this post was submitted on 04 Jul 2023
724 points (99.2% liked)

You Should Know

33235 readers
87 users here now

YSK - for all the things that can make your life easier!

The rules for posting and commenting, besides the rules defined here for lemmy.world, are as follows:

Rules (interactive)


Rule 1- All posts must begin with YSK.

All posts must begin with YSK. If you're a Mastodon user, then include YSK after @youshouldknow. This is a community to share tips and tricks that will help you improve your life.



Rule 2- Your post body text must include the reason "Why" YSK:

**In your post's text body, you must include the reason "Why" YSK: It’s helpful for readability, and informs readers about the importance of the content. **



Rule 3- Do not seek mental, medical and professional help here.

Do not seek mental, medical and professional help here. Breaking this rule will not get you or your post removed, but it will put you at risk, and possibly in danger.



Rule 4- No self promotion or upvote-farming of any kind.

That's it.



Rule 5- No baiting or sealioning or promoting an agenda.

Posts and comments which, instead of being of an innocuous nature, are specifically intended (based on reports and in the opinion of our crack moderation team) to bait users into ideological wars on charged political topics will be removed and the authors warned - or banned - depending on severity.



Rule 6- Regarding non-YSK posts.

Provided it is about the community itself, you may post non-YSK posts using the [META] tag on your post title.



Rule 7- You can't harass or disturb other members.

If you harass or discriminate against any individual member, you will be removed.

If you are a member, sympathizer or a resemblant of a movement that is known to largely hate, mock, discriminate against, and/or want to take lives of a group of people and you were provably vocal about your hate, then you will be banned on sight.

For further explanation, clarification and feedback about this rule, you may follow this link.



Rule 8- All comments should try to stay relevant to their parent content.



Rule 9- Reposts from other platforms are not allowed.

Let everyone have their own content.



Rule 10- The majority of bots aren't allowed to participate here.

Unless included in our Whitelist for Bots, your bot will not be allowed to participate in this community. To have your bot whitelisted, please contact the moderators for a short review.



Partnered Communities:

You can view our partnered communities list by following this link. To partner with our community and be included, you are free to message the moderators or comment on a pinned post.

Community Moderation

For inquiry on becoming a moderator of this community, you may comment on the pinned post of the time, or simply shoot a message to the current moderators.

Credits

Our icon(masterpiece) was made by @clen15!

founded 1 year ago
MODERATORS
 

Edit: obligatory explanation (thanks mods for squaring me away)...

What you see via the UI isn't "all that exists". Unlike Reddit, where everything is a black box, there are a lot more eyeballs who can see "under the hood". Any instance admin, proper or rogue, gets a ton of information that users won't normally see. The attached example demonstrates that while users will only see upvote/downvote tallies, admins can see who actually performed those actions.

Edit: To clarify, not just YOUR instance admin gets this info. This is ANY instance admin across the Fediverse.

top 50 comments
sorted by: hot top controversial new old
[–] Wander@yiffit.net 237 points 1 year ago* (last edited 1 year ago) (11 children)

To anyone surprised at this: welcome to the fediverse, please treat everyhing you do or say as public.

The way to achieve privacy around here is by following the long forgotten arts of the old internet before Facebook was a thing: use a Nick name and don't tell strangers on the internet your real identity.

Your home instance will act as a proxy and only they have access to your email and IP address. That does stay private.

So, as long as you trust your home instance to not leak or disclose your connection or sign up data (which would be illegal in EU countries), just sign up with an alias.

A very positive aspects of this is that it should allow us to detect voting manipulation by correlating the activity of certain potentially malicious actors. If Lemmy instances take vote manipulation seriously and do their best to block bots this has the chance to make Lemmy / Kbin much more transparent and credible than Reddit ever was.

[–] abbadon420@lemm.ee 67 points 1 year ago* (last edited 1 year ago) (4 children)

Lol. kids these days would post their bank info online if the banks didn't prevent them from doing so.

[–] T156@lemmy.world 35 points 1 year ago (8 children)

You say that like A/S/L wasn't a thing back in the day.

