this post was submitted on 08 Apr 2025
33 points (100.0% liked)

Fediverse

629 readers
107 users here now

Downvote are limited to members of this community

Welcome!

Can you imagine, years ago how the internet was before? We know Facebook, Twitter, Tiktok, Youtube. We knew blogger, Tumblr, Skyrock... and long before, it was the forum era as phpBB..and mail-lists.

And now with ActivityPub, we are reshaping the web, and achieving much with lots of freedom. So thank you all, and welcome 🀟😁

Our thread

Resources

Related communities

If you want to donate, double check on the official website and report any problem to mod team

Social network

Threadiverse

Blog

Microblog

Event

Mediaverse

Audio

Streaming/live

Book

Culture review

Picture

Short-video

Video

Image Credits :
Avatar : Wikipedia Eukombos
Banner : David Revoy licence : CC-BY-4.0

Rules

Moderation process
We all make mistakes,

If your comment is reported, and brings up a complex issue, we will reach out to you and ask you to rephrase it.

Our goal, is to create a serene space for discussion. Nothing more.

If the post isn't edited to remove hurtful language element, we will have to remove it. It would be a shame because your comment was interesting and you took some time to write it.

In case of xenophobia, racism, transphobia, homophobia or harassment, it will be a permanent ban.

founded 2 months ago
MODERATORS
[email protected]
[email protected]
33
[Lemmy] Lemmy Release v0.19.11: security fix, mods can see votes (join-lemmy.org)
submitted 2 months ago* (last edited 4 weeks ago) by [email protected] to c/[email protected]
12 comments fedilink hide all child comments
 

This release fixes a security vulnerability which allows an attacker to delete images uploaded by other users. You can read the details in the security advisory. Thanks to @Nothing4You for discovering and fixing it.

A new donation dialog is shown to users once per year, to help fund Lemmy development.

There are also various backports from the development branch. Importantly the β€œPrivate instance” setting can now be used with federation enabled. This way only logged-in users can browse posts and comments, which stops AI crawlers from overloading the server. Also moderators can now view votes in the post/comment options.

top 12 comments
sorted by: hot top controversial new old
[–] [email protected] 8 points 2 months ago

The ability to see votes from the default UI for mods is a big change!

[–] [email protected] 3 points 2 months ago

A few instances already updated:

https://lemmy.fediverse.observer/list

[–] [email protected] 3 points 2 months ago (2 children)

What's the benefit of seeing how people vote? Feels a bit invasive to me. It also feels like it has the potential for abuse in the wrong hands.

[–] [email protected] 8 points 2 months ago

There has been some vote manipulation recently: https://lemmy.dbzer0.com/post/41724398

Giving mods the option to see votes allows them to help the admins in this kind of scenarios.

[–] [email protected] 3 points 2 months ago (1 children)

You can already see votes if you're using different software anyways, check how it looks on my mbin instance, I can click "Activity" and see it already.

[–] [email protected] 3 points 2 months ago (1 children)

That only works for upvotes, Mbin doesn't show downvotes.

[–] [email protected] 4 points 2 months ago (2 children)

Yes, but Kbin used to show downvotes too. I don't think there should be an illusion that they're private, while they can be exposed.

[–] [email protected] 3 points 2 months ago* (last edited 2 months ago)

God I remember the debates about this back around the API exodus when Kbin still existed. Even though anyone can technically access vote information by spinning up their own instance that barrier is sufficient for most users. I don't think making voter info completely publicly visible is a good reaction to the fact that it's "technically public anyway". I don't think being able to see exactly who voted what on your posts and comments leads to anything good, neither for the environment as a whole nor for you as an individual.

EDIT: This is for regular users, I obviously don't have a problem with mods and admins having access to this data as it's probably a necessary moderation tool.

[–] [email protected] 2 points 2 months ago (1 children)

That's a good question.

@[email protected] and @[email protected], are the downvotes potentially available but just hidden, or are they not even accessible via API for a standard user?

[–] [email protected] 7 points 2 months ago (1 children)

They are just hidden, but I think no one has access to them via UI. We also have a discussion issue going about respecting the visibility a like activity specifies.

I am torn on this issue. Just because you theoretically can always spin up an instance and just collect the info that way one should not make it as easy as it is today (imo)... But the community seems to be heavily leaning towards @[email protected] 's view

[–] [email protected] 2 points 2 months ago (1 children)

I'm okay with the way Lemmy implemented it in this version:

  • admins can see votes, but they can see everything anyway
  • mods can see votes, to help with brigading
  • users can't see votes

But I'm not an Mbin user, so that should probably be discussed with your users

[–] [email protected] 2 points 2 months ago

That's where I am as well, but if Mbin ever takes off we'll see if our reservations about completely public votes were baseless fears.