• 0 Posts
  • 7 Comments
Joined 6 months ago
cake
Cake day: May 13th, 2024

help-circle

  • There are no checks whatsoever, no email or phone number required, no verification options—it just hands you an account for a 99-year-old, with full access to all chat features. (It took maybe five clicks from having no account to being able to play Blood & Gore.)

    Come on now Kotaku. I was a kid once on the internet. I lied about my age once to sign up for Neopets, which had text forums, private messages and user-created pages. You could even use HTML and hotlink images. It really wasn’t a big deal because my parents paid attention to what I did online, and the audience of the website was just children or people who wanted to play a simple game.

    My mom ended up playing it, so she must have known I lied about my age to get access. She had hella neopoints.

    For content marked 17+, you do need to verify your age with documentation

    WHY IS THERE CONTENT FOR 17+ ON ROBLOX? Isn’t this the TRUE child safety problem? Why do this at all? Why attract people looking for 17+ content on a platform for children??? I read that Hindenburg report, the entire platform is a mess. This company deserves to fail and those investors deserve to be left holding the bag.



  • echolalia@lemmy.mltoComic Strips@lemmy.worldInto the Memeverse
    link
    fedilink
    arrow-up
    7
    arrow-down
    13
    ·
    edit-2
    2 months ago

    He’s had that gross side project for a while.

    edit: removed link, he doesn’t need publicity

    It kept popping up on /r/all back before I got away from that place. I always felt like the only person bothered by it. Redditors 🤮

    I had totally forgotten until you reminded me.


  • Yea, I agree. It’s good enough. Sorry, I didn’t mean to sound like it was a bad solution, it’s just not perfect and people ought to be aware of limitations.

    I used a small instance in my example so the problem was easier to understand, but a motivated person could target someone on a large instance, too, so long as that person tended to vote in the posts they commented on.

    Just for example (and I feel like I should mention, I have no bad feelings towards this guy), Flying Squid on lemmy.world posts all over the place, even on topics with few upvotes. If you pull all his posts, and all votes left in those posts from all users, I bet you could find one voter who stands out from the crowd. You just need to find the guy following him everywhere: himself.

    I mean, if he tends to leave votes in topics he comments on, which I assume he does.

    It would have to be a very targeted attack and that’s much better than the system lemmy uses right now. I’m remembering the mass tagger on Reddit, I thought that add on was pretty toxic sometimes.

    Also, it just occurred to me, on Lemmy, when you post you start with one vote, your own. I can even remove this vote (and I’ll do it and start this post off with score 0). I wonder how this vote is handled internally? That would be an immediate flaw in this attempt to protect people’s privacy.


  • While not a perfect solution, this seems very smart. It’s a great mitigation tactic to try to keep user’s privacy intact.

    Seems to me there’s still routes to deanonymization:

    1. Pull posts that a user has posted or commented in
    2. Do an analysis of all actors in these posts. The poster’s voting actor will be over represented (if they act like I assume most users do. I upvote people I reply to etc)
    3. if the results aren’t immediately obvious, statistical analysis might reveal your target.

    Piefed is smaller than lemmy, right? So if only one targeted posting account is voting somewhat consistently in posts where few piefed users vote/post/view, you got your guy.

    Obviously this is way harder than just viewing votes. Not sure who would go to the trouble. But a deanonymization attack is still possible. Perhaps rotate the ids of the voting accounts periodically?


  • I think they should be public. They’re already accessible for mbin posts and anyone administrating a lemmy instance. It should be clear to all users that their votes are already not private.

    Someone could make a lemmy instance just to get voting behavior and make a website with cool graphs and stuff today and the only thing that could stop them is defederation. If Lemmy gets popular, this is just an inevitability.

    Imagine if a large instance decided to do that today. Imagine if lemmy.world released lemmy.world/votes. Would people defederate just for that? Remember: Mbin already displays scores and I don’t think anyone has defederated over it.

    Might as well put it on the interface so everyone understands it isn’t private. Rip off the bandaid.