• SorteKaninA
    link
    fedilink
    arrow-up
    1
    ·
    1 year ago

    this kind of vote manipulation is going to be a problem for federated communities

    This is not exclusive to federated communities. Reddit has vote manipulation too.

    • booly@sh.itjust.works
      link
      fedilink
      arrow-up
      1
      ·
      1 year ago

      Reddit does have vote manipulation, but reddit admins can easily see much stronger indicators of the same person behind multiple user accounts: Server logs of user agent, IP address, interface/API key, script support and activity that tends to give away browser type and history, etc.

      Most of that information is only available to instance admins, so admins of one instance can’t see when external votes are coming in from the same users who already voted using accounts on your instance.

      • SorteKaninA
        link
        fedilink
        arrow-up
        1
        ·
        1 year ago

        Most of that information is only available to instance admins, so admins of one instance can’t see when external votes are coming in from the same users who already voted using accounts on your instance.

        Admins can see how users vote, even external users. So it’s no different from local users on the same instance (which would be how reddit operates). So I don’t see how this is different.

        • booly@sh.itjust.works
          link
          fedilink
          arrow-up
          1
          ·
          1 year ago

          The instance I’m logged into doesn’t forward my user agent, IP address, or CSS/script support (or other fingerprinting techniques) to the other instance. Everything I do in a community hosted on another instance is forwarded through my instance server as a middleman, and I never directly connect to the other instance server.

          The admins of an instance (or reddit) might be able to analyze server logs of different users on their own instance to be able to determine those things, but can’t apply that analysis to accounts from other instances, whose interaction with the server doesn’t actually include a login or any direct connections to the server they administer. All they have to go on is the ActivityPub logs, which won’t include that fingerprinting information.