I noticed that there were some accounts that were hijacked by the instance owners. All the posts from that user were then edited to say what happened.

This kind of surprised me, I figured instances could delete posts, but not edit them. So how much control do they have?

I assume they can’t see my password (hopefully). Can they post in my name? Do they have all the access to my posts to foreign instances that they do over local posts?

Edit: thanks for all the responses everyone! I’ve wanted my own instance for a while, but maybe I’ll get on it now

  • Dandroid@dandroid.app
    link
    fedilink
    arrow-up
    4
    ·
    1 year ago

    I’m assuming votes are all federated, so I think any instance admin would be able to see who voted in which direction for any post that gets federated to their instance, no? Or is it just the vote count that is federated?

    • Nailbar@sopuli.xyz
      link
      fedilink
      English
      arrow-up
      4
      ·
      1 year ago

      I remember seeing someone listing everyone who voted, so I think the votes themself are federated.

      Might even be accessible via the API so any frontend can list them, but that’s just a guess.

      • Dandroid@dandroid.app
        link
        fedilink
        arrow-up
        2
        arrow-down
        1
        ·
        1 year ago

        I kinda hope they don’t have an API for that. I really didn’t like it on reddit when two people would be having a debate on a topic, and one person would search the other person’s comment history to find something to attack their character on to hurt their credibility. I think debates should be handled using relevant points about the topic being discussed. Attempts to attack character are very underhanded. It’s how politicians debate. It almost like admitting that you couldn’t make a better point than your opponent, so you had to stoop to that level.

        I think having an API for votes and front ends that showed votes would encourage people to do exactly that here. If front ends started showing that info, I think it would discourage lurkers from voting, which I’m not sure we want.

        Obviously there’s very little that could or even should be done about admins seeing that info. Admins have full visibility and manipulation power over the DB, and I feel like this wouldn’t even make the list of improvements that I think lemmy needs right now. Admins just sort of need to be trusted or people will leave your instance.

        • SalamanderA
          link
          fedilink
          arrow-up
          2
          ·
          edit-2
          1 year ago

          No, there is no API to get the votes (https://join-lemmy.org/api/). If my understanding is correct, now that I upvoted your comment my instance will push that information. I’m not sure whether it pushes it to dandroid.app first or to all instances, saying basically “Sal@mander.xyz upvoted https://dandroid.app/comment/441785”, and so every instance that has that comment can save my user ID in the “upvote” list of that comment, and that upvote is counted.

          If only the vote direction was federated, then it would be very easy for me to spam the message “Upvote https://dandroid.app/comment/441785”. I would not even need to create an instance for that, I just need to speak ActivityPub. And it would be more difficult to detect that I am doing that, because the database would only hold the vote count.

          I don’t think there is a way to ask an instance to reveal this list. You can only get it by directly querying the database if you have access to it. This is why if you fetch an older post or comment, it will arrive with a single or zero votes.

    • SalamanderA
      link
      fedilink
      arrow-up
      1
      ·
      1 year ago

      The votes themselves are the federated action.

      If you fetch an old post, your instance will not see the previous voters. After that, whenever a user votes the instance will get the message “User X@instance upvoted/downvoted post Y” and the vote will be added to the database with the voter’s user ID and counted.

      This has a practical function. If you don’t keep a list specifying who voted for what, it would be much easier to fake votes from one instance to another by simply communicating the message “Downvote post Y”. With the current method it is still possible to create a lot of fake accounts and mass-vote, but at least you can get a better insight when looking at the database if the votes are associated with accounts with no activity from a single instance.

      There are some federated platforms that will show who likes / dislikes something. I know that friendica used to do this - I have not checked if it still does. So it is not only admins who can see this, this is is basically open information in the fediverse.