this post was submitted on 08 Apr 2025
34 points (100.0% liked)

Fediverse

174 readers
30 users here now

Downvote are limited to members of this community

Welcome!

Can you imagine, years ago how the internet was before? We know Facebook, Twitter, Tiktok, Youtube. We knew blogger, Tumblr, Skyrock... and long before, it was the forum era as phpBB..and mail-lists.

And now with ActivityPub, we are reshaping the web, and achieving much with lots of freedom. So thank you all, and welcome 🤟😁

Our thread

Ressources

Related communities

If you want to donate, double check on the official website and repport any problem to mod team

Social network

Verse

Blog

Microblog

Event

Media

Audio

Streaming/live

Book

Culture review

Short-video

Video

Image Credits :
Avatar : Wikipedia Eukombos
Banner : David Revoy licence : CC-BY-4.0

founded 2 weeks ago
MODERATORS
[email protected]
[email protected]
34
[Lemmy] Lemmy Release v0.19.11: security fix, mods can see votes (join-lemmy.org)
submitted 1 week ago* (last edited 1 week ago) by [email protected] to c/[email protected]
12 comments fedilink hide all child comments
 

This release fixes a security vulnerability which allows an attacker to delete images uploaded by other users. You can read the details in the security advisory. Thanks to @Nothing4You for discovering and fixing it.

A new donation dialog is shown to users once per year, to help fund Lemmy development.

There are also various backports from the development branch. Importantly the “Private instance” setting can now be used with federation enabled. This way only logged-in users can browse posts and comments, which stops AI crawlers from overloading the server. Also moderators can now view votes in the post/comment options.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 4 points 1 week ago (1 children)

That only works for upvotes, Mbin doesn't show downvotes.

[–] [email protected] 5 points 1 week ago (2 children)

Yes, but Kbin used to show downvotes too. I don't think there should be an illusion that they're private, while they can be exposed.

[–] [email protected] 4 points 1 week ago* (last edited 1 week ago)

God I remember the debates about this back around the API exodus when Kbin still existed. Even though anyone can technically access vote information by spinning up their own instance that barrier is sufficient for most users. I don't think making voter info completely publicly visible is a good reaction to the fact that it's "technically public anyway". I don't think being able to see exactly who voted what on your posts and comments leads to anything good, neither for the environment as a whole nor for you as an individual.

EDIT: This is for regular users, I obviously don't have a problem with mods and admins having access to this data as it's probably a necessary moderation tool.

[–] [email protected] 3 points 1 week ago (1 children)

That's a good question.

@[email protected] and @[email protected], are the downvotes potentially available but just hidden, or are they not even accessible via API for a standard user?

[–] [email protected] 7 points 1 week ago (1 children)

They are just hidden, but I think no one has access to them via UI. We also have a discussion issue going about respecting the visibility a like activity specifies.

I am torn on this issue. Just because you theoretically can always spin up an instance and just collect the info that way one should not make it as easy as it is today (imo)... But the community seems to be heavily leaning towards @[email protected] 's view

[–] [email protected] 2 points 1 week ago (1 children)

I'm okay with the way Lemmy implemented it in this version:

  • admins can see votes, but they can see everything anyway
  • mods can see votes, to help with brigading
  • users can't see votes

But I'm not an Mbin user, so that should probably be discussed with your users

[–] [email protected] 2 points 1 week ago

That's where I am as well, but if Mbin ever takes off we'll see if our reservations about completely public votes were baseless fears.