Yes, after all other servers need this information in order to prevent double voting, you can't just