Final vote: NO
Should probably use something that only allows 1 vote per IP address. I think strawpoll.com and livepoll.io can do that.
VPN voting is also not allowed with this poll. I personally use a VPN and will have to turn mine off to vote on this.
What if I have multiple people in my household who want to vote? One vote per IP address would not allow for this. And as others have pointed out, sophisticated users can get around the IP restriction.
I think putting up even small hurdles would drastically cut down on the bot problem. I outlined one idea here: https://sh.itjust.works/comment/455909
It is basically go out and solve a CAPTCHA, then vote, pasting in a url with your vote that verifies you solved the CAPTCHA. A script should be able to verify that the url is indeed for the user who cast the vote. It is not a bulletproof method, but raises just enough of a hurdle that is would be hard for bots, but realitivly easy for humans (we’d want an audio version or other alternative for the visually impaired; I’m not sure what the state of the art is).
Doesn’t solve the problem of one real person operating several alts. Frankly, I don’t know how important that is to solve.
What if 300 students sharing an IP from the same dorm want to vote, should 299 of them be ignored?
No they shouldn’t, but without any restrictions 1 individual with 300 bot accounts and VPNs can vote as many times as those 300 students.
I doubt a single person would have 300 bots using a single ip address so the measure would be pretty useless anyway. I think restraining votes to a single IP address would not do much good and quite the contrary actually as I see no cases where it would be worthwhile.
Listen: MOST userspace IPs are dynamic, this means that it can change over time, and most likely rebooting the router will do the trick. It’s because amount of IPv4 adresses is very limited.
This is a topic that i’ve been meaning to start a discussion about but haven’t had a chance due to the level of detail i’d like to provide.
I will also be posting the current logic of how vote counts are counted and also publish the code that i use for the counting.
Without going too much into detail today when votes are counted theres a few things that the logic accounts for.
- It only counts votes at the first level (meaning anyone that replies to a vote with their vote gets their vote discarded)
- In the event someone tries voting more than once, only the first vote gets counted, the others get discarded.
- Users who join after the voting post is made do not get their votes counted. You must have had your account active prior to the vote post
- External and local users get separated and counted separately.
In the future, and this is the part i’d like to discuss more in detail on another thread, is whether we factor in someone’s reputation. Lemmy currently collects a post and comment score for every user. This score is essentially = to how many upvotes your post or comments have gotten. Additionally the number of post and comments also get tracked. I’d like to see if there would be a method to use this data in order to determine if an account should have the ability to vote. This does alienate the lurkers but they don’t typically vote anyway unless its something that could affect them.
When I have some extra time i’ll post a detailed post on this so that those of you who have an overachiever mindset can provide your 2 cents.
Wouldn’t that become problematic for voting anytime the user goes on a trip?
Yeah, I don’t turn my vpn off, period.
Not that it matters. If this instance gets enough fake accounts just to game voting in this single community, we’re fucked. You get that many fakes and moderation becomes a full time job. Lemmy doesn’t have the tools to cope with it on a moderator level (and from what the admin of pond of the bot attacked instances said, the admin tools are weak as well).
This just makes voting a pain in the ass. Add in a rule about writing a coherent sentence along with your vote, and you’ll reduce fakes without the need to leave the app/page, or deal with VPN usage invalidating the ability to participate.
If this instance gets enough fake accounts
Yea, we’re already there.
I’m not seeing it, sorry. Not in the agora, anyway. And not in any numbers trying to sway votes.
I suggest there’s an issue with fake accounts and I get downvoted more than any other comment here. 😆 🤡
While downvotes don’t mean much, in this specific case, it does.
You’re so far off base from current reality of the c/ that it looks like you’re either trolling or delusional. I doubt either is the case, but that’s only because reddit has shown exactly how bonkers shit can get.
But there simply isn’t a current problem with fake accounts. You can go through the votes taken and verify that the users who voted aren’t a bunch of sock puppets. Or, if they are, whoever is running them has put in enough effort that I ain’t even mad.
There may come a day when it’s useful to figure out a hard deterrent to fake votes in the agora. It might not even be very long, if enough r/efugees come over. But that day isn’t here yet. So far, things are working. There just aren’t enough “empty” accounts voting to point to even a single user trying to sock puppet. It points more towards a handful of new users jumping in.
That’s why your comment got hit, imo. It’s why I down voted it. It took maybe twenty minutes to scroll through and check for empty accounts. You obviously didn’t do so, or you wouldn’t have made that response. You would have said something else, right?
I mean, I feel you. There was a vote on defederation of exploding heads that surprised me how strong the vote came out based on previous discussions around the instance. So I looked. I thought, maybe it was someone gaming things, or multiple people doing so. Gods know there’s people crazy enough to put in the effort! But it just wasn’t there.
