I recently discovered an interesting (and somewhat disappointing, as we’ll find later) fact. It may surprise you to hear that the two most upvoted comments on any Lemmy instance (that I could find at least) are both on Feddit.dk and are quite significantly higher than the next top comments.
The comments in question are:
- This one from @bstix@feddit.dk with a whopping 3661 upvotes.
- This one from @TDCN@feddit.dk with 1481 upvotes.
These upvote counts seems strange when you view them in relation to the post - both of the comments appear in posts that do not even have 300 upvotes.
Furthermore, if you go on any instance other than Feddit.dk and sort for the highest upvoted comments of all time, you will not find these comments (you’ll likely instead find this one from @Plume@lemmy.blahaj.zone).
Indeed, if you view the comments from another instance (here and here), you will see a much more “normal” upvote count: A modest 132 upvotes and a mere 17 upvotes, respectively.
What’s going on?
Well, the answer is Mastodon. Both of these comments somehow did very well in the Mastodon microblogging sphere. I checked my database and indeed, the first one has 3467 upvotes from Mastodon instances and the second one has 1442 upvotes from Mastodon instances.
Notice how both comments, despite being comments on another post, sound quite okay as posts in their own right. A Mastodon user stumbling upon one of these comments could easily assume that it is just another fully independent “toot” (Mastodon’s equivalent of tweet).
Someone from Mastodon must have “boosted” (retweeted) the comments and from there the ball started rolling - more and more people boosted, sharing the comments with their followers and more and more people favorited it. The favorites are Mastodon’s upvote equivalent and this is understood by Lemmy, so the upvote count on Lemmy also goes up.
Okay, so these comments got hugely popular on Mastodon (actually I don’t know if 3.4k upvotes is unusual on Mastodon with their scale but whatever), but why is there this discrepancy between the Lemmy instances then? Why is it only on Feddit.dk that the extra upvotes appear and they don’t appear on other instances?
The reason is the way that Mastodon federates Like objects (upvotes). Like objects are unfortunately only federated to the instance of the user receiving the Like, and that’s where the discrepancy comes from. All the Mastodon instances that upvoted the comments only sent those upvotes directly to Feddit.dk, so no other instances are aware of those upvotes.
This feels disappointing, as it highlights how Lemmy and Mastodon still don’t really function that well together. The idea of a Lemmy post getting big on Mastodon and therefore bigger on Lemmy and thus spreading all over the Fediverse, is unfortunately mostly a fantasy right now. It simply can’t really happen due to the technical way Mastodon and Lemmy function. I’m not sure if there is a way to address this on either side (or if the developers would be willing to do so even if there was).
I personally find Mastodon’s Like sharing mechanism weird - only sharing with the receiving instance means that big instances like mastodon.social have an advantage in “gathering Likes”. When sorting toots based on favorites, bigger instances are able to provide a much better feed for users than smaller instances ever could, simply because they see more of the Likes being given. This feels like something that encourages centralization, which is quite unfortunate I think.
TL;DR: The comments got hugely popular on Mastodon. Mastodon only federates upvotes to the receiving instance so only Feddit.dk has seen the Mastodon upvotes, and other instances are completely unaware.
Does the receiver instance federate that like object to other instances? If not, it is removed for sure.
No, but how could it? Let’s say Feddit.dk receives a Like from mastodon.social. Then Feddit.dk would have to tell the other instances that mastodon.social sent that Like. But how can Feddit.dk prove that the Like actually did come from mastodon.social, i.e. it is not just a fabricated Like that Feddit.dk made up and hid by pretending it came from mastodon.social. That’s not easy.
The like is an activity. Any activity has an actor. Every actor has a public key. If the activity is sent with a cryptographic signature (like LD signatures, which Mastodon does implement) then any one can verify that the activity is legit.
Mastodon explicitly discourages support of LD signatures. It seems it has kind of landed in what I would call “specification hell”.
Discouraged, but still supported. There is also another FEP (forgot the code now) being worked on and implemented by Mitra.
The point is that it is possible for an instance to federate an activity which is not originated by them.
You’re right, that’s worse.
I mean it could be proven by having every account create a cryptographic key and adding a public key to the vote. Memory might be an issue though.
This is in fact how Feddit.dk knows that the Like came from mastodon.social at first. The problem is that the signature is a HTTP Signature which is only associated with the HTTP request that mastodon.social makes to Feddit.dk. It is not on the Like object itself. Thus that signature can’t be transferred to the Like object if Feddit.dk wanted to share it further.
So there’s no way for feddit.dk to translate into a Lemmy style upvote?
There’s not such a thing as a “Lemmy style” upvote. It’s all Like objects under the hood shared via the ActivityPub protocol. But ActivityPub has no mechanism for sharing an activity further than the original receiver (i.e. forwarding from A to B to C and so on). It’s really only made for direct sharing from A to B.
Ohh so the object doesn’t change at all through the process. I see the difficulties
deleted by creator
That would still be directly from one server to another server. I.e. from A to B and from A to C. But forwarding is a different matter, i.e. A sends something to B which sends it further to C. There’s complications with signatures and verification in that case and it’s less clear how to handle that.
deleted by creator
Yes, fetching the URL directly would be a way to verify it. I don’t know if Lemmy currently does that. In any case, it seems very round-about.
deleted by creator
If you have a signature you can also sign the contents, so you wouldn’t need to download the content. But AFAIK ActivityPub has no mechanism for including signatures in objects as it is right now. There’s only HTTP signatures, which aren’t on the object itself.
deleted by creator
So we need to convince the mastodon devs to change it so the signature is on the like object itself.
Unfortunately it is not that easy. It’s not Mastodon that places the signature like that, it is the ActivityPub protocol. Lemmy, Mastodon and all other ActivityPub instances do it this way. You’d need to extend or change the protocol to somehow fix this. That is not easy and not something that will be done overnight.
Of removeding course they did it that way. If i where to hack sonthing together u could also just quote the entire request signature and all and forward it.