• 0 Posts
  • 21 Comments
Joined 1 year ago
cake
Cake day: June 20th, 2023

help-circle






  • I will not ask my fellow lemmy community members to blindly trust me on this.

    I also will not expose my sources.

    I thought it would take a long time for me to be sure enough to make this post. But I’m making it less than three weeks after joining lemmy.

    If you want, you can take a wait and see approach.

    I never wanted to admin an instance, I don’t think I have time for it, but I have enough to convince me that I should.

    I don’t expect blind trust from you guys, because youve proven to be intelligent and diligent in my time here. But for the love of Foss and open, distributed platforms and what WE believe that means, please use your judgment when considering your home instance for lemmy.

    I am almost certain lemmy.world admins will ignore this claim.












  • Those are good practices if you have privacy concerns.

    we’re just talking about custom interfaces to analyze public data

    Semi-public. As it stands, only instance admins have access to per-user vote data. Possibly also API users, but I’m not sure the lemmy api has an endpoint for exposing per-user vote data, I believe it just gives you a tally of the up/down votes of posts and comments, but not who made each vote. But most people don’t have the skillset to host their own instance and process the data into something meaningful/easy to digest.

    You could make the argument that semi-public is basically public, but I think there is some nuance to be explored:

    Once a site like open lemmy stats launches, it becomes trivial for any user to query that data, who upvoted what, who downvoted what, when they up/downvoted it, etc.

    There’s a difference between something being available to people motivated enough to get it vs it reaching critical mass and being trivial to access by anyone with a browser. How the data is ultimately used, whether it is used nefariously or not, is going to be up to the people that access openlemmystats and what they wish to use it for.

    Which has me considering an analogy, without expressly intending to make this political, please consider the statement “guns don’t kill people, people kill people”. “Openlemmystats doesnt harass political dissenters! The people who use it do!”. One could argue that openlemmystats wouldn’t do anything inherently bad, it’s the people who would use it. Just like with guns, there will likely be debate on whether or not the world would be better without openlemmystats or if we should start doing things to make it impossible for openlemmystats-alike sites to exist.

    That said, I mostly agree with you, and I appreciate your privacy suggestions/best practices, good stuff!

    Edit: for the record, I think “guns don’t kill people, people do” is a stupid statement, but I thought it was an interesting analogy. That is to say nothing of my feelings on gun control, I’m just not a fan of distilling complex issues into dismissive one line statements.


  • biggest concern is getting all participating instances to agree

    I see what you mean, that is true if the responsibility ultimately ends up falling on instance owners.

    Which is why I’m hoping that the developments instead occur on the Lemmy project itself and other fediverse project code bases. Lemmy devs and contributors will hopefully work on privacy and security as the Lemmy project matures. If instance admins are keeping their instances mostly up to date, there is virtually no (dis)agreement to be had: the mitigation patches will be loaded on the next update.

    Of course, anyone can fork lemmy or manually remove these changes from their instance, or some admins may simply refuse to update, but that would reflect badly and privacy minded users may choose move to another instance that has updated to the latest/most secure version of Lemmy and other instance owners can also choose to defederate from instances that leave themselves vulnerable to issues that have been patched out.