[–] GBU_28@lemm.ee 30 points 1 year ago (3 children)

19/f/Cali was the only acceptable response

[–] Ringmasterincestuous@aussie.zone 18 points 1 year ago (2 children)
[–] assembly@lemmy.world 10 points 1 year ago

As I put on my robe and wizard hat…

load more comments (1 replies)
load more comments (2 replies)
load more comments (7 replies)
[–] Wander@yiffit.net 12 points 1 year ago (1 children)

I don't want to shame anyone, but I've had people sign up give me their full DoB and offering to show me their ID. I know of people who disclose their id to get access to nsfw discord communities.

load more comments (1 replies)
load more comments (2 replies)
[–] DogMuffins@discuss.tchncs.de 10 points 1 year ago (1 children)

I whole heartedly agree with this perspective.

Additionally, and this is an unpopular opinion, but trying to maintain a Nick or online identity over many years is folly. You end up with a huge repository of personal information, increasing the risk that it can be connected to you personally.

load more comments (1 replies)
[–] BitOneZero@lemmy.world 8 points 1 year ago (4 children)

Your home instance will act as a proxy and only they have access to your email and IP address.

Your home image typically doesn't proxy image loading, those are hotlinked to the Lemmy server that the image was uploaded to. So your IP address and browser string are going to other Lemmy servers.

load more comments (4 replies)
load more comments (8 replies)
[–] booty_flexx@lemmy.world 135 points 1 year ago* (last edited 1 year ago) (18 children)

To illustrate op's point I'm going to spin up an instance, federate with everyone, and not tell anyone what that instance is.

Then I'm going to feed all that data into my new website, called Open Lemmy Stats, where anyone can query the user data ive accumulated. The homepage will be ripe with insights, leaderboards and all kinds of data on prolific users.

Additionally, I'll display a snapshot/profile of a random user by feeding that users data to GPT4 to make inferences about the user's political affiliations and display the results.

Worst of all, I'm not going to out my instance for everyone to know it as the one to defederate. In fact I'm spinning up a few instances that will host innocuous communities that I plan to mod and support to give my instances cover for their true purpose: redundant fediverse datastreams for my site, Open Lemmy Stats.

I'll also have a store where anyone can buy my collected fediverse data for a handsome sum.

Just kidding I'm not doing any of this. But someone absolutely will or already is.

[–] agoramachina@lemmy.world 36 points 1 year ago* (last edited 1 year ago) (1 children)

You know, I came in here with the mindset that the topic of discussion here isn't a bad thing; I'm largely pro information-should-be-open-and-available. But you've argued a very solid point, and I've changed my mind on the issue. I appreciate you sharing this perspective!

load more comments (1 replies)
[–] stevedidWHAT@lemmy.world 15 points 1 year ago

Lmao the internet finally realizing what companies and the govt have been doing for decades on the internet

[–] Reliant1087@lemmy.world 13 points 1 year ago

I think your comment clearly illustrates what might go wrong with it. If they need this data for sorting or something else absolutely, then I would be happy if they just hashed the usernames/instances or used some other form of UID.

load more comments (15 replies)
[–] TimewornTraveler@lemm.ee 85 points 1 year ago* (last edited 1 year ago) (5 children)

Edit: Obligatory RIP my inbox.

Can we leave this kinda stuff behind? It is NOT obligatory.

[–] NotMatt@lemm.ee 38 points 1 year ago (6 children)

I’m going to start throwing “edit: thanks for the gold kind stranger!” on the end of my comments just to induce some nostalgic cringe.

[–] teruma@lemmy.world 14 points 1 year ago (2 children)

You are a gentleman and a scholar. /s

load more comments (2 replies)
load more comments (5 replies)
[–] gsa32@lemmy.world 13 points 1 year ago (13 children)

Redditisms are cringe and always have been. Yes I agree we should leave them behind.

load more comments (13 replies)
[–] Cheems@lemmy.world 11 points 1 year ago

This.

EDIT: Thanks for the awards kind stranger!

EDIT 2: Rip my inbox

This is all examples of reddit shit that is really dumb. We don't need to bring it over here

load more comments (2 replies)
[–] ScaNtuRd@lemmy.world 85 points 1 year ago* (last edited 1 year ago) (26 children)

Not to sound harsh or anything, but those of you saying that it's okay that all this data is public are insane. This completely goes against the entire philosophy of the Fediverse and FOSS in general. The reason we all are fleeing from Big Tech is because they collect so much data on us. At least, they keep it hidden from public view. This is a major issue in my opinion, and needs to be addressed ASAP before we can claim to have superior platforms on the Fediverse. Why can't this data at least be encrypted?

[–] OmniGlitcher@lemmy.world 17 points 1 year ago* (last edited 1 year ago) (10 children)

Agreed, I am incredibly confused by what seems to be the majority reaction to this.

