- cross-posted to:
- [email protected]
- cross-posted to:
- [email protected]
Edit: obligatory explanation (thanks mods for squaring me away)…
What you see via the UI isn’t “all that exists”. Unlike Reddit, where everything is a black box, there are a lot more eyeballs who can see “under the hood”. Any instance admin, proper or rogue, gets a ton of information that users won’t normally see. The attached example demonstrates that while users will only see upvote/downvote tallies, admins can see who actually performed those actions.
Edit: To clarify, not just YOUR instance admin gets this info. This is ANY instance admin across the Fediverse.
It’s not that it stores data, it’s what data it stores. Your votes construct a very detailed profile that doesn’t mean anything to another human but an AI can read it like a very simple book. They don’t necessarily need to be so strongly associated with your account thanks to simple technology like hashing.
This is terrible news. I’ve just upvoted you, and an AI will finally know much I destest AI.
Sure but what danger lies in that? Users are not using their real identities here so they are semi-anonymous.
That’s not always the case. My username has heritage dating back all the way through to Slashdot, Digg and through Reddit. While you may not know me that doesn’t mean I’m unknown or anonymous.
On Reddit I could upvote or downvote as I pleased, without exposing my POV on controversial topics to the general populace. Only commenting would actually out me. That’s not the case with Lemmy and making people aware of that is a good thing, imo.
But it’s the fact that it’s so easy to reverse engineer. You can take that data to build a large profile on each user in your instance (or possibly all instances)
Sure, this can be abused. Build profiles on each user based on what they are talking about and what communities they subscribe to. Then start sending them direct Lemmy messages with ads or links to shitty or dangerous sites.
The fact that anyone can start an instance and get all this info sent to them is a bit unsettling. But we will have to find a way to protect against it.
If you’re a programmer, you’d know there are ways to authenticate a transaction without giving away giving aways, or storing, the person who initiated the transaction. It’s more difficult to do of course. So it’s often not done.