We had a really interesting discussion yesterday about voting on Lemmy/PieFed/Mbin and whether they should be private or not, whether they are already public and to what degree, if another way was possible. There was a widely held belief that votes should be private yet it was repeatedly pointed out that a quick visit to an Mbin instance was enough to see all the upvotes and that Lemmy admins already have a quick and easy UI for upvotes and downvotes (with predictable results ). Some thought that using ActivityPub automatically means any privacy is impossible (spoiler: it doesn’t).

As a response, I’m trying this out: PieFed accounts now have two profiles within them - one used for posting content and another (with no name, profile photo or bio, etc) for voting. PieFed federates content using the main profile most of the time but when sending votes to Mbin and Lemmy it uses the anonymous profile. The anonymous profile cannot be associated with its controlling account by anyone other than your PieFed instance admin(s). There is one and only one anonymous profile per account so it will still be possible to analyze voting patterns for abuse or manipulation.

ActivityPub geeks: the anonymous profile is a separate Actor with a different url. The Activity for the vote has its “actor” field set to the anonymous Actor url instead of the main Actor. PieFed provides all the usual url endpoints, WebFinger, etc for both actors but only provides user-provided PII for the main one.

That’s all it is. Pretty simple, really.

To enable the anonymous profile, go to https://piefed.social/user/settings and tick the ‘Vote privately’ checkbox. If you make a new account now it will have this ticked already.

This will be a bit controversial, for some. I’ll be listening to your feedback and here to answer any questions. Remember this is just an experiment which could be removed if it turns out to make things worse rather than better. I’ve done my best to think through the implications and side-effects but there could be things I missed. Let’s see how it goes.

  • MajorHavoc@programming.dev
    link
    fedilink
    English
    arrow-up
    15
    ·
    4 months ago

    If votes were anonymous here, I might “come out” as my professional self and share more from my resources that can be used to Identity who I am.

    I’m concerned that my voting pattern is probably already being collected to build a profile on MajorHavok, to decide whether MajorHavok should be favored or disfavored in anything owned by old Elon or Zuck or Bezos.

    Elon is a fuck up, but he still owns a lot of places that I might need to use for my work.

    So, for now, it’s pretty important to me that MajorHavok and John Jacob Jinglehimer Schmidt are kept as separate identities, so that John’s employability where Elon/Zuck/Bezos has influence will remain unaffected.

    • UndercoverUlrikHD@programming.dev
      link
      fedilink
      English
      arrow-up
      6
      ·
      4 months ago

      Hmm, I can understand how someone can be concerned about that, but personally I find it too theoretical and unlikely to matter.

      Any company wanting to harvest data from the fediverse would likely just create their own instance to easily copy the databases from every major instance, private voting wouldn’t help against that. I would also say that your comment would be a thousand times more damning than upvoting every comment/post critical of Musk.

      If you only lurk, you will stay anonymous as long as you use an anonymous username. If you comment, you are way more likely to “leak” your opinion through comments anyway.

      But those are just my thoughts, I might be way off base and lack the full range of perspectives.

      • MajorHavoc@programming.dev
        link
        fedilink
        English
        arrow-up
        6
        ·
        4 months ago

        I would also say that your comment would be a thousand times more damning than upvoting every comment/post critical of Musk.

        Yeah. If I were out as my real name, John Jacob Jinglehimer Schmidt, then I wouldn’t make these comments.

    • Socsa@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      3
      ·
      4 months ago

      In addition to that, I guarantee you that meta and the like are already running data mining instances on here. Being publicly tied to votes is just more telemetry for the machine. I don’t quite understand why people seem to think that is no big deal.