Amju Wolf @ amju_wolf @pawb.social

Posts

2

Comments

366

Joined

2 yr. ago

When you comment you make a conscious decision to put your opinion out there and sign it with your "name" (or alternatively you switch to a "burner" account and do it pseudonymously).

But when you vote for stuff it's often without much thinking, and it's private on pretty much every other platform. Where it isn't it's usually blatantly obvious that that is the case.

What difference does it make that votes can be viewed, other than for transparency during discussion?

There are many reasons that have been stated time and time again; one is simply that people may wish to stay anonymous when supporting certain opinions.

To me it feels like comments are what you can actually stand behind publicly, while votes also show what you think privately. And not everyone is willing to stand behind all of their opinions publicly, often for fear of backlash or harassment.

That's never going to happen, and the reasons are twofold:

Brands want to push their own style on people, to make themselves recognizable, and to push their ideas about UX to their users (because they obviously know better than the OS/DE/compositor/whatever people).

It's easier and cheaper to build a web app, because there are so many web developers. It also usually allows you to give an "app" to people who want that, while giving a (perhaps somewhat limited) browser version to everyone else, reaching the maximum amount of users while maintaining only a single codebase and keeping everything more or less cohesive and looking the same.

AGPL, to prevent streaming (while not sharing the code).

This doesn’t solve it. I can still just make multiple accounts and vote multiple times.

I mean yeah, but you could already do that now. The point is to not make it worse, and to not allow malicious instances to vote as if they were other people.

I guess that's true. Then you could just ask the instance admins to check their users' voting patterns / deanonymize them / whatever, and if they don't comply defederate them.

introduces no new spam/brigade vulns which don’t already exist from a rogue instance

It does though. Now a rogue instance would have to have "believable" profiles for the accounts that vote, because an instance of just "lurkers" who seem to suspiciously vote is a pretty big signal of vote manipulation. If you only see a random identifier (or not even that, just a tally of votes) it'd be impossible to tell if it's truly the instance's users just passionate about something or actual vote manipulation.

In other words it would at least make the problem way worse.

Sometimes you might want to show support for something but do so privately, without others knowing it's you in particular supporting that.

Votes could be publicly federated but tied to some uuid instead of the username. That way you still have the same anti spam ability (can see that a user upvoted these things from this instance at this time) but can’t tie it directly to comments or actual user accounts without some extra osint.

The issue with that is with malicious instances that could engage with vote manipulation by just generating new IDs and voting for whatever they want. If you can't look back at the profile and determine whether it's a real, non-spam account, it's a pretty big issue unfortunately.

You also have an issue where someone could potentially vote with "your" ID without any way to detect that it's not actually "you" who sent the vote.

Comparing to democracy doesn’t make sense, as democracy has mechanisms to ensure 1 person = 1 vote. The internet has no such mechanism. If we did, I’d be all for private voting.

I know, it's an issue, but there are certainly ways to solve it, like having the vote identity split between multiple servers that can still confirm with each other that the vote is valid, but neither would reveal the actual identity to make it traceable back.

Sounds like those people doing the ostracizing should get moderated if they can’t handle being downvoted.

That's unfortunately not how it often works. Small, ostracized and vulnerable groups often get taken advantage of. As an example, imagine I want to make a good faight argument around, say, a political topic like Russia. Or a sensitive topic like paedophilia. Or about abortion or trans rights in a religious subreddit. Chances are I'd get downvoted to oblivion, even if the consensus (at least originally on Reddit) was that downvotes should not be used to simply disagree with someone. But at least I "opt into" that, by putting myself out there, knowing that the comment will be attached to my name.

But that's not really the standard with votes, and them being public has a chilling effect, makes it easy to harass people just for (dis)agreeing with something, etc. We should find a way to make votes more private, not less.

Besides, if a dickhead wants to see the votes today, they can find them - votes are public, Lemmy just doesn’t display them in the UI.

Yes, the votes are already kinda public, but there's still at least some barrier to it, and most people either don't know or care enough.

That sounds very illegal, yeah. You can't advertise a price and then charge something different. It doesn't matter that the person didn't notice it. At that point you might not have price tags at all (which is also illegal, just FYI).

It leads to an even bigger echo chamber, people with unpopular opinions will get ostracized not just for their comments, but even for their voting. There's a reason why any real democracy has secret votes.

That's only true in theory, and if you are actually capable of doing that.

The reality is that most software was already barely working when it was written, it's poorly documented and if you try to work on it without any help you might as well write it on your own from scratch.

You will also encounter incompatibilities, missing dependencies, etc.

Don't get me wrong, I love FOSS, I know all the advantages and it's definitely better than the alternative. But it's also not a silver bullet. Though this case is pretty cut and dry.

...as opposed to open source software, which will be maintained and updated forever, and there will always be people to work on it for free. /s

For all the hate PHP gets (or used to get) it's ecosystem is amazing. And so is the language and standard library itself for the most part. It still inherits some of the original issues, but a lot of work has been done to minimize them.

It's funny because despite all the fearmongering about Microsoft's Github acquisition it feels like it only improved since then, while Gitlab has done a shitton of questionable and shitty decisions, a ton of critical security issues and in general feels like (at best) they don't know what they are doing.

The only thing Gitlab has going for itself is that it's self-hostable, but they still retain a large amount of control.

Yeah, just like headphone jacks. Oh wait...

It's not just that they demand more, they demand more/faster growth all the time. It doesn't matter that the economy has slowed down to borderline recession, it doesn't matter that they pretty much captured all the market they can, they still need to make more and more money every quarter otherwise they're considered a failure even if they are one of the biggest companies in the world.

Yes, that's one option. Then you only have to distribute the certificates and keys.

Or you allow remote access to that DNS server (Bind has a secure protocol for this), do the challenge requests and cert generation on some other machine. Depends on what is more convenient for you (the latter is better if you have lots of machines/certs).

Worst case if someone compromises that DNS server they can only generate certificates but not change your actual valuable records because these are not delegated there.

Life isn't a zero sum game where you have to optimize material wealth. Some people do things for others just because they like doing it, because they have the means to do so, or because they simply want to help others.

Sure, there are costs involved, but that's true for literally everything if you account for opportunity cost. The vast majority of people choose to waste time completely unproductively, with no objective benefits to their lives (often with objective disadvantages), so is it hard to imagine that some people aren't like that and instead choose to help/provide for others whole perhaps having some other non-material benefits like learning something or just becoming liked within a community?

What you can (and absolutely should) do is DNS delegation. On your main domain you delegate the _acme-challenge. subdomains with NS records to your DNS server that will do cert generation (and cert generation only). You probably want to run Bind there (since it has decent and fast remote access for changing records and other existing solutions). You can still split it with separate keys into different zones (I would suggest one key per certificate, and splitting certificates by where/how they will be used).

You don't even need to allow remote access beyond the DNS responses if you don't want to, and that server doesn't have anything to do with anything else in your infrastructure.