Draconic NEO

I think you’re misunderstanding just like the Mastodon users who think every tool should be opt-in. The consent piece IS moving to a closed system with whitelisted federation. If you’re giving data out publicly with no restrictions but trying to put stipulations on how it’s used, it’s the same as trying to enforce control through robots.txt, which is by the way a standard protocol.

So if you’re going to whine about votes being shown, you should be using a whitelist to block those actors from seeing it, and should be using authorized fetch to limit access to those whitelisted instances specifically, otherwise this is every stupid argument about “why robots.txt should be respected”.

Oh I didn’t know that, that’s good. Though I think the point still stands since it’s not a guarantee instance admins will use it (unless it’s a default).

You can use the Tesseract Lemmy frontend to view votes in your communities. However it will only work on instances on version 0.19.8 or greater, so if your mod accounts are on an instance like that it won’t give you the option or let you see them.

You can usually use another instance that shows names if you have an account there, it’ll show at least the federated stuff.

Exactly, that’s why I said for ones that aren’t cached. They can be cached, but it’s not a guarantee they will be.

And it wouldn’t be caught quickly or maybe even ever if they opted to use hashes instead of just showing who voted and when.

Mods can already see voting data, at least through the API on the latest version of Lemmy.

I know, it’s a really big problem here and on the Fediverse in general because people get so outraged and entitled over something that just is the way things are, this wouldn’t work any other way.

Except ActivityPub data is by in large already not private, it is handed out to any tom dick and harry who run a server and have subscribed to actors on this one, and most of the time, it doesn’t even really require extra authorization. That is fundamentally how ActivityPub and federation work, but you can’t have any expectation of privacy in this system when it comes to the content shared. Expecting it to be private because it’s labeled is as dumb as expecting your website not to get scraped because you said so in robots.txt.

It’s not good practice. Really one shouldn’t be assuming anything is private or some entitlement to privacy on a service where all content you post is made publicly available to any and all linked instances. They miss the point of a federated public forum. If one wants privacy, data must be kept locally only. That’s why Lemmy has local-only communities, the “private” community aspect that many people want just won’t be federated, because you can’t make something like this private otherwise.

That’s almost as bad as using robots.txt to claim sites are private and secure and just whining that people/bots should respect it.

You should assume voter data is fully public and fully open. It otherwise is in the federated ecosystem.

If image embeds aren’t cached by your server they can be abused to gain IP, but that’s a hack, it’s not intended.

The whole concept of the Fediverse as social media is that all the data is public. Stop acting like these servers are giving out private data. This data has never been private, and it never will be. Data like this being shared with any other server is how ActivityPub and the Fediverse work.

you can, names are shown in other frontends like phtn.app.

They usually get found out pretty easily and then defederated by everyone. There’s a service called fediseer which allows instance admins to flag instances as harmful, which other admins can use to determine if they should block an instance.

In order for that to really work they would have to rotate between a lot of domain names either by changing their own instance’s domain or using a proxy. Either way they’d run out of domains rather quickly.

It’s way easier for them to just get accounts on the big servers and hide there as if they were normal lurking users.