We had a really interesting discussion yesterday about voting on Lemmy/PieFed/Mbin and whether they should be private or not, whether they are already public and to what degree, if another way was possible. There was a widely held belief that votes should be private yet it was repeatedly pointed out that a quick visit to an Mbin instance was enough to see all the upvotes and that Lemmy admins already have a quick and easy UI for upvotes and downvotes (with predictable results ). Some thought that using ActivityPub automatically means any privacy is impossible (spoiler: it doesn’t).

As a response, I’m trying this out: PieFed accounts now have two profiles within them - one used for posting content and another (with no name, profile photo or bio, etc) for voting. PieFed federates content using the main profile most of the time but when sending votes to Mbin and Lemmy it uses the anonymous profile. The anonymous profile cannot be associated with its controlling account by anyone other than your PieFed instance admin(s). There is one and only one anonymous profile per account so it will still be possible to analyze voting patterns for abuse or manipulation.

ActivityPub geeks: the anonymous profile is a separate Actor with a different url. The Activity for the vote has its “actor” field set to the anonymous Actor url instead of the main Actor. PieFed provides all the usual url endpoints, WebFinger, etc for both actors but only provides user-provided PII for the main one.

That’s all it is. Pretty simple, really.

To enable the anonymous profile, go to https://piefed.social/user/settings and tick the ‘Vote privately’ checkbox. If you make a new account now it will have this ticked already.

This will be a bit controversial, for some. I’ll be listening to your feedback and here to answer any questions. Remember this is just an experiment which could be removed if it turns out to make things worse rather than better. I’ve done my best to think through the implications and side-effects but there could be things I missed. Let’s see how it goes.

  • ProdigalFrog@slrpnk.net
    link
    fedilink
    English
    arrow-up
    5
    arrow-down
    1
    ·
    edit-2
    4 months ago

    Regarding the voting account having no name, does that mean it will be a random string of letters and numbers? I get that it will still be possible to discover vote manipulation or mass downvoting with that, but I suspect it would be more difficult to detect initially or without some deeper analysis, since it’s harder to recognize or remember a random string compared to a human made username.

    • chiisana@lemmy.chiisana.net
      link
      fedilink
      English
      arrow-up
      9
      arrow-down
      2
      ·
      4 months ago

      I’ve seen posts being downvoted by user@instancea, user@instanceb, username@instancec etc. this will make tracking that kind of abuse much more difficult.

      • TwiddleTwaddle@lemmy.blahaj.zone
        link
        fedilink
        English
        arrow-up
        4
        ·
        4 months ago

        From reading about PieFed’s moderation tools linked elsewhere in this thread, seems like the solution to that is already built in more explicitly for them.

        • chiisana@lemmy.chiisana.net
          link
          fedilink
          English
          arrow-up
          1
          ·
          edit-2
          4 months ago

          Can you elaborate further? If the intention is to obscure the information by federating anonymous information outwards, then no third party instance owners can observe the true usernames for vote manipulation from the same user across instances. If more instances deploy this kind of poisonous behaviour across the fediverse, then it becomes untenable for instance owners and community moderator to protect themselves, which in turn hurts the fediverse as a whole.

          Edit: if you mean the vote percentage thing, that’s utterly useless. Vote amplification works both ways, a bot user doesn’t have to vote just down or just up. So knowing the percentage of the anonymous user’s previous behavior doesn’t support identifying vote manipulation. An alleged abuser can easily create thousands of account and sample random % of account to mass drive sentiment without having them all appear with similar percentages.

      • ProdigalFrog@slrpnk.net
        link
        fedilink
        English
        arrow-up
        6
        ·
        4 months ago

        Ah, that’s unfortunate. As an alternative, I have seen some online games name their bots with a random name generator that’s designed to sound somewhat real, like AnnoyingPidgen or WrecklessRaptor. If the voting account naming system was more like that, it would be easier to notice voting patterns/manipulation while still being anonymous.

    • Amju Wolf@pawb.social
      link
      fedilink
      English
      arrow-up
      1
      ·
      4 months ago

      Mass vote manipulation should still be easy to spot. It’ll only be hard to check whether the account voting is a real person.