YSK: Your Lemmy activities (e.g. downvotes) are far from private

Edit: obligatory explanation (thanks mods for squaring me away)…

What you see via the UI isn’t “all that exists”. Unlike Reddit, where everything is a black box, there are a lot more eyeballs who can see “under the hood”. Any instance admin, proper or rogue, gets a ton of information that users won’t normally see. The attached example demonstrates that while users will only see upvote/downvote tallies, admins can see who actually performed those actions.

Edit: To clarify, not just YOUR instance admin gets this info. This is ANY instance admin across the Fediverse.

FinalFallacy, (edited )
FinalFallacy avatar

Isn't that kind of the point? You don't get very far hiding in a social setting. You're on a public website talking to other people. Your posts should be public, comments, etc. At least people should treat all websites or apps they didn't develop personally like they're public. I mean you don't really have a right to privacy in public.

And I'm not trying to say this with some malicious tone or anything but it's just my view on it.


Still unexpected. And that’s the problem.

Comments are obviously public because I can read them. But there is no “upvoted by xx people (and downvoted by xx)” link I can click to see the list of people who interacted this way with the post. It’s only with API calls or similar that I can access the information.


I am looking forward to new apps having the option to show this kind of information.

@Album@lemmy.ca avatar

Posts and comments is one thing… It’s inherently public. But I think being able to see up and down vote publically is a tough pill. If you don’t realize your votes can be seen you risk your vote being held against you. If you do know it disincentivizes you to use the vote system to protect yourself from something that should be rather benign.


At least you know the instance host isn’t selling your data right? The advertisers already have it 🤪


I was kind of joking, but now that I think about it isn’t that better? The problem isn’t really advertisers having your data, it’s companies doing skeezy things to be able to make more money with your data.

This way, instance hosts are free from that incentive and can just focus on making a good website.


I mean I didn’t upvote or downvote porn on Reddit either. It’s all personal information.

On Reddit there were plenty of people with access and the data was sold to advertisers.

Here it’s public, not great but not terrible either. Also makes it easier to battle vote brigading?


It also makes it easier to profile users and weed out anyone who disagrees about literally anything.

Like, you guys need to consider not every admin is a paragon of virtue.


But that has always been a thing. Just like Reddit mods banning you from their subreddit just because you posted in another subreddit they didn’t like. It sucks, but it’s nothing new.

If either a server admin or a community mod doesn’t like you for what you’re doing, they can kick you out. It’s the same as if this was an old time forum and you pissed off the admin.

With lemmy you have to watch two things:

  1. Trust the instance admin you sign up with, this is where your account data lives, the admin can read everything on your account. Hell, even your password if they manipulated the instance code, so use a random one
  2. Trust the moderators of the communities you interact with. If you interact with a community and the mods there don’t like you, they can just remove your posts for example. Same as with Reddit

A random person outside of your instance or communities you interact with can’t do much. They can “steal” your posts and comment data and see your votes. But that’s it. They can’t block your account or kick you out of your favorite communities. They could obviously harass you (just your account, not your email), but then you can block them. Or ask the admin to block their entire instance.


Still unexpected. And that’s the problem.

Comments are obviously public because I can read them. But there is no “upvoted by xx people (and downvoted by xx)” link I can click to see the list of people who interacted this way with the post. It’s only with API calls or similar that I can access the information.

rideranton avatar

kbin has the ability to see activity including upvotes, boosts, and downvotes from the UI for entries, comments, and microblogs

nevernevermore avatar

I was about to call OP out as a liar but I didn't realise this was specific to kbin.

Kaldo avatar

The same data is also there on lemmy, there just isn't an UI element to display it. That's why op said admins can see it, but on Kbin users can too.



  • Loading...
  • Hank,

    I always upvote myself. But I have to think extremely highly about my contribution to even think about boosting it.

    Catch42 avatar

    I upvote my own posts too, I do try to avoid boosting my own posts. We're from kbin though, I think on Lemmy self-upvotes are automatic.



  • Loading...
  • fishos,
    fishos avatar

    That said, don't just call people out who downvote you. No one owes you an explanation if they thought your post was bad. I've already seen it once and it was pretty childish.


