Currently, almost anyone in the Fediverse can see Lemmys votes. Lemmy admins can see votes, as well as mods. Only regular Lemmy users can’t. Should the Lemmy devs create a way to make the votes anonymous?

There is a discussion going on right now considering “making the Lemmy votes public” but I think that premisse is just wrong. The votes are public already, they’re just hidden from Lemmy users. Anyone from a kbin/mbin/fedia instance can check out the votes if they are so inclined.

The users right now may fall into a false sense of privacy when voting because the votes are hidden from Lemmy users. If you want to vote something and not show up on the vote list, please create another account to support that type of content and don’t tell anyone.

  • Socsa@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    6
    ·
    3 months ago

    Agreed. 10/10.

    And you don’t even need real crypto here to start. The home instance can just send vote actions as fixed unique tokens. The way the trust framework currently works, this is literally a drop-in replacement and introduces no new spam/brigade vulns which don’t already exist from a rogue instance. It would be imperfect, and may still make it possible to correlate and infer vote patterns for a sufficiently motivated adve, but it would raise the bar for protecting user telemetry by a huge factor with very minimal effort. I’m honestly a bit surprised it hasn’t been done already.

    • Amju Wolf
      link
      fedilink
      English
      arrow-up
      1
      ·
      3 months ago

      introduces no new spam/brigade vulns which don’t already exist from a rogue instance

      It does though. Now a rogue instance would have to have “believable” profiles for the accounts that vote, because an instance of just “lurkers” who seem to suspiciously vote is a pretty big signal of vote manipulation. If you only see a random identifier (or not even that, just a tally of votes) it’d be impossible to tell if it’s truly the instance’s users just passionate about something or actual vote manipulation.

      In other words it would at least make the problem way worse.

      • Socsa@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        2
        ·
        3 months ago

        The rogue instance would still need fake users though. It would be very easy to see if you are getting votes from 300 unique tokens, but the instance only has 100 users.

        Also the method I am proposing would simply be transparent in terms of user management, so if you are running core Lemmy, the only way to generate voting tokens would be to generate users.

        • Amju Wolf
          link
          fedilink
          English
          arrow-up
          2
          ·
          3 months ago

          I guess that’s true. Then you could just ask the instance admins to check their users’ voting patterns / deanonymize them / whatever, and if they don’t comply defederate them.