this post was submitted on 17 Feb 2025
349 points (95.6% liked)

Fediverse

36132 readers
24 users here now

A community to talk about the Fediverse and all it's related services using ActivityPub (Mastodon, Lemmy, KBin, etc).

If you wanted to get help with moderating your own community then head over to !moderators@lemmy.world!

Rules

Learn more at these websites: Join The Fediverse Wiki, Fediverse.info, Wikipedia Page, The Federation Info (Stats), FediDB (Stats), Sub Rehab (Reddit Migration)

founded 2 years ago
MODERATORS
ruud@lemmy.world
Xylinna@lemmy.world
MrCenny@lemmy.world
TragicNotCute@lemmy.world
automodbeta@lemmy.world
woelkchen@lemmy.world
349
You can see who upvoted and downvoted a post by viewing it in friendica. (lemm.ee)
submitted 5 months ago by Irelephant@lemm.ee to c/fediverse@lemmy.world
142 comments fedilink hide all child comments
 

Upvotes seem to just federate as likes and dislikes.

you are viewing a single comment's thread
view the rest of the comments
[–] Irelephant@lemm.ee 12 points 5 months ago (5 children)

I was thinking that it would make sense to federate upvotes, but with the hash of your username instead of your actual handle. Would this work?

[–] m_f@discuss.online 28 points 5 months ago (2 children)

The userbase is small enough that hashing would be easy cracked by a determined person. Even with salting, iterating through the entire userbase and hashing each username+salt to check for a match would probably not take long

[–] rglullis@communick.news 13 points 5 months ago (1 children)

Replace "hashing" with "encrypted" (perhaps just using a symmetric key that the admin sets up) and then it gets impossible to know for any outsiders who is the real user behind the vote.

I for one just wish people understood once and for all that anything you do on social media is public.

If you are not comfortable backing up your opinion or action, then don't do it.

[–] Mirodir@discuss.tchncs.de 19 points 5 months ago

Assuming each user will always encrypt to the same value, this still loses to statistical attacks.

As a simple example, users are e.g. more likely to vote on threads they comment in. With data reaching back far enough, people who exhibit "normal" behavior will be identified with high certainty.

[–] Irelephant@lemm.ee 1 points 5 months ago (1 children)

What if a uuid is generated every time a user signs up, and every upvote iterates through the uuids?

[–] Natanael 1 points 5 months ago

No.

Let each server sign a timestamped counter of total votes from their own users, sending that to the hosting server for the post voted on. Then it can update the vote count as needed. The host then displays combined votes, and can display votes per server too, with signatures to prevent manipulation of counts.

If any server has suspicious vote counts it can get filtered out.

[–] RobotToaster@mander.xyz 23 points 5 months ago (1 children)

One of the advantages of votes being public is that it keeps instance owners honest and, perhaps more importantly, means they know other instance owners are honest.

If they weren't public it would be easy to modify your lemmy instance to send 10 votes with fake hashes for every real vote. There would be constant accusations of brigading and faking votes.

[–] Rogue@feddit.uk 3 points 5 months ago

I'm honestly surprised it hasn't already become rampant.

[–] rglullis@communick.news 12 points 5 months ago (1 children)

How long until it gets abused, and trolls start brigading though instances that hide their votes?

[–] Maeve@midwest.social 2 points 5 months ago

Or mentally unwell people stalking.

[–] Valmond@lemmy.world 4 points 5 months ago

Just make a rainbow table and get the usernames back.

[–] PhilipTheBucket@ponder.cat 4 points 5 months ago

Piefed already does this, because it is the way.