I've never been particularly involved with the FOSS community, though I do use a few FOSS apps and generally appreciate their view on what FOSS means. I also strongly appreciate data privacy, and it was my observation that the FOSS community was (generally) relatively the same way. So to see this reaction is very surprising. It's quite literally the same terrible argument of "Why fear it if you have nothing to hide" used against multiple data privacy concerns throughout the years.

I think the worst are the bad faith "But Reddit...!" arguments. For one, we're not on Reddit anymore, this is about Lemmy's issues that can be corrected. And for two, whilst Reddit potentially outsourcing that data to the highest bidder is far from ideal, at the very least the data wasn't outright PUBLIC to anyone who wishes to set up a simple server.

[–] chris@l.roofo.cc 10 points 1 year ago (16 children)

You say these issues can be corrected but I am not sure they can. ActivityPub is a protocol managed by the W3C. So to have different behavior You'd have to change the specification there. That is possible but it will take some time. Still you'd need a way to make votes not bound to a user and still hard to spoof. That sounds hard. Apart from that upvotes and downvotes are not really the most interesting datapoints you can gather. You can still collect posts. These can't be obfuscated. There is simply no way to have an open network where you can share data between servers where you can make sure that no one harvests the data. It is simply not possible. As soon as it is public it is public. This has nothing to do with FOSS. If you have a solution you can implement it. That is what it means. If you have one then go ahead.

load more comments (16 replies)
load more comments (9 replies)
[–] lippiece@lemmy.sdfeu.org 10 points 1 year ago

I think you make a valid point about Lemmy, but "hidden from public"? Big tech literally sells your data for profit.

[–] Fangslash@lemmy.world 8 points 1 year ago

I don’t think you’re been harsh lol, the right to secrete ballot is literally in the universal declaration of human rights.

Open ballot is a well known method for intimidating and blackmailing participants, it’s absolutely crazy that Fedivese operates this way. But even worse, seeing so many people here supports it.

load more comments (23 replies)
[–] deweydecibel@lemmy.world 67 points 1 year ago* (last edited 1 year ago) (11 children)

Reading these comments, seeing so many excuses, sarcastic responses, and handwaving, makes me realize a great deal of users really need to develop some imagination.

This is not about privacy. It's about data that can easily be used for targeting and profiling users, and how that creates countless avenues for targeted harassment and wide scale retaliation. It's about all of the innumerable ways public vote information can and will be abused to manipulate scoring across the site with targeted/automated shadow banning and shared blocklists. Raise your hand if you trust every single admin to never abuse such a tool to curate the outward appearance of an instance to fit a narrative.

For a different example: I could say something about how great Nazis are right now, and have a bot programmed to read every single person that downvoted me, add those names to a shared blocklist, and viola, I've made myself and all my alts invisible to the people that would challenge me on a massive scale.

I promise you this is going to be a big issue as tools for this site get more sophisticated over time.

load more comments (11 replies)
[–] dukk@programming.dev 46 points 1 year ago (12 children)

Couldn’t we just use a hash for the usernames instead?

Nothing too over the top, but just a simple hash and match that instead?

Also, there’s way too much trust in instances. Like, one person could easily make a post on lemmy.world, go on their personal instance, and just give themselves, say, 2000 upvotes.

Instances should have their own settings on what instances are allowed to keep a local copy. (Default behavior should be to get the post itself from the instance “hosting” it).

[–] chris@l.roofo.cc 15 points 1 year ago (3 children)

If that is a solution you'd need to change the ActivityPub specification. You are more than welcome to submit your idea.

Also, there’s way too much trust in instances. Like, one person could easily make a post on lemmy.world, go on their personal instance, and just give themselves, say, 2000 upvotes.

I'd first have to create 2000 users, then I'd have to send 2000 upvotes. And then I'd get blocked by all instances.

Instances should have their own settings on what instances are allowed to keep a local copy.

This is also not compatible with the ActivityPub spec but even if it were you'd win nothing because as soon as you fetch the post it is still on the server.

load more comments (3 replies)
load more comments (11 replies)
[–] RyanHx@vlemmy.net 43 points 1 year ago (15 children)

People raise a good point that in countries where political dissent can actually be dangerous, this would very much dissuade people from voting on things they believe in, or even coming anywhere near Lemmy period.

