Final vote: NO
Should probably use something that only allows 1 vote per IP address. I think strawpoll.com and livepoll.io can do that.
VPN voting is also not allowed with this poll. I personally use a VPN and will have to turn mine off to vote on this.
What if I have multiple people in my household who want to vote? One vote per IP address would not allow for this. And as others have pointed out, sophisticated users can get around the IP restriction.
I think putting up even small hurdles would drastically cut down on the bot problem. I outlined one idea here: https://sh.itjust.works/comment/455909
It is basically go out and solve a CAPTCHA, then vote, pasting in a url with your vote that verifies you solved the CAPTCHA. A script should be able to verify that the url is indeed for the user who cast the vote. It is not a bulletproof method, but raises just enough of a hurdle that is would be hard for bots, but realitivly easy for humans (we’d want an audio version or other alternative for the visually impaired; I’m not sure what the state of the art is).
Doesn’t solve the problem of one real person operating several alts. Frankly, I don’t know how important that is to solve.
Yeah, I don’t turn my vpn off, period.
Not that it matters. If this instance gets enough fake accounts just to game voting in this single community, we’re fucked. You get that many fakes and moderation becomes a full time job. Lemmy doesn’t have the tools to cope with it on a moderator level (and from what the admin of pond of the bot attacked instances said, the admin tools are weak as well).
This just makes voting a pain in the ass. Add in a rule about writing a coherent sentence along with your vote, and you’ll reduce fakes without the need to leave the app/page, or deal with VPN usage invalidating the ability to participate.
If this instance gets enough fake accounts
Yea, we’re already there.
I’m not seeing it, sorry. Not in the agora, anyway. And not in any numbers trying to sway votes.
I suggest there’s an issue with fake accounts and I get downvoted more than any other comment here. 😆 🤡
While downvotes don’t mean much, in this specific case, it does.
You’re so far off base from current reality of the c/ that it looks like you’re either trolling or delusional. I doubt either is the case, but that’s only because reddit has shown exactly how bonkers shit can get.
But there simply isn’t a current problem with fake accounts. You can go through the votes taken and verify that the users who voted aren’t a bunch of sock puppets. Or, if they are, whoever is running them has put in enough effort that I ain’t even mad.
There may come a day when it’s useful to figure out a hard deterrent to fake votes in the agora. It might not even be very long, if enough r/efugees come over. But that day isn’t here yet. So far, things are working. There just aren’t enough “empty” accounts voting to point to even a single user trying to sock puppet. It points more towards a handful of new users jumping in.
That’s why your comment got hit, imo. It’s why I down voted it. It took maybe twenty minutes to scroll through and check for empty accounts. You obviously didn’t do so, or you wouldn’t have made that response. You would have said something else, right?
I mean, I feel you. There was a vote on defederation of exploding heads that surprised me how strong the vote came out based on previous discussions around the instance. So I looked. I thought, maybe it was someone gaming things, or multiple people doing so. Gods know there’s people crazy enough to put in the effort! But it just wasn’t there.
Secure and accurate electronic voting is a very hard problem to solve.
One of the ways to mitigate this issue is to not have votes on nuts and bolts issues and rather have discussions and votes on guidelines and policies. ‘[Vote] Should be ban Xxx User?’ is not a good kind of vote since it is way too specific, ‘[Vote] Should we add xxx rules to the instance-wide rules?’ is a bit better. That way people provide input but still rely on the instance staff to use their judgement to handle the myriad of issues.
What if 300 students sharing an IP from the same dorm want to vote, should 299 of them be ignored?
No they shouldn’t, but without any restrictions 1 individual with 300 bot accounts and VPNs can vote as many times as those 300 students.
I doubt a single person would have 300 bots using a single ip address so the measure would be pretty useless anyway. I think restraining votes to a single IP address would not do much good and quite the contrary actually as I see no cases where it would be worthwhile.
