this post was submitted on 17 Feb 2025
368 points (95.5% liked)

Fediverse

37509 readers
138 users here now

A community to talk about the Fediverse and all it's related services using ActivityPub (Mastodon, Lemmy, KBin, etc).

If you wanted to get help with moderating your own community then head over to !moderators@lemmy.world!

Rules

Learn more at these websites: Join The Fediverse Wiki, Fediverse.info, Wikipedia Page, The Federation Info (Stats), FediDB (Stats), Sub Rehab (Reddit Migration)

founded 2 years ago
MODERATORS
 

Upvotes seem to just federate as likes and dislikes.

you are viewing a single comment's thread
view the rest of the comments
[–] Irelephant@lemm.ee 12 points 8 months ago (5 children)

I was thinking that it would make sense to federate upvotes, but with the hash of your username instead of your actual handle. Would this work?

[–] m_f@discuss.online 27 points 8 months ago (2 children)

The userbase is small enough that hashing would be easy cracked by a determined person. Even with salting, iterating through the entire userbase and hashing each username+salt to check for a match would probably not take long

[–] rglullis@communick.news 13 points 8 months ago (1 children)

Replace "hashing" with "encrypted" (perhaps just using a symmetric key that the admin sets up) and then it gets impossible to know for any outsiders who is the real user behind the vote.

I for one just wish people understood once and for all that anything you do on social media is public.

If you are not comfortable backing up your opinion or action, then don't do it.

[–] Mirodir@discuss.tchncs.de 18 points 8 months ago

Assuming each user will always encrypt to the same value, this still loses to statistical attacks.

As a simple example, users are e.g. more likely to vote on threads they comment in. With data reaching back far enough, people who exhibit "normal" behavior will be identified with high certainty.

[–] Irelephant@lemm.ee 1 points 8 months ago

What if a uuid is generated every time a user signs up, and every upvote iterates through the uuids?

[–] RobotToaster@mander.xyz 22 points 8 months ago (1 children)

One of the advantages of votes being public is that it keeps instance owners honest and, perhaps more importantly, means they know other instance owners are honest.

If they weren't public it would be easy to modify your lemmy instance to send 10 votes with fake hashes for every real vote. There would be constant accusations of brigading and faking votes.

[–] Rogue@feddit.uk 3 points 8 months ago

I'm honestly surprised it hasn't already become rampant.

[–] rglullis@communick.news 12 points 8 months ago (2 children)

How long until it gets abused, and trolls start brigading though instances that hide their votes?

[–] queermunist@lemmy.ml 3 points 8 months ago (1 children)

Nothing stops defederation, though.

[–] rglullis@communick.news 5 points 8 months ago (1 children)

That creates an incentive for trolls to create accounts at the popular instances using this mechanism in order to destroy their reputation.

[–] queermunist@lemmy.ml 3 points 8 months ago (1 children)

But they can just be banned from those instances?

[–] rglullis@communick.news 2 points 8 months ago (1 children)

How would that work? How would an admin separate downvotes from brigaders and legitimate users who happen to downvote a comment?

[–] queermunist@lemmy.ml 3 points 8 months ago (1 children)

Banning trolls would be doable - they'd have patterns where they target specific users across many different communities. If the same user downvotes everything I've ever said, from controversial political takes to pictures of food to posts about gardening, that's probably a malicious user.

But "brigading" doesn't mean anything and I don't respect the concept. You can't ban it because you can't define it in a way that doesn't include normal usage of the site.

[–] rglullis@communick.news 1 points 8 months ago (1 children)

If the same user downvotes everything I’ve ever said,

Right. How would you know what "the same user" is? Let's say that your posts get downvoted at random intervals by 5-10 users in the first 45-120 minutes. They all have different user names. What are you going to do? Create a report against any particular user and hope that the mods look into it?

[–] queermunist@lemmy.ml 2 points 8 months ago (1 children)

If everyone's votes are public then it seems trivial to see how any particular user votes.

If user shithead69420 downvotes literally everything I post, they're probably not a good faith user.

[–] rglullis@communick.news 1 points 8 months ago (1 children)

Yes, but that's kind of my point?

if downvotes are public, the admin of your instance can see who is downvoting you and then they can take action. If the downvotes are coming from an instance that hides the real user for every vote, you and the admin are SOL.

[–] queermunist@lemmy.ml 2 points 8 months ago* (last edited 8 months ago) (1 children)

Oh I see, you were talking about a hypothetical where all instances hide their votes and so no one knows who is voting on anything.

My assumption was that these vote records would remain transparent on most instances because the instances that hide their votes just get defederated, because those are always going to be instances where trolls hide.

[–] rglullis@communick.news 0 points 8 months ago (1 children)

Yeah, let's make things less abstract and talk about real examples.

piefed.social is not sending the real voters out. You think that alone should be grounds to get lemmy.ml (your instance) to defederate them. Am I understanding you correctly?

[–] queermunist@lemmy.ml 1 points 8 months ago

Oh no, I think defederation is only necessary when an instance becomes a problem. Until piefed.social becomes a haven for trolls to manipulate vote counts (which might never happen) then it's fine.

But if a dozen anonymized piefed.social votes start downvoting everything I say because they're monitoring my account then their admins would need to do something about it. If they didn't, I'd want defederation.

[–] Maeve@midwest.social 2 points 8 months ago

Or mentally unwell people stalking.

[–] PhilipTheBucket@ponder.cat 4 points 8 months ago

Piefed already does this, because it is the way.

[–] Valmond@lemmy.world 3 points 8 months ago

Just make a rainbow table and get the usernames back.