Currently, almost anyone in the Fediverse can see Lemmys votes. Lemmy admins can see votes, as well as mods. Only regular Lemmy users can’t. Should the Lemmy devs create a way to make the votes anonymous?

There is a discussion going on right now considering “making the Lemmy votes public” but I think that premisse is just wrong. The votes are public already, they’re just hidden from Lemmy users. Anyone from a kbin/mbin/fedia instance can check out the votes if they are so inclined.

The users right now may fall into a false sense of privacy when voting because the votes are hidden from Lemmy users. If you want to vote something and not show up on the vote list, please create another account to support that type of content and don’t tell anyone.

  • mozz@mbin.grits.dev
    link
    fedilink
    arrow-up
    33
    arrow-down
    6
    ·
    edit-2
    3 months ago

    With the current way that ActivityPub works, this isn’t really possible. Every vote needs to be signed by some real user; if that changed such that anonymous votes were accepted then there’s nothing to stop any random person from adding 5 or 5,000 anonymous votes.

    • lalo@discuss.tchncs.deOP
      link
      fedilink
      English
      arrow-up
      13
      ·
      3 months ago

      What it the instance signs the activity? Then it propagates to others instances after local validation. That way only local admins would have access to voting data. Malicious instances could still be defederated/blocked/have votes disregarded.

      • Max-P@lemmy.max-p.me
        link
        fedilink
        English
        arrow-up
        9
        arrow-down
        2
        ·
        3 months ago

        The problem with that is, can you really trust most instances out there? If you’re a sketchy admin, it’s not that hard to convince a handful of people to use your instance and have a couple dozen anonymous votes at your disposal to influence certain topics. There’s no way to detect it, not even the other users.

        That would then mean that small instances would have to prove themselves before being accepted in the wider network of instances and just end up centralizing the fediverse.

        With the votes being public, while you can create as many accounts as you want, you still have to publicly use a bunch of bot accounts which makes it more easily detectable. And of course, there’s no way your instance can get away with impersonating you, because you could see it sneaking votes or comments.

        I wish it could be more private, but I can’t think of a way you can prevent vote manipulation without revealing who actually voted for what or rely on trust. Another way to look at it would be, what if Lemmy didn’t use instances but instead some sort of decentralized system where each user is its own entity. How would we obfuscate the votes then? Anyone can publish a message to the network, so you need to tie it to some identity, and you circle right back to the problem.

        For privacy, there’s always alt accounts and recycling accounts often. Or treat the votes as if you were commenting “+1” or “-1”.

        Unless someone comes up with some crypto scheme to somehow anonymously prove that a user has voted, and has voted only once, and the user has credible history being a real person.

        Personally, it’s a tradeoff I chose as the price of entry for being able to participate in this while being fully independent of some benevolent person/organization/company/private equity firm. Nobody can take away my API or my apps or shove me ads. I can post entire 4K HDR clips if I want. I can have an offline copy of it if I want to read on a plane trip. I can index Lemmy, I can search Lemmy.

        • lalo@discuss.tchncs.deOP
          link
          fedilink
          English
          arrow-up
          5
          ·
          3 months ago

          We already depend on trusting instances for a lot of what’s going on here, I don’t see why we shouldn’t be able to defederate untrusted ones.

          • Richard@lemmy.world
            link
            fedilink
            English
            arrow-up
            4
            arrow-down
            1
            ·
            3 months ago

            That would then mean that small instances would have to prove themselves before being accepted in the wider network of instances and just end up centralizing the fediverse.

            Most of us want the Fediverse to eternally decentralise. Imho, this would be the optimal scenario. Whitelists would be a major obstacle to the décentralisation effort.

    • chicken@lemmy.dbzer0.com
      link
      fedilink
      English
      arrow-up
      5
      ·
      3 months ago

      I bet you could do it with ring signatures

      a message signed with a ring signature is endorsed by someone in a particular set of people. One of the security properties of a ring signature is that it should be computationally infeasible to determine which of the set’s members’ keys was used to produce the signature