this post was submitted on 19 Aug 2024
693 points (97.5% liked)
Fediverse
28200 readers
362 users here now
A community to talk about the Fediverse and all it's related services using ActivityPub (Mastodon, Lemmy, KBin, etc).
If you wanted to get help with moderating your own community then head over to [email protected]!
Rules
- Posts must be on topic.
- Be respectful of others.
- Cite the sources used for graphs and other statistics.
- Follow the general Lemmy.world rules.
Learn more at these websites: Join The Fediverse Wiki, Fediverse.info, Wikipedia Page, The Federation Info (Stats), FediDB (Stats), Sub Rehab (Reddit Migration), Search Lemmy
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
How about pseudonymous as a compromise? Votes could be publicly federated but tied to some uuid instead of the username. That way you still have the same anti spam ability (can see that a user upvoted these things from this instance at this time) but can't tie it directly to comments or actual user accounts without some extra osint.
It might be theoretically possible to correlate the uuids with an account's activity and dox the user in some cases, especially with some instances having a single user, but it would be very difficult or impossible to do on larger instances and would add an extra layer. Single user instances would be kind of impossible to make totally private anyway because they can be identified by instance.
The issue with that is with malicious instances that could engage with vote manipulation by just generating new IDs and voting for whatever they want. If you can't look back at the profile and determine whether it's a real, non-spam account, it's a pretty big issue unfortunately.
You also have an issue where someone could potentially vote with "your" ID without any way to detect that it's not actually "you" who sent the vote.
they could do similar to another platform had done, which is tie voting to a shadow account that only the instance admin team can link to a user, this allows for moderation while providing the ability for obscurity.
I still disagree it should be public in the first place, but I know it's a hard requirement for federation so it's unlikely to become more concealed
Yeah, that's fair enough, though I'm not sure it's very different from malicious instances creating normal user accounts?
You can see when users from an instance are all suspiciously voting the same way at the same time regardless of whether they are usernames or IDs.
There's lots of legitimate users that only vote but never post so doing it based on that doesn't seem very effective?
The second problem is solved using public key cryptography, the same way that you can't impersonate someone else's username to post comments. Votes and comments are digitally signed (There would need to be a different public key for voting to maintain pseudonymity though).