Secure and accurate electronic voting is a very hard problem to solve.
One of the ways to mitigate this issue is to not have votes on nuts and bolts issues and rather have discussions and votes on guidelines and policies. ‘[Vote] Should be ban Xxx User?’ is not a good kind of vote since it is way too specific, ‘[Vote] Should we add xxx rules to the instance-wide rules?’ is a bit better. That way people provide input but still rely on the instance staff to use their judgement to handle the myriad of issues.
The final tally is 10 NO, 5 YES.
Wtf? I tried to vote, but it said “You can’t vote anymore”. I hadn’t voted before.
Voting closed 3 hours ago, anyone can make another poll though, I don’t think there are any restrictions on doing a re-vote, but personally I’ve learned a lot by bringing up this discussion and won’t put another vote up for it.
I’m not directly on instance, and won’t participate beyond pointing out there’s plenty of ways to subvert log by IP services.
I don’t know what the right model is, but I’m not sure going propritiary for the solution solves the issue. If anything this is more an open call to FOSS devs about specific tools needed, because otherwise I think you’re fighting a losing battle to purity testing about whom you represent.
Just food for thought.
Doesn’t using a VPN mask your IP address?
I think restricting votes to accounts whose cake days are from before the announcement of a vote’s discussion thread should do it.
Got another idea: Remove accounts that only vote in !agora. The idea is we’re trying to have a community here, right? So if ALL an account does is vote in the Agora and it posts nowhere else…ban that account.
Doesn’t using a VPN mask your IP address?
Yes but a lot of VPNs use identifiable IP addresses.
I think restricting votes to accounts whose cake days are from before the announcement of a vote’s discussion thread should do it.
This is a good idea but it wouldn’t solve it on it’s own.
Remove accounts that only vote in !agora.
This is also a good idea.
Democracy takes work.
Using an off-site tool for voting trades our current problems for others. We would have no way to limit voting to only users of this instance, allowing anyone to brigade our votes.
Basically, the same problem as a single user making 100s of accounts to manipulate a vote.
I think instead we need to limit voting to user accounts of a certain age, and with X number of comments. We can all help with this by reporting accounts that are too young, or appear to have bot generated comments.
Until new tools are developed and built into Lemmy for voting, we’ll all have to chip in. Because…
Democracy takes work.
“America isn’t easy. America is advanced citizenship; you’ve gotta want it bad, cuz it’s gonna put up a fight.” --President Andrew Shepherd, The American President
Seems to me the moment TheDude announced there’d be member votes on instance policy and direction was the moment a certain subset of folks lost their minds. “We shouldn’t vote at all.” “Voting in a federation is pointless.” “We should restrict the vote.” “What if tHeY vote?!?!”
- It’s early days. We will develop procedures that will work, especially as tools are developed for this still-young platform.
- The matters that will be voted on here: Really not that serious. Stuff like electing new admins, federating/defederating with other instances, removing communities I have to imagine, on one of many instances in the Fediverse. This body won’t get to take away pensions or deny people healthcare. What doom do people foresee?
- The way I figure it, we have a more general need to prevent mass account abuse, keeping out spam commenters etc. I figure a lot of those measures will also prevent a lot of problems with member votes. Those along with some straightforward principles like voters must be local members, voters accounts must be older than the discussion thread pertaining to this vote, A vote may not be an account’s first activity, etc. should be sufficient.
deleted by creator
I’m glad I posted about this because clearly it’s an issue that will need to be addressed as Lemmy grows, but luckily it’s not rampant currently. Restricting IP addresses (1 account 1 IP address) is definitely not the best way to go about it, but it’s one way to restrict bad actors from doing bad things. The reality is that verifying whether an individual has 1 account or 500 accounts is very difficult, and most solutions potentially invade someone’s privacy. Finding solutions that allow users to remain anonymous whilst also verifying that they’re an individual with a single account is something extremely difficult. It’s something that’s going to need to be solved over time, manipulating voting is not the only thing that bad actors will do. I hope that sh.itjust.works maintains its level of good fair moderation going forward.
Do we really care this much at this point? Like really… if people are going out of their way to do this, they should: get a life.
Besides that, people tend to share ipv4s in some configurations. Also some people don’t have ipv6.
If you use another service, you have no way to know if a person has an account here or not.
Yes
I wish there was a system where you could add an actual poll in a Lemmy post and have the option to only have accounts logged in on the instance vote on it. This would solve about 98% of the issues it seems like the current system has
That doesn’t solve the issue of an individual creating 100 accounts. An account is not an individual.
An IP address is also not an individual, I have access to hundreds of IP addresses yet 4 separate people use the IP address at my house.
Yes that’s true. So an IP isn’t an individual and an account isn’t an individual either so neither should be relied upon for voting where 1 individual gets 1 vote.