemmy”. Nobody else but me will know this feature exists. Or (to be AGPL compliant) have a separate tool to regularly back up my lemmy database, undoing deletions.
As for the second point: I’d say making local votes private and non-local public will be worse for privacy due to causing confusion.
removed by mod
I was thinking yay that sounds like an awesome data visualization platform, that would be great. Until I got to the “just kidding” part.
You are right, all this information is readily available. And we would be really naive if we think that no one is collecting this yet.
You, or someone else, should build this, such that it is clearly visible for everyone what data is available. And not just visible to the select few who builds their own closed data mining systems.
This would be a pretty bad idea. Not only are companies going to steal all the data from that site, but its going to lead to people going through every user’s history to block people who don’t have the same “color politics” as them. Its going to lead to hyper echo chambers, even worse than other social platforms.
I think it would be better if this data is obfusicated even from instance admins. Does this present a bigger challenge in identifying malicious users? Probably, yes. However, it protects the Fediverse first and foremost from the vampire companies stealing consumer data, and protects the Fediverse from becoming the loudest echo chamber on the planet.
Differing opinions, viewpoints, and politics are important to genuine discussion. These “color politics” don’t have to even be part of the discussion to influence what people say. I don’t know about you, but being in a thread where people only ever agree with me and offer no alternative ideas is not a place I want to spend a lot of time in. Because who knows, maybe my ideas are wrong, and I might (shudder), change my mind.
Hey, I completely agree with you, in that the most interesting discussions are among groups where I don’t agree with everyone. This is where I learn and grow as a person.
But in saying that, aren’t you also saying that some people, like you and me, would not use such a database to filter out the users we do not agree with?
And would it not be a logical conclusion to make, that people who likes to build and stay in their echo chambers, would not be more inclined to listen to different opinions just because they don’t have a more efficient tool to sort out people they disagree with?
What I am saying is, all information that is technically available will be collected and analysed. Better make a public and open platform showing everything, such that everyone can see exactly what can be collected and surmised from the already public information, than to keep users blind from what information they actually leak publically.
Hey, I completely agree with you, in that the most interesting discussions are among groups where I don’t agree with everyone. This is where I learn and grow as a person.
But in saying that, aren’t you also saying that some people, like you and me, would not use such a database to filter out the users we do not agree with?
And would it not be a logical conclusion to make, that people who likes to build and stay in their echo chambers, would not be more inclined to listen to different opinions just because they don’t have a more efficient tool to sort out people they disagree with?
What I am saying is, all information that is technically available will be collected and analysed. Better make a public and open platform showing everything, such that everyone can see exactly what can be collected and surmised from the already public information, than to keep users blind from what information they actually leak publically.
By seeying most reactions ro your post, I can only think that most lemmy users don’t care about privacy at all. Or, at least, didn’t fully understand the implications.
For myself, I’ve already just assumed this stuff is public. I don’t know why I’d assume it was private, in fact. I have a few different accounts and I use them for different things, but anything I want to keep off the public internet doesn’t go on the public internet, on Lemmy or Reddit or Facebook or anywhere. It’s 2023, I think most people have some understanding of this already. Threatening to out data I already assumed no privacy on is not terribly threatening.
That YSK thread from yesterday inspired me to create a new account with an anonymous relay email, instead of my personal email. I’m not sure how much I would’ve actually had to worry about if I kept using my personal email, but I figure it’s better to be safe than sorry.
I also probably could’ve just changed the email in my first account instead of creating a brand new account, but I don’t really know how data is persisted or anything. That was another case of better to be safe than sorry.
Nice try Zuckerberg
Even if this was real, I think it’s irrelevant. If you make a public post, then that’s what that means, it’s public. What happened to the saying that once uploaded to the internet, it’s there forever? I always thought this was common knowledge. To prevent these things, it shouldn’t be possible by design. That’s why in Lemmy and Mastodon, the fact I can click anyone’s username and see their entire post history is insane to me. Why there no option to make that private, and why the hell is it public by default?
The same people crying about possible data scraping are the same ones who see zero issue with all your profile data being completely public to any possible random internet query.
The problem is that it is not immediately clear to a user that their voting history is public as an average user cannot view that information.
Frankly, I think someone should actually do that. Except maybe use open source AI instead of ChatGPT.
The fact is, in a federated setting all this data will be accessible. For example, if lemmy tried to hide who made each vote, and just federate totals, that would allow my malicious instance to report 1M upvotes for my post.
When lemmy tries to hide this data, all this does is instill a false sense of privacy with users. IMHO the best thing is to make all this de facto public data, officially public, so everyone knows and can act accordingly.
As for privacy, I’d say the best thing to do is, keep your account anonymous.
Can your instance not do that as is? Just spin up a bunch of fake users and make them all vote on something?
True - but it’ll be much easier to detect.
I’d wager a fake vote count would be much easier to detect than the same amount of fake users
It’s actually a real problem on reddit where people spin up fake users to manipulate votes. Reddit hasn’t published how they detect that exactly, but one way to do that is to look for bad voting patters, like if one account systematically upvotes/downvotes another. But you pretty much can’t without knowing the votes.
Nothing is stopping you. Apart from laws that regulate data collection maybe. IANAL.
Capitalists gonna try and capitalise. I’ve seen lots of people try and create services like this for mastodon.
Great post BTW.
removed by mod
Nice play, I already wondered why the page does not load.
So the two biggest issues seem to be:
I’m not sure if (1) can be changed regarding the ActivityPub protocol, but I would appreciate it. There is at least a communication issue since most users probably expect votes to be anonymous.
A shallow research made me hope something like zk-SNARK could be a solution. Voters must be able to identify themselves (to revoke or change their votes later), but servers must be unable to track individual users across multiple votes. A lesser, but still desirable achievement could be to make it impossible to track individual voting behavior across multiple servers.
Agree to @[email protected] about (2). It should be possible to restrict how much of my post history others can see. On the other hand, crawlers and scrapers could still gather the data from browsing publicly available posts and comments, and reconstruct individual post histories. This would then resemble (1) again; users expecting some privacy when they actually have not.
That’s a fucking cute as hell illustration. I’d wear that
removed by mod