    On reddit you’d regularly see people calling the people who downvoted them names

    comedy avatar

    More than childish, it's pathetic.


    It really can't go any other way. If you have posted something that I feel needs to be downvoted, asking me why would just be asking for a verbal smackdown. I have been on the internet for a long time now, and asking why you just got dunked on has always been one of the fastest ways to get dunked on again.

    fishos avatar

    Exactly lol

    Unless it's a serious case of trolls stalking you, in which case admin is really the people to talk to, just take your downvote and move on. It's ok and it doesn't matter. Don't make it worse.


    There’s something amusing about people feeling violated by their activity being made public, but not necessarily by corporations hoarding and capitalizing on that activity & data. I mean, one of them is out in the open. The other is pure abuse.


    How about both are bad.


    It is what it is, mí hijo


    That is the entire (and only) point I was making. x)


    i dont think a humongous corporation can afford to screw me with this data as much as the random people running instances, what’re they gonna do? give me midget porn ads?


    Ah, the old Reddit Lemmy switcharoo.

    You are probably seeing two very different vocal minorities, and conflating the two.

    Also, there’s a very clear difference in expectations between posting/commenting and upvoting. I blame the UI. We naturally expect public actions to be easily visible. The lack of universal accessibilty to the public data makes people unaware that the data is public. Lemmy UIs, including apps, need to make this information (a list of upvoting users) universally publicly accessible before people will change their expectations.


    On the contrary, I’m not conflating two specifics. I’m speaking in general terms about the demonstrable public perception (read: billions of social media users who happily hand over their data vs. the palpable unease over data publication in all walks of tech discussion) and how it is innately hypocritical.

    It is perfectly normal and useful to discuss societal contradictions. For example: “We hate school shootings, but we do fuck-all to stop them from occurring.” That statement does not conflate two different vocal minorities, it purports to accurately describe the generalized societal contradiction at hand.

    The rest of your post is completely off-topic.


    Why does the person have no problem sharing their address with the DMV but gets upset when their address is leaked publicly? Curious. They claim to value transparency, but oppose doxxing?


    Is this sarcasm?

    The DMV is government-regulated and has a legal duty to safeguard your data. Unlike the corporations we were happily discussing before you decided to try out as Ben Shapiro.


    Corporations have a financial interest in safeguarding your data. It’s not valuable to advertisers if it can be gathered for free.

    People enter into contracts with individual entities regularly without expecting that any rando could join at will.


    I really didn’t expect to have to read this corpo-apologist BS here.

    You’re sick, please get well.


    Capitalism causes enough actual problems that you don’t need to make up more. Making your data available to businesses is marginally more secure than publishing it freely.


    It makes sense to me that people are more worried about potentially any corporation / bad actor accessing their data rather than one


    here, have my upvote. but please don’t tell anyone.




    Why? The masses have no issue forking data over to big tech. What difference does it make if it’s one or a million corporations using that data when it’s being sold willy-nilly to anybody with a checkbook?

    The point is not how many actors have access to your data. The point is that in both scenarios (public data vs. single-corporation-controlled data), your data is pragmatically public from data sales, data leaks, and so on. However, in only one of them, your data is ostensibly “protected” by a corporation - the lie at hand. In the other scenario, you are under no spell that your data is protected or private - the truth.

    My comment was simply pointing out how they’re effectively the same thing. Giving your data to a big tech firm is effectively the same thing as making it public. Hence, the outrage over one not matching the outrage over the other is amusing to me because it implies how effective the corpo framing of this issue is.


    Well it’s just as bad but in a different way.

    Big cooperations may not respect me as an individual, but they have a self-preserving interest, a brand image to loose, and are checked by privacy watchdogs.

    A Lemmy I stance can be run on any PC in some anonymous guys basement; there really no way of telling.


    Can someone explain why r/privacy is so up in arms about this? Seems fairly obvious that my actions in the public domain are public, but they’re all “Lemmy doesn’t care about your privacy”. Why?



    Because they’re stupid


    Being able to doxx someone for their upvotes without even commenting strongly disincentivises engagement with communities that oppose authoritarian governments and such.