Listen: MOST userspace IPs are dynamic, this means that it can change over time, and most likely rebooting the router will do the trick. It’s because amount of IPv4 adresses is very limited.
Democracy takes work.
Using an off-site tool for voting trades our current problems for others. We would have no way to limit voting to only users of this instance, allowing anyone to brigade our votes.
Basically, the same problem as a single user making 100s of accounts to manipulate a vote.
I think instead we need to limit voting to user accounts of a certain age, and with X number of comments. We can all help with this by reporting accounts that are too young, or appear to have bot generated comments.
Until new tools are developed and built into Lemmy for voting, we’ll all have to chip in. Because…
Democracy takes work.
“America isn’t easy. America is advanced citizenship; you’ve gotta want it bad, cuz it’s gonna put up a fight.” --President Andrew Shepherd, The American President
Seems to me the moment TheDude announced there’d be member votes on instance policy and direction was the moment a certain subset of folks lost their minds. “We shouldn’t vote at all.” “Voting in a federation is pointless.” “We should restrict the vote.” “What if tHeY vote?!?!”
- It’s early days. We will develop procedures that will work, especially as tools are developed for this still-young platform.
- The matters that will be voted on here: Really not that serious. Stuff like electing new admins, federating/defederating with other instances, removing communities I have to imagine, on one of many instances in the Fediverse. This body won’t get to take away pensions or deny people healthcare. What doom do people foresee?
- The way I figure it, we have a more general need to prevent mass account abuse, keeping out spam commenters etc. I figure a lot of those measures will also prevent a lot of problems with member votes. Those along with some straightforward principles like voters must be local members, voters accounts must be older than the discussion thread pertaining to this vote, A vote may not be an account’s first activity, etc. should be sufficient.
You are removed chimp
deleted by creator
This is an interesting topic, I would like to discuss further.
Locking down votes to accounts on the instance is important - the current system of Aye/Nay comments natively beats strawpoll on that account.
Since this instance is anonymous, having some amount of accountability to other users is also important. Even I can go through and at least audit comments to be sure they’re on the instance and active users. This is another point where, again, strawpoll falls short.
I agree the system isn’t perfect, but IP locking is also an imperfect solution. There are absolutely VPN solutions that will beat strawpoll’s VPN identification, and there very well could be legitimate votes that would share public IP addresses, especially as the instance grows. I think I’m unconvinced that ensuring unique IP is vastly more important than the benefits the current system provides.
All that said, I don’t know what a perfect solution would look like, but I would expect it to address ALL of these points (deep integration with lemmy, user auditability, and basic protection from fraudulent votes). I’m honestly curious what your thoughts are here - do you have a more comprehensive proposal to address my above concerns?
I think I’m unconvinced that ensuring unique IP is vastly more important than the benefits the current system provides.
What benefits does the current system provide over restricting IP? This poll has only 3 votes which is actually helping prove my point.
I did list them in my comment, I spent time to try to engage with you and it’s clear you either didn’t read it or didn’t understand it. That’s a shame.
If you’re going to laser focus on only one aspect of voting, you do us all a disservice with your suggestions to improve. There’s more to a solid voting system than unique IP.
Your poll means nothing. It’s a mistake to try to use it as a guidepost for how to run a lemmy instance. The low engagement isn’t the slam dunk you seem to believe it is.
This is not a mistake, but rather a point I’m making.
Please explain the point you’re making.
Anyone can make 100 accounts with VPNs and vote with the current process
If this poll means nothing then all votes here mean nothing.
You have not demonstrated this to be true.
I have done so.
I’m not directly on instance, and won’t participate beyond pointing out there’s plenty of ways to subvert log by IP services.
I don’t know what the right model is, but I’m not sure going propritiary for the solution solves the issue. If anything this is more an open call to FOSS devs about specific tools needed, because otherwise I think you’re fighting a losing battle to purity testing about whom you represent.
Just food for thought.
