echolalia

joined 6 months ago
[–] echolalia@lemmy.ml 15 points 3 weeks ago

There are no checks whatsoever, no email or phone number required, no verification options—it just hands you an account for a 99-year-old, with full access to all chat features. (It took maybe five clicks from having no account to being able to play Blood & Gore.)

Come on now Kotaku. I was a kid once on the internet. I lied about my age once to sign up for Neopets, which had text forums, private messages and user-created pages. You could even use HTML and hotlink images. It really wasn't a big deal because my parents paid attention to what I did online, and the audience of the website was just children or people who wanted to play a simple game.

My mom ended up playing it, so she must have known I lied about my age to get access. She had hella neopoints.

For content marked 17+, you do need to verify your age with documentation

WHY IS THERE CONTENT FOR 17+ ON ROBLOX? Isn't this the TRUE child safety problem? Why do this at all? Why attract people looking for 17+ content on a platform for children??? I read that Hindenburg report, the entire platform is a mess. This company deserves to fail and those investors deserve to be left holding the bag.

[–] echolalia@lemmy.ml 2 points 3 months ago (1 children)

Yea, I agree. It’s good enough. Sorry, I didn’t mean to sound like it was a bad solution, it’s just not perfect and people ought to be aware of limitations.

I used a small instance in my example so the problem was easier to understand, but a motivated person could target someone on a large instance, too, so long as that person tended to vote in the posts they commented on.

Just for example (and I feel like I should mention, I have no bad feelings towards this guy), Flying Squid on lemmy.world posts all over the place, even on topics with few upvotes. If you pull all his posts, and all votes left in those posts from all users, I bet you could find one voter who stands out from the crowd. You just need to find the guy following him everywhere: himself.

I mean, if he tends to leave votes in topics he comments on, which I assume he does.

It would have to be a very targeted attack and that’s much better than the system lemmy uses right now. I’m remembering the mass tagger on Reddit, I thought that add on was pretty toxic sometimes.

Also, it just occurred to me, on Lemmy, when you post you start with one vote, your own. I can even remove this vote (and I’ll do it and start this post off with score 0). I wonder how this vote is handled internally? That would be an immediate flaw in this attempt to protect people’s privacy.

[–] echolalia@lemmy.ml 25 points 3 months ago* (last edited 3 months ago) (5 children)

While not a perfect solution, this seems very smart. It’s a great mitigation tactic to try to keep user’s privacy intact.

Seems to me there’s still routes to deanonymization:

  1. Pull posts that a user has posted or commented in
  2. Do an analysis of all actors in these posts. The poster’s voting actor will be over represented (if they act like I assume most users do. I upvote people I reply to etc)
  3. if the results aren’t immediately obvious, statistical analysis might reveal your target.

Piefed is smaller than lemmy, right? So if only one targeted posting account is voting somewhat consistently in posts where few piefed users vote/post/view, you got your guy.

Obviously this is way harder than just viewing votes. Not sure who would go to the trouble. But a deanonymization attack is still possible. Perhaps rotate the ids of the voting accounts periodically?

[–] echolalia@lemmy.ml 17 points 3 months ago (5 children)

I think they should be public. They’re already accessible for mbin posts and anyone administrating a lemmy instance. It should be clear to all users that their votes are already not private.

Someone could make a lemmy instance just to get voting behavior and make a website with cool graphs and stuff today and the only thing that could stop them is defederation. If Lemmy gets popular, this is just an inevitability.

Imagine if a large instance decided to do that today. Imagine if lemmy.world released lemmy.world/votes. Would people defederate just for that? Remember: Mbin already displays scores and I don’t think anyone has defederated over it.

Might as well put it on the interface so everyone understands it isn’t private. Rip off the bandaid.

[–] echolalia@lemmy.ml 14 points 4 months ago (4 children)

Ok I’ll say it.

What’s Figma?

[–] echolalia@lemmy.ml 1 points 5 months ago

Thanks for taking the time to reply, that makes a lot of sense.

I haven't switched to Wayland yet. It makes sense why xscreensaver wouldn't work well with an entirely different window server. I was just surprised it was so difficult (for me at least) to use with modern window managers despite being relevant and mature, haha.

[–] echolalia@lemmy.ml 1 points 5 months ago (2 children)

I tried Linux briefly in highschool (around the year 2000) before going back to Windows (I love video games). I switched about 2 years ago back to Linux (Debian). Your comment made me remember xscreensaver and I went and installed it again. The matrix screensaver is a huge throwback, I love it and I missed it.

But it was a pain to do this. I'm using KDE/Plasma on Debian, and I had to follow this process to get it done. My lock buttons built into KDE menus still don't work despite replacing kscreenlocker_greet like the manpage recommends. I'm not sure it's worth my time to try to figure out, since the page warns an update will revert this. I'm not going to remember how to fix it later. I choose to lock my computer with super+L so this isn't a huge issue for me.

The process to use xscreensaver with gnome looks equally bad.

WHY is this so tough, though? Debian "just works" for me, so needing to fumble through this manpage feels pretty lame. The process looks similar on other distros, from a quick google. I'm not an IT person or a programmer, and this doesn't feel very "linux" that it's this way. Why would these window managers replace something that just works?

I suppose it does look a bit dated?