    When it’s just between the user and admins of their home instance that’s a feasible level of trust. When it’s available to literally anyone that’s a huge jump.


    I wouldn’t say Lemmy doesn’t care about your privacy, but probably they didn’t have enough traffic before the death of Reddit to really prioritize it. I myself have security concerns, particularly with the storage of account data on servers that who knows where they are hosted or what the security is. But I would say Lemmy instances are much more likely to be targetted for attacks by malicious hackers than Reddit, because most instances are likely hosted on far less secure machines than Reddit servers.


    secure machines than Reddit servers

    Not that I don’t agree but there is a pretty big citation needed there.

    We don’t really know how secure Reddit Servers are and their attack surface is likely to be far larger.


    What account data are you referencing?


    I mostly mean username and password credentials, primarily the storage and handling of passwords. Most people don’t take cybersecurity seriously and use the same username and passwords for every site they log into. Someone steals your Lemmy data, and they can try it on every social media and gain access to everything. Now, I am not one of those people, and my Lemmy account credentials are unique to Lemmy only, but imagine if someone joined and used the same credentials they always do, including for their bank login. There is where the concern is.


    Passwords are hashed and salted.


    Good. If I downvote something its for a reason, and I don’t care who knows.


    In fact, I’m tempted to say I WANT people to know I’m not the one downvoting them when I disagree.

    May avatar

    SAME its happened on Reddit where I would have a back and forth w someone where we disagreed but it was respectful, and then in the middle of it I'd notice the other person's comments being -1 even new ones. Meaning someone who isnt in the convo would start downvoting the other person, and I'd be like 'what if they think I did it? What if that damages a mutual understanding they were close to reaching? What if that turns them off from considering a different point of view bc they assume I'm doing it and that I'm hostile?' Then sometimes I'd be like "sorry someone is downvoting you its not me"


    People might ask you to provide context for your down vote.

    Recently somebody got butthurt about being called out on it.

    I think the feature is nice because you can spot shill ops, as those accounts travel in packs.

    New articles for politicians are pretty obvious about it but so are generic karma farmers. Although I am not sure why farm karma on here.


    People might also ask you to provide further justification of your comment. In both cases you can either engage in a civil manner, tell them to eat a bag of dicks or just ingore.


    They can ask, and I can tell them to fuck right off. Simple.


    People can certainly ask about reasons for voting, but that doesn’t mean anyone has to provide the answer. Nobody is entitled to know a person’s reason for voting on posts except for that person themselves.


    I’ll just use my short username then


    How often are we going to see this postage? I think this is the third time I’ve seen it at least


    You’re following up to a post made almost 3 months ago so it’s not surprising you’ve seen similar since.


    what? oh wow, that is so weird. I’m sorry. I was browsing by Top 6 hour, guess there was a glitch.


    No worries. The sorting and filtering algorithms definitely need some love.


    Oh no, so my upvotes on c/spacedicks aren’t private?



    Just commenting so this stays one of the most commented posts. Feel free to keep scrolling


    huh. neat


    There is a fundamental misunderstanding here.

    Our data has never been ‘invisible’… We’ve just trusted that places like Reddit and their staff will do the right thing. That’s literally how it already works.

    If you sign up for Reddit, Reddit staff can see your posts and votes if they want to.

    If you sign up for a private forum the admin there can also see database contents.

    One way encryption is not possible without stopping functionality… If data about you was encrypted then posts you make couldn’t be displayed. If you include a means to decrypt then there was no point encrypting anyway.

    This is how it’s always been, and Lemmy doesn’t change this status quo much.

    A faceless corporation that has had access to your data is just replaced by a variety of admins distributed across instances.

    This isn’t a good or bad thing, the potential for abuse does exist, but when we have literally made agreements with places like Reddit that they can use and sell our data… then what difference does it make it an admin takes a peek?

    It wouldn’t be great… but nothing is perfect.

    It’s still worth working on however, to see if a better solution can be found, but at this time I’d say just be aware that it is possible that your data can be seen and understand the only safeguard against that if you need to communicate something private would be to use direct messaging with end to end encryption.


