What @delirious_owl@discuss.online seemed to be implying is that direct messages on Mastodon should be considered “public” rather than “private”.
I’m assuming that’s along the same lines of how Lemmy users generally think that their upvotes/downvotes are private when in reality, if you know how to look for them, you can see them.
Ah, I see. So it’s the same mistake that Lemmy users make when thinking that Upvotes/Downvotes aren’t public.
It sounds like DMs on Mastodon are public, but are commonly mistaken to be private then?
They’re called DMs not PMs
? Did you mean that the other way around? And if you did… forgive me, I don’t really use Mastodon. I was never much of a twitter fan. I don’t really like how all of my likes are public (although I guess I have had to get used to that with Lemmy).
Hmmm it was even able to pull in private DMs.
Maybe private DMs on Mastadon aren’t as private as everyone thinks… that, or the open nature of Activity Pub is leaking them somehow?
Edit - From the article:
Even more shocking is the revelation that somehow, even private DMs from Mastodon were mirrored on their public site and searchable. How this is even possible is beyond me, as DM’s are ostensibly only between two parties, and the message itself was sent from two hackers.town users.
From what @delirious_owl@discuss.online mentioned below, it sounds like this shouldn’t be very shocking at all.
SD? SD 3? The weights? All the above?
Stable Diffusion is an open source image generating machine learning model (similar to Midjourney).
Stable Diffusion 3 is the next major version of the model and, in a lot of ways, it looks better to work with than what we currently have. However, up until recently we were wondering if we would even get the model since Stability AI ran out of funding and they’re in the midst of being sold off.
The “weights” refer to the values that make up the neural network. Basically by releasing the weights they are essentially saying that they are making the model open-source so that the community can retrain/fine-tune the model as much as we want.
They made a wait list for those who are interested in getting notified once the model is released, and they turned it into a pun by calling it a “weights list”.
Correction: “Weight List” ;)
Yes, there are NAS grade SSD’s that can be used.
As long as you use the right kind of SSD, there aren’t any problems with doing this.
I hate it when people say that I’m “throwing my vote away by voting for a 3rd party”. If everyone voted for the person they actually liked, rather than the person who’s likely to beat the other large party, maybe we’d see some better choices.
Kbin allows downvotes, they’re just called “reduces”.
Given the number of lurkers on Reddit, you would probably end up with a lot of false flags.
Doesn’t have to be major slip ups. Just little tidbits over time on a comment here, a post there, and the aggregation of that data can really narrow the results down.
No, if you go to old.reddit.com/prefs/ the “make my votes public” defaulted to keeping votes hidden from other users.
Most users from Reddit that are coming here are voting while not realising that their votes are completely public to anyone that simply uses kbin to browse through any instance.
One example (not the only way to deal with this) is to do what some crypto algorithms have done. Here’s the source code for z cash: https://github.com/zcash/zcash
Using something similar to this you can hide who is voting for what while being able to trust that the number of votes are accurate.
Right, but in this case your upvotes/downvotes are public to anyone that has a kbin account, it’s not just the instance Admins that can see.
Actually, it’s even easier than that, just make a kbin account then go to any Lemmy instance and you can check the upvotes/downvotes.
The crypto example was only a suggestion because they have simply solved the exact same problem we are looking at: duplicate votes (transactions) and verifying the results while being able to hide it.
I would love to hear any other suggestions that people may have that solve these problems. Copying open source code from crypto isn’t the only option. So let’s look for solutions instead of dismissals (unless you’re arguing for keeping votes public of course).
Let me be a little more clear, the Admins of your account’s particular instance should be the only ones that have access to your votes.
Now the question remains about when your account posts/comments into a different instance, who should have access to those votes? Perhaps your instance has a way of obfuscating the votes of any user coming from your instance, or else only the admins of the community that you’re posting into will have access to your votes?
The problem really comes down to how we avoid the problem with duplicating votes. Currently this is easy as each vote is public so every instance can verify the correct vote count. But implementing either of the solutions above will need a way to verify the correct number of votes.
To top it off you would also need a way to detect if a malicious instance had come along and started lying about how many votes had been cast.
One thing we can look at under the hood would be how cryptocurrency works as they have solved both the problem of duplicate values as well as the ability to trust those values being sent. All of the code is free and open source so we can pick out the parts that we need and reuse it. (And no, I’m not telling people to go out and buy crypto).
Z Cash would be a particularly good one to look at as it ensures a “zero knowledge” (or “zero trust”) method of sending the values across “nodes” (or in our case “instances”). Using this, who is voting on what would be hidden, but we could ensure that the values are correct.
Additionally you could probably throw out the second hashing algorithm altogether and just keep the Blake2b hashing algorithm as this one is far more efficient and quick to compute (and that second algorithm was mostly thrown in to prevent people with specialized hardware from being able to come in and beat anyone else running on just a GPU/CPU). https://github.com/zcash/zcash
However, using this particular method would make it so that not even the instance admins would be able to view the details of anyone’s votes (which may be a good thing after all if we decide that any random instance admin is not to be trusted).
Especially because you might not know why someone was downvoting the post/comment.
Case in point: https://lemmy.ml/comment/1009973 A decent number of users thought it was a good idea to downvote this post because they didn’t want to give Nazis more publicity. However, someone could take a look at all of the downvotes on this post and make the assumption that everyone who downvotes it is a Nazi themselves.
Most of that just looks like carpet shading, where rubbing the carpet one way looks darker compared to rubbing it the other way. http://carpetswalltowall.com/shading-footprints-pooling/
However, the brown stain on the far right definitely stands out.