Skip Navigation
You Should Know @lemmy.world Muddybulldog @mylemmy.win

YSK: Your Lemmy activities (e.g. downvotes) are far from private

Edit: obligatory explanation (thanks mods for squaring me away)...

What you see via the UI isn't "all that exists". Unlike Reddit, where everything is a black box, there are a lot more eyeballs who can see "under the hood". Any instance admin, proper or rogue, gets a ton of information that users won't normally see. The attached example demonstrates that while users will only see upvote/downvote tallies, admins can see who actually performed those actions.

Edit: To clarify, not just YOUR instance admin gets this info. This is ANY instance admin across the Fediverse.

1.2K

You're viewing a single thread.

1.2K comments

  • For transparency, this is what a Like payload looks like. The first part is just context for the activitiypub protocol and is pretty much the same for each message. The second part contains the actual data of the message, and the most personal detail in it is the url of your own profile, and the url of the post/comment you like:

    {
	"@context": ["https://www.w3.org/ns/activitystreams", "https://w3id.org/security/v1",
	{
		"lemmy": "https://join-lemmy.org/ns#",
		"litepub": "http://litepub.social/ns#",
		"pt": "https://joinpeertube.org/ns#",
		"sc": "http://schema.org/",
		"ChatMessage": "litepub:ChatMessage",
		"commentsEnabled": "pt:commentsEnabled",
		"sensitive": "as:sensitive",
		"matrixUserId": "lemmy:matrixUserId",
		"postingRestrictedToMods": "lemmy:postingRestrictedToMods",
		"removeData": "lemmy:removeData",
		"stickied": "lemmy:stickied",
		"moderators":
		{
			"@type": "@id",
			"@id": "lemmy:moderators"
		},
		"expires": "as:endTime",
		"distinguished": "lemmy:distinguished",
		"language": "sc:inLanguage",
		"identifier": "sc:identifier"
	}],
	"actor": "--URL OF THE USER PROFILE--",
	"object": "--URL OF THE POST OR COMMENT--",
	"type": "Like",
	"id": "-- URL TO THE INSTANCE THAT PASSED THE MESSAGE--",
	"audience": "-- URL TO THE COMMUNITY THE POST IS PART OF--"
}

    • Good stuff. That’s my entire motivator, transparency. KBin makes it obvious that up/down isn’t anonymous, Lemmy doesn’t. Much like Reddit, Lemmy also doesn’t delete posts, they just get tagged as deleted and not shown via the interface.

      When literally anybody in the world can be an admin with no vetting process and no “internal controls” that you would expect from a commercial platform, having a clear view of how things work is critical so that people can make informed decisions on how (or even if) they use the platform.

You've viewed 1193 comments.