Why YSK: your upvotes (favorites) and downvotes( reduces) are public information.

If you are browsing through https://kbin.social/ or whatever just click on “more” then activity.

There you’ll see info like boosts, reduces (downvotes), and favorites (upvotes?)

Works with all instances for lemmy or kbin material

  • fubo@lemmy.world
    link
    fedilink
    arrow-up
    4
    ·
    edit-2
    1 year ago

    Anyone can stand up their own instance, subscribe to remote communities, and start receiving all the data necessary to show those communities. That includes posts, comments, and votes too.

    Every instance operator is in control of a database containing all the activity for communities that instance’s users are subscribed to. They can do whatever they like with that data. That’s a consequence of how federation works.

    The protocol as it stands today is also generally vulnerable to any malicious instance. A malicious Lemmy server could emit spam, send out bogus votes, or alter its users’ comments after the fact (ahem, spez) and disseminate the modified versions. The main tool that other instances have to deal with a malicious instance is … yup, defederating.

    Ultimately, other federated services in Internet history have adopted different ways to deal with this problem:

    • IRC doesn’t have a single federation; it has many federations (“IRC networks”), and server operators form peering relationships with one another based on mutual trust and agreement to uphold various rules. A given chat channel only exists on a single IRC network; you can’t reach Libera.chat’s #linux from a DALnet server. And occasionally a federation completely blows up — see e.g. the 2021 collapse of the Freenode network due to admin abuse.
    • Usenet pretty much floundered on spam mitigation because well-behaved servers didn’t eject the malicious and ill-maintained ones.
    • Email has dozens or hundreds of different ways of dealing with bad instances (i.e. mail servers that emit spam), including published blocklists of known offenders’ IP addresses. But even then, major mail servers depend on all manner of filters (including ML classifiers these days!) on top of straight IP blocking.