I wish there was a system where you could add an actual poll in a Lemmy post and have the option to only have accounts logged in on the instance vote on it. This would solve about 98% of the issues it seems like the current system has
That doesn’t solve the issue of an individual creating 100 accounts. An account is not an individual.
An IP address is also not an individual, I have access to hundreds of IP addresses yet 4 separate people use the IP address at my house.
Yes that’s true. So an IP isn’t an individual and an account isn’t an individual either so neither should be relied upon for voting where 1 individual gets 1 vote.
I feel like we need more robust tools like built in polls with options as to who can vote, rather than going off site. I think that age of accounts is a factor that might help reduce the amount of bad actors and brigading a poll. For instance an option that prevents accounts newer than the poll from voting. This is of course not a silver bullet, but I think it would help protect polls without punishing people who use vpns like myself.
I’ve been consistent in my advocacy for more robust voting tools that might be off-site and not on Lemmy, my only concern with your suggestions is that strawpoll is proprietary, right? I haven’t heard of livepoll before so I don’t know much about it.
I’m passionate about direct democracy and consensus-based decision-making, which I feel would be perfect for the way sh.itjust.works is attempting to be moderated, so moving to systems where we can track results and ensure the integrity of the vote is paramount to me. I don’t like the current system of just typing “aye” in a top-level comment. It’s working now, but I feel like it’s only a matter of time before something goes wrong with it.
strawpoll is proprietary, right?
I can’t seem to find a FOSS platform for good robust poll system which doesn’t allow for bots. If you find one, please let me know.
Doesn’t using a VPN mask your IP address?
I think restricting votes to accounts whose cake days are from before the announcement of a vote’s discussion thread should do it.
Got another idea: Remove accounts that only vote in !agora. The idea is we’re trying to have a community here, right? So if ALL an account does is vote in the Agora and it posts nowhere else…ban that account.
Doesn’t using a VPN mask your IP address?
Yes but a lot of VPNs use identifiable IP addresses.
I think restricting votes to accounts whose cake days are from before the announcement of a vote’s discussion thread should do it.
This is a good idea but it wouldn’t solve it on it’s own.
Remove accounts that only vote in !agora.
This is also a good idea.
I am not convinced. The most important thing is restricting voting to sh.itheads only. Strawpoll can definitely not do this. I however agree with the fact that even basic VPN-protection is better than no protection. A solution would be checking a users activity, however this would obviously would be done manually, which is unsustainable. It is neat, certainly safer than the current method, but instance-locking is still primary.
Do we really care this much at this point? Like really… if people are going out of their way to do this, they should: get a life.
Besides that, people tend to share ipv4s in some configurations. Also some people don’t have ipv6.
If you use another service, you have no way to know if a person has an account here or not.
Do we really care this much at this point?
Well, I do at least.
This is a topic that i’ve been meaning to start a discussion about but haven’t had a chance due to the level of detail i’d like to provide.
I will also be posting the current logic of how vote counts are counted and also publish the code that i use for the counting.
Without going too much into detail today when votes are counted theres a few things that the logic accounts for.
- It only counts votes at the first level (meaning anyone that replies to a vote with their vote gets their vote discarded)
- In the event someone tries voting more than once, only the first vote gets counted, the others get discarded.
- Users who join after the voting post is made do not get their votes counted. You must have had your account active prior to the vote post
- External and local users get separated and counted separately.
In the future, and this is the part i’d like to discuss more in detail on another thread, is whether we factor in someone’s reputation. Lemmy currently collects a post and comment score for every user. This score is essentially = to how many upvotes your post or comments have gotten. Additionally the number of post and comments also get tracked. I’d like to see if there would be a method to use this data in order to determine if an account should have the ability to vote. This does alienate the lurkers but they don’t typically vote anyway unless its something that could affect them.
When I have some extra time i’ll post a detailed post on this so that those of you who have an overachiever mindset can provide your 2 cents.
Wouldn’t that become problematic for voting anytime the user goes on a trip?