    The problem is that it’s actively worse than Reddit. While only Reddit employees can access your data and it’s being sold to the highest bidder, Lemmy sells your data for $0.00.

    Anyone can become an instance admin through their own instance, so your voting data is pretty much unprotected. That is the opposite of privacy. I get that it’s a consequence of the fediverse, but then it just may not be the solution to social media.


    Your choice of wording is driving me take you less seriously. You sound passionate though so I’ll explain.

    1. Actively worse? Your use of of the word active implies that something deliberately malicious is happening. It’s not the case, this issue is a side effect of how lemmy works. It is an issue, it is a concern and it does need addressing, but your hyperbole is unwarranted.
    2. Lemmy isn’t selling anything… it’s a piece of software. This is the most false and malicious claim you’ve made. If our data were to be used nefariously then it would be the actions of a rouge server admin.

    The definition of privacy is somewhat flexible. Nothing is private unless end to end encryption is employed. And nothing like lemmy can work with end to end encryption. So there is the dilemma. Yes it sucks… yes voting should be private. How about you propose a solution? Because at this point, outside of shutting everything down there is none.

    The technical fact is the software must be able to reference data in a database to then create this page you are viewing, this text you are reading and the votes you are seeing.

    Possible lemmy / server side solution…

    1. remove voting
    2. remove accounting of voting (this can’t really work as without connecting a vote to a user, any user can upvote or down vote something unlimited times.

    Possible user side solution… Don’t vote Simply not participating in voting means there is no voting data tied to you; and this is, believe it or not an actual valid solution if you are concerned.

    Ultimately for lemmy to work some tradeoffs are required. I do agree that where there is some gain to be made, someone will abuse the system, I’m not naive enough to say there is no problem here… there is. It’s just that yelling at the wall isn’t going to fix it. I’ve exhausted myself trying to think of a solution, and the only real and workable solution i can think of is as i said above, that voting be removed, or that you simply don’t participate in voting.

    So if you’re really concerned and want an immediate solution effective for you then don’t vote on anything ever. I’m not saying this to be a prick, but as a piece of legitimate advice. If no vote data exists for you then no one can harvest your voting preferences.


    I’ll contribute that my intent with this post is not evangelism. I like the voting system and would be disappointed to see it disappear.

    A vote in Reddit was, from a practical perspective, anonymous. While it was recorded in the database and admins had access to this information there were mitigations in place to deter abuse and the end result was that the person you up or down voted was not going to know that YOU, personally, downvoted them. It was also of limited value to external data sifters in creating social graphs.

    Since Lemmy votes are non-anonymously propagated across the Fediverse and, literally, anyone can be an admin there are people who may want to reconsider whether they upvote or downvote a particular post or comment. The actual reasons may vary; they don’t want to be outed as sympathetic to a political view or cause, they don’t want it used a social graph for targeted advertising or even spear-phishing. In many cases there will be people who don’t care at all.

    Just trying to contribute to transparency. Not everyone can read code, sift data or visualize how a social network would work behind the scenes. There’s plenty of opportunities for others to use our data, good and evil. I believe that efforts to bring to light non-obvious consequences of actions is good citizenship.


    I agree with everything you’re saying, but it’s frustrating that people are jumping to conclusions to think this is deliberate, nefarious etc…

    Lemmy, being a federated system has different practical realities to Reddit. You can’t have a federated system with multiple instances each with their own admins, and have it function without cutting off data flow. For voting to work in a federated system, vote data must flow, and people need to understand this.

    Reddit was **not **a federated system, so there was no need for vote data to flow, and people also need to appreciate this difference.

    The only solution is to remove voting. It’s as simple as that.

    Maybe long term a system could be devised.

    I’m not in denial, i do firmly believe that is is an issue, and that it WILL be abused by someone. But I’m also a realist, and the features we have can’t survive without voting data. People need to be aware of this, i think it’s fair that everyone knows the risks. At an individual level people can choose not to vote, and thus have no vote data associated with them, but i suspect there might be more than vote data, i don’t know for sure without looking at the code, but I suspect saved posts might be a privacy concern.

