145
submitted 1 year ago by Tehhund@lemmy.world to c/asklemmy@lemmy.ml

Does ActivityPub send those to other instances, or does ActivityPub only send the original post and the rest (upvotes, downvotes, replies) are stored only on the original server where the post was made?

top 50 comments
sorted by: hot top controversial new old
[-] Empricorn@feddit.nl 109 points 1 year ago

Since you've gotten enough real answers, I'll just remind you that upvotes are stored in the balls.

[-] Tehhund@lemmy.world 19 points 1 year ago

Truth. /thread

[-] iso@lemy.lol 58 points 1 year ago

All of those are replicated to all servers.

[-] Teppic@kbin.social 35 points 1 year ago* (last edited 1 year ago)

Posts and comments are federated (synchronised). Upvotes are actually a bit of a fudge, they are actually 'Favourites' if considered from an activity pub (e.g. Mastodon) perspective, and yes favourites are also federated.
Downvotes don't exist in activity pub and, as a result, they do not federate between instances.
At least that is my understanding.

[-] Max_P@lemmy.max-p.me 34 points 1 year ago* (last edited 1 year ago)

Downvotes do federate, ~~but it uses protocol extensions to do it. So the downvotes won't federate to Mastodon~~, but it does for Lemmy and I think Kbin too

[-] nutomic@lemmy.ml 18 points 1 year ago

Votes federate with standard Like and Dislike activities which are part of Activitypub. It's just that some platforms like Mastodon can't handle Dislikes.

[-] ShellMonkey@lemmy.socdojo.com 5 points 1 year ago

Can't handle by choice I'd guess. Given the format of individuals following individuals rather than topics in communities it doesn't make much sense for a person to follow someone only to downvote/dislike their comments.

[-] AlexWIWA@lemmy.ml 13 points 1 year ago

Honestly votes being federated seems like a bad idea imo. Would be easy to spin up an instance with thousands of fake users and manipulate posts.

Fediverse is already big enough that it could be lucrative to do so.

[-] Shadow@lemmy.ca 30 points 1 year ago

So then everyone just blacklists that instance. If the problem is really severe, we move to whitelisting.

It's not hard to identify when someone is doing this.

[-] AlexWIWA@lemmy.ml 9 points 1 year ago

It's not hard to identify if you're looking for it, they just use one instance, they aren't subtle about it, and they are only boosting a specific company instead of a variety of products and ideas.

Vote manipulation is hard enough to detect on Reddit where they have visibility top to bottom. I think this will become a major issue in the future.

This is on top of the already significant scaling issues votes are causing.

Other instances can cache the total count for historical reasons, to preserve lost instance vote counts, but keeping the full ledger is going to be a serious barrier to entry for hosters and a security (manipulation) issue.

[-] Rogue@feddit.uk 7 points 1 year ago

A whitelist defeats the decentralisation and openness of a defederated system.

I think you're mistaken in your assumption it would be easy to identify malicious instances. Bots are notoriously difficult to fight, every time you block one method another workaround will appear.

[-] Shadow@lemmy.ca 15 points 1 year ago* (last edited 1 year ago)

I think you’re mistaken in your assumption it would be easy to identify malicious instances. Bots are notoriously difficult to fight, every time you block one method another workaround will appear.

I run a large instance and I look around in the DB occasionally when users complain, so I'm pretty familiar with what's in there.

A whitelist defeats the decentralisation and openness of a defederated system.

True, but assholes are assholes and sometimes freedom and assholery don't mix well.

[-] PoliticalAgitator@lemm.ee 2 points 1 year ago

Would it change anything besides their technique?

They almost certainly already have vote manipulation tools for reddit that work via browser automation, because someone offered me money to build one 10 years ago.

Those tools and a handful of accounts+vpns would already be borderline undetectable without the access needed to see that 25 accounts always voted the same way.

At least on Lemmy, you have that access. Reddit not only makes zero effort to prevent it, they actively obfuscate the information needed to spot it.

load more comments (2 replies)
[-] Send_me_nude_girls@feddit.de 10 points 1 year ago* (last edited 1 year ago)

Technically votes are public. Only UI is hiding them. Which should be resolved, one way or another.

Edit: there was a post with that here a few weeks ago. I understand that this isn't a real answer to your question. Maybe you find it with these hints.

Edit2: Found it. Here you'll find more. https://mylemmy.win/post/89871

load more comments (5 replies)
[-] peereboominc@lemm.ee 9 points 1 year ago

What if someone sets up an instance, make a post and manipulate the upvotes? Just give it a million upvotes. That would break the whole system..

Or a bit more subtle, every upvote is multiplied by 10.

[-] Max_P@lemmy.max-p.me 16 points 1 year ago

Individual votes are federated but not by number but by user, so you'd have to set up fake users and then federate a vote from each of them.

That makes it rather easy to detect and identify and get that particular instance defederated.

Votes will still go from origin instance -> community instance -> other instance, be if the other instance has defederated the origin instance then it simply gets dropped.

[-] Teppic@kbin.social 8 points 1 year ago

If you use kbin you can even see who has made each upvote, so yes easy to then look for patterns of voting together and also at the profiles to see if the accounts looks like real people etc.

load more comments (3 replies)
[-] Vex_Detrause@lemmy.ca 9 points 1 year ago

Where is my karma stored? ^/s

[-] Unsustainable@lemmy.today 5 points 1 year ago

It's under my bed. You'll have to pay me $10,000 to get it back.

load more comments (1 replies)
[-] kglitch@kglitch.social 5 points 1 year ago

The first one.

[-] shinigamiookamiryuu@lemm.ee 2 points 1 year ago

The mod log at the bottom of any Lemmy webpage, I think.

load more comments
view more: next ›
this post was submitted on 15 Oct 2023
145 points (97.4% liked)

Asklemmy

44197 readers
1295 users here now

A loosely moderated place to ask open-ended questions

Search asklemmy 🔍

If your post meets the following criteria, it's welcome here!

  1. Open-ended question
  2. Not offensive: at this point, we do not have the bandwidth to moderate overtly political discussions. Assume best intent and be excellent to each other.
  3. Not regarding using or support for Lemmy: context, see the list of support communities and tools for finding communities below
  4. Not ad nauseam inducing: please make sure it is a question that would be new to most members
  5. An actual topic of discussion

Looking for support?

Looking for a community?

~Icon~ ~by~ ~@Double_A@discuss.tchncs.de~

founded 5 years ago
MODERATORS