I have been working on Lemvotes, a tool to check who voted on a Lemmy post. In this blog post, I will describe how it works and the ethics of such a tool.
  • drspod@lemmy.ml
    1·
    5 months ago

    I will describe how it works and the ethics of such a tool.

    Where in this post do you describe the ethics of such a tool?

    non-technical users believe that their votes are private, which is far from the truth. This attitude could potentially lead to harassment of Lemmings (yes, that’s what we Lemmy users call ourselves) for upvoting a particular post. Lemvotes makes it clear that votes are not private, which could help bring a more accurate picture of the way votes work on Lemmy to its users.

    This is what needs discussion. It is this tool which will lead to harassment due to the way someone votes. And the threat or spectre of harassment will lead to the Chilling Effect, ie. self-censorship (of voting) to avoid harassment.

    The chilling effect this causes will make communities even more like echo-chambers, as dissent will be pre-emptively squashed.

    Without a tool like this existing, people have to go out of their way to find out this information (setting up their own instance, or finding someone who already does this surreptitiously). By making such a tool available to the lemmy community at large, you make it extremely easy for anyone to do this, and so the chance of harassment occurring is much higher.

    You might think you’re being clever, or on some kind of crusade to educate the uneducated. But actually your actions are making this (community-built) platform worse. Compare your actions to releasing a 0-day exploit for a security vulnerability instead of responsibly disclosing. It doesn’t help, it just causes chaos until the people who do the actual work can figure out a solution.

    Think about how your tool existing now changes the dynamic of Lemmy as a whole. Is it better, or worse? How would you actually solve this problem in Lemmy, instead of exploiting it?

  • Dessalines@lemmy.ml
    1·
    5 months ago

    I want to remind everyone that since users overwhelmingly don’t want their votes snooped on (for good reason), we will never add anything like this inside lemmy, lemmy-ui, or jerboa.

    While there’s nothing we can do to snoopers making tools like this, it requires a lemmy server admin login.

    If you know of servers which are giving admin access to this tool, let us know, so we can add it to our blocklist.

    • JRaccoon@discuss.tchncs.de
      0·
      5 months ago

      That’s reassuring to know. What I don’t understand is why you have the /api/v3/post/like/list route. You say you don’t want votes to be snooped on, but then you add an endpoint that makes it very easy for instance admins to do exactly that if they choose to? Also worth pointing out that the tool linked here wouldn’t work in its current form if this route didn’t exist.

      • Dessalines@lemmy.ml
        1·
        5 months ago

        Read the issue above for why. Vote manipulation is a real problem, but making all votes public is not the solution anyone wants. Limiting vote viewing to admins and mods is decided on as the best of both worlds.

        Also that tool can only be used by specifically malicious instances whose goal it is to snoop and expose all votes. Those instances can and should be blocked.