A better approach I think would be to have the user's host instance save their votes (the database obviously needs to remember what you voted on), but when federating those votes with other instances just hand over a cumulative total, e.g., "here on vlemmy.net we have +18 votes for this comment", which the other instances can then add. There's no need to send user information with that data.

[–] deweydecibel@lemmy.world 13 points 1 year ago

The problem that Reddit realized early on is that user voting is the engine behind the content aggregation. That aggregation is one of the main selling points of Reddit. The more users vote on what they see, the more information Reddit has for how to aggregate that content. That's what keeps the front page fresh, that's what keeps content moving up and down on the site. In a very real sense, the voting is the heart pumping blood through the site.

So it behooves the site to not give any reason for users not to vote how they feel. Keeping votes private was part of that. It is one of the most basic tenets of democracy: the only way to give people the freedom to vote honestly and frequently is to give them the privacy to do it.

The potential for retaliation against users, in any number of conceivable ways, far outweighs any benefits that come from making votes public.

The voting information also makes it insanely easy to automate mass blocking of any opinion under the sun. Nobody in this thread seems to grasp all the things you can do with that data to manipulate user interactions on this site. If you think troll armies are bad, wait till those troll armies have a shared automated block list of every single person that has ever downvoted them.

load more comments (14 replies)
[–] v81@lemmy.world 42 points 1 year ago (3 children)

There is a fundamental misunderstanding here.

Our data has never been 'invisible'... We've just trusted that places like Reddit and their staff will do the right thing. That's literally how it already works.

If you sign up for Reddit, Reddit staff can see your posts and votes if they want to.

If you sign up for a private forum the admin there can also see database contents.

One way encryption is not possible without stopping functionality... If data about you was encrypted then posts you make couldn't be displayed. If you include a means to decrypt then there was no point encrypting anyway.

This is how it's always been, and Lemmy doesn't change this status quo much.

A faceless corporation that has had access to your data is just replaced by a variety of admins distributed across instances.

This isn't a good or bad thing, the potential for abuse does exist, but when we have literally made agreements with places like Reddit that they can use and sell our data... then what difference does it make it an admin takes a peek?

It wouldn't be great... but nothing is perfect.

It's still worth working on however, to see if a better solution can be found, but at this time I'd say just be aware that it is possible that your data can be seen and understand the only safeguard against that if you need to communicate something private would be to use direct messaging with end to end encryption.

[–] muddybulldog@mylemmy.win 9 points 1 year ago (1 children)

I'll contribute that my intent with this post is not evangelism. I like the voting system and would be disappointed to see it disappear.

A vote in Reddit was, from a practical perspective, anonymous. While it was recorded in the database and admins had access to this information there were mitigations in place to deter abuse and the end result was that the person you up or down voted was not going to know that YOU, personally, downvoted them. It was also of limited value to external data sifters in creating social graphs.

Since Lemmy votes are non-anonymously propagated across the Fediverse and, literally, anyone can be an admin there are people who may want to reconsider whether they upvote or downvote a particular post or comment. The actual reasons may vary; they don't want to be outed as sympathetic to a political view or cause, they don't want it used a social graph for targeted advertising or even spear-phishing. In many cases there will be people who don't care at all.

Just trying to contribute to transparency. Not everyone can read code, sift data or visualize how a social network would work behind the scenes. There's plenty of opportunities for others to use our data, good and evil. I believe that efforts to bring to light non-obvious consequences of actions is good citizenship.

load more comments (1 replies)
load more comments (2 replies)
[–] jerkface@lemmy.ca 27 points 1 year ago (3 children)

Holy shit. HOLY SHIT.

I just realized what this actually MEANS.

It means that when you like or dislike something so much that you unvote and then vote a second time, people can tell. This will change karma forever.

load more comments (3 replies)
[–] Sir_Kevin@lemmy.world 22 points 1 year ago (3 children)

Back in my day everyone knew that once you put something on the internet it's there forever to be seen by all. Has everyone already forgotten this? This is nothing new and in fact the way it's always been! Now get off my lawn!

load more comments (3 replies)
[–] Send_me_nude_girls@feddit.de 22 points 1 year ago* (last edited 1 year ago) (13 children)

I'm already questioning the whole system behind it, not just votes.

Say you have critical information that you want to delete but other instances can just ignore this deletion request, than I could technically write a plugin that uses an extra instance, to always display all deleted comments to me, despite me being a regular user.

For other sites you'd need a crawler, catching this information and all this in a rapid fashion to be usable, with a lot of programming extra work.

