If you’d only ever interacted with Lemmy and not read up on how ActivityPub works then that’s a reasonable assumption, it’s not like anything (that I’ve noticed!) actually tells you that your votes are public, and they don’t look to be public in the places you’re likely to see!
Except ActivityPub data is by in large already not private, it is handed out to any tom dick and harry who run a server and have subscribed to actors on this one, and most of the time, it doesn’t even really require extra authorization. That is fundamentally how ActivityPub and federation work, but you can’t have any expectation of privacy in this system when it comes to the content shared. Expecting it to be private because it’s labeled is as dumb as expecting your website not to get scraped because you said so in robots.txt.
I didn’t say it was private, I said it wasn’t public, there’s a difference. If you asked me what number I was thinking of I’d tell you, but that’s not the same thing as the number I’m thinking of being public information. ActivityPub is, at its core, about consent. We have consented to having our data be sent to any person able to serve 200 responses on an inbox endpoint by using instances with open federation. We could, if that makes us uncomfortable, moved to a closed federation system where we only accept request from an allowlisted set of instances, with software that follows the spec’s public addressing system.
I think you’re misunderstanding just like the Mastodon users who think every tool should be opt-in. The consent piece IS moving to a closed system with whitelisted federation. If you’re giving data out publicly with no restrictions but trying to put stipulations on how it’s used, it’s the same as trying to enforce control through robots.txt, which is by the way a standard protocol.
So if you’re going to whine about votes being shown, you should be using a whitelist to block those actors from seeing it, and should be using authorized fetch to limit access to those whitelisted instances specifically, otherwise this is every stupid argument about “why robots.txt should be respected”.
I didn’t explain what I meant very well. To scrape a website you don’t need to understand robots.txt, implementing robots.txt is something you do to be a good netizen. But to get like info from Lemmy, implementing ActivityPub is a requirement.
Now I’ll admit, it’s not a great system and I do wish we had something better, but I also don’t think “this isn’t a good way to communicate preferences” is a good reason to ignore them.
It’s not good practice. Really one shouldn’t be assuming anything is private or some entitlement to privacy on a service where all content you post is made publicly available to any and all linked instances. They miss the point of a federated public forum. If one wants privacy, data must be kept locally only. That’s why Lemmy has local-only communities, the “private” community aspect that many people want just won’t be federated, because you can’t make something like this private otherwise.
I know, it’s a really big problem here and on the Fediverse in general because people get so outraged and entitled over something that just is the way things are, this wouldn’t work any other way.
I know, but some people assume votes are private.
If you’d only ever interacted with Lemmy and not read up on how ActivityPub works then that’s a reasonable assumption, it’s not like anything (that I’ve noticed!) actually tells you that your votes are public, and they don’t look to be public in the places you’re likely to see!
Lemmy likes aren’t meant to be public, this is just other software failing to respect the privacy Lemmy indicates.
Oh. If the only thing stopping the votes being public is a label saying pretty please don’t make this public then it does seem very open to abuse.
Especially in federated networks where the data isn’t under access control, doubly so if the privacy extension is optional
That’s almost as bad as using robots.txt to claim sites are private and secure and just whining that people/bots should respect it.
You should assume voter data is fully public and fully open. It otherwise is in the federated ecosystem.
The comparison doesn’t work because both Lemmy and Mbin are implementing the same standard, while robots.txt is mostly an honour system.
Information not being private isn’t the same thing as information being public.
Except ActivityPub data is by in large already not private, it is handed out to any tom dick and harry who run a server and have subscribed to actors on this one, and most of the time, it doesn’t even really require extra authorization. That is fundamentally how ActivityPub and federation work, but you can’t have any expectation of privacy in this system when it comes to the content shared. Expecting it to be private because it’s labeled is as dumb as expecting your website not to get scraped because you said so in robots.txt.
I didn’t say it was private, I said it wasn’t public, there’s a difference. If you asked me what number I was thinking of I’d tell you, but that’s not the same thing as the number I’m thinking of being public information. ActivityPub is, at its core, about consent. We have consented to having our data be sent to any person able to serve 200 responses on an inbox endpoint by using instances with open federation. We could, if that makes us uncomfortable, moved to a closed federation system where we only accept request from an allowlisted set of instances, with software that follows the spec’s public addressing system.
I think you’re misunderstanding just like the Mastodon users who think every tool should be opt-in. The consent piece IS moving to a closed system with whitelisted federation. If you’re giving data out publicly with no restrictions but trying to put stipulations on how it’s used, it’s the same as trying to enforce control through robots.txt, which is by the way a standard protocol.
So if you’re going to whine about votes being shown, you should be using a whitelist to block those actors from seeing it, and should be using authorized fetch to limit access to those whitelisted instances specifically, otherwise this is every stupid argument about “why robots.txt should be respected”.
I’m not sure that is a realistic expectation these days.
idk, the label is also an honor system, if it can be just ignored like robots.txt.
I didn’t explain what I meant very well. To scrape a website you don’t need to understand robots.txt, implementing robots.txt is something you do to be a good netizen. But to get like info from Lemmy, implementing ActivityPub is a requirement.
Now I’ll admit, it’s not a great system and I do wish we had something better, but I also don’t think “this isn’t a good way to communicate preferences” is a good reason to ignore them.
It’s not good practice. Really one shouldn’t be assuming anything is private or some entitlement to privacy on a service where all content you post is made publicly available to any and all linked instances. They miss the point of a federated public forum. If one wants privacy, data must be kept locally only. That’s why Lemmy has local-only communities, the “private” community aspect that many people want just won’t be federated, because you can’t make something like this private otherwise.
I know, but most people don’t.
I know, it’s a really big problem here and on the Fediverse in general because people get so outraged and entitled over something that just is the way things are, this wouldn’t work any other way.