    Personal opinion, i think abuse will happen, but it will be limited, just a feel i have. I do however suspect this abuse will exponentially ramp up if lemmy gets big traction.

    @Sir_Kevin@lemmy.world avatar

    Back in my day everyone knew that once you put something on the internet it’s there forever to be seen by all. Has everyone already forgotten this? This is nothing new and in fact the way it’s always been! Now get off my lawn!


    The fact that it has always been like this doesn’t mean it should continue. It’s silly to have to explain this to a grown ass person.

    Not agreeing with “it’s always been like this” either.

    @Sir_Kevin@lemmy.world avatar

    Fair enough. What’s your solution?

    @ademir@lemmy.eco.br avatar

    Right? This kids are silly.

    @jerkface@lemmy.ca avatar

    Holy shit. HOLY SHIT.

    I just realized what this actually MEANS.

    It means that when you like or dislike something so much that you unvote and then vote a second time, people can tell. This will change karma forever.


    “I wish I could upvote this twice” is officially a reality. We should have moved here ages ago!

    @stevedidWHAT@lemmy.world avatar

    I’m gonna write a script that randomly injects upvotes and downvotes and then also posts responses after a random amount of time to prevent time correlations. People freak out most often when they don’t understand something, I continue to explore everyone to think things through logically and try not to assume new subjects are anything other than new and likely to cause some confusion/incorrect assumptions

    mrmanager, (edited )
    @mrmanager@lemmy.today avatar

    Well of course. The instance stores all data in a postgres database. How else will it be able to remember anything?

    Maybe this is not obvious to non-programmers but you never see everything in the user interface for any system. There are tons of records needed for the system to track everything that goes on.

    Since posts are federated, they will exist in the local db as well as on each instance.


    That’s why the topic is “You Should Know” rather than “I’ve Had A Revelation That No One Has Ever Considered”.


    And it doesn’t mean it’s nefarious. It just means… you should know.


    Ok… have to admit that I miss one thing from Reddit… I have no awards to give.

    @jerkface@lemmy.ca avatar

    It’s not that it stores data, it’s what data it stores. Your votes construct a very detailed profile that doesn’t mean anything to another human but an AI can read it like a very simple book. They don’t necessarily need to be so strongly associated with your account thanks to simple technology like hashing.

    @mrmanager@lemmy.today avatar

    Sure but what danger lies in that? Users are not using their real identities here so they are semi-anonymous.

    @cyberic@discuss.tchncs.de avatar

    But it’s the fact that it’s so easy to reverse engineer. You can take that data to build a large profile on each user in your instance (or possibly all instances)

    @mrmanager@lemmy.today avatar

    Sure, this can be abused. Build profiles on each user based on what they are talking about and what communities they subscribe to. Then start sending them direct Lemmy messages with ads or links to shitty or dangerous sites.

    The fact that anyone can start an instance and get all this info sent to them is a bit unsettling. But we will have to find a way to protect against it.


    That’s not always the case. My username has heritage dating back all the way through to Slashdot, Digg and through Reddit. While you may not know me that doesn’t mean I’m unknown or anonymous.

    On Reddit I could upvote or downvote as I pleased, without exposing my POV on controversial topics to the general populace. Only commenting would actually out me. That’s not the case with Lemmy and making people aware of that is a good thing, imo.


    If you’re a programmer, you’d know there are ways to authenticate a transaction without giving away giving aways, or storing, the person who initiated the transaction. It’s more difficult to do of course. So it’s often not done.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • youshouldknow@lemmy.world
  • DreamBathrooms
  • magazineikmin
  • thenastyranch
  • Youngstown
  • slotface
  • GTA5RPClips
  • InstantRegret
  • ngwrru68w68
  • rosin
  • kavyap
  • hgfsjryuu7
  • ethstaker
  • Durango
  • Backrooms
  • provamag3
  • osvaldo12
  • mdbf
  • cubers
  • everett
  • khanakhh
  • tacticalgear
  • normalnudes
  • modclub
  • cisconetworking
  • anitta
  • Leos
  • tester
  • JUstTest
  • All magazines