At this point we can as well remove the option to delete or edit a comment as everyone can host their own, which wouldn't be possible with proprietary tools.

If someone can simply see votes the same way, we can as well add a mouse hover function that will display the username of whoever upvoted.

[–] chris@l.roofo.cc 22 points 1 year ago (3 children)

Displaying the internal information publicly is indeed the more honest approach. Still, people need to understand that Social Media is Public Media. Deleting and editing depends on the goodwill of the receiver. Just imagine you were sending an email when you send something here. It is about the same level of control. It is not like you had much more control on Facebook or Reddit.

load more comments (3 replies)
[–] yooman@lemmy.one 12 points 1 year ago* (last edited 1 year ago) (1 children)

While I agree with others that it is perfectly fine for everything to be irrevocable like email is (there's no real way the system could work otherwise), I do think the Lemmy web UI and popular Lemmy native clients could do a better job making sure users are aware of that. Maybe when writing a comment there could be a little info bar that says "Content posted to Lemmy cannot be permanently deleted. (Learn more)". And then when you click Delete on something, it could have a similar explanation, adding something like "Deleting this comment will remove it from the feed/thread, but it can still be retrieved from the federated database by any instance administrator. (Learn more)"

I think it is still useful to have a Delete function, or maybe rename it to "Remove" or something, because maybe you realize what you wrote isn't contributing to the discussion or for some other reason isn't useful for most people to have in their feed. There's a difference between deleting data and removing content from the canonical "discussion", and just because we can't have the former doesn't mean there's no value in the latter. Also, the delete function does have meaningful effects like making it impossible for people to reply to the deleted comment, which can still help with harassment. 99.9% of users will never see that comment again.

load more comments (1 replies)
load more comments (11 replies)
[–] gravitas_deficiency@sh.itjust.works 21 points 1 year ago (9 children)

Woah woah woah. Hold the phone. You’re telling me that things that I post… on the internet… are… PUBLIC???

load more comments (9 replies)
[–] czech@no.faux.moe 19 points 1 year ago (6 children)

Activities are public and easily viewable on kbin. It's been interesting. Seems mostly positive other than people harassing those who down-vote them demanding explanations.

[–] muddybulldog@mylemmy.win 13 points 1 year ago (10 children)

Knowing they're visible on kbin made me realize that most Lemmy users probably weren't aware, as it's non-obvious.

[–] theinspectorst@kbin.social 9 points 1 year ago (2 children)

Yeah, I had a good natured discussion with a Lemmy user on feddit.uk the other day where they were still inexplicably downvoting my responses each time, despite us both being polite and constructive.

It made me realise that a) they use the downvote button quite differently to how I use it and b) they probably didn't know that I, as a kbinaut, could literally see they were the one downvoting.

load more comments (2 replies)
load more comments (9 replies)
load more comments (5 replies)
[–] CoolSouthpaw@lemmy.world 14 points 1 year ago

Oh no, so my upvotes on c/spacedicks aren't private?

/s

[–] kennydidwhat@lemmy.world 14 points 1 year ago (13 children)

There's something amusing about people feeling violated by their activity being made public, but not necessarily by corporations hoarding and capitalizing on that activity & data. I mean, one of them is out in the open. The other is pure abuse.

[–] DoctorTYVM@lemmy.world 13 points 1 year ago (1 children)
load more comments (1 replies)
load more comments (12 replies)
[–] mrmanager 13 points 1 year ago* (last edited 1 year ago) (10 children)

Well of course. The instance stores all data in a postgres database. How else will it be able to remember anything?

Maybe this is not obvious to non-programmers but you never see everything in the user interface for any system. There are tons of records needed for the system to track everything that goes on.

Since posts are federated, they will exist in the local db as well as on each instance.

load more comments (10 replies)
[–] MiddleWeigh@lemmy.world 13 points 1 year ago

Shortly after joining I realized I was being a bit too honest on here lol. Can't help it. Haven't been on SM in a few days, in hiding from people, now back to my ditch to die. Love you!

[–] sebi@lemmy.world 11 points 1 year ago* (last edited 1 year ago) (15 children)

So any instance admin can analyze all users upvotes/downvotes and possibly derive political standpoints, likes/dislikes, opinions and location data from it

load more comments (15 replies)
[–] Zoldyck@lemmy.world 8 points 1 year ago (7 children)

It shouldn't be like that. I hope it gets changed.

load more comments (7 replies)
load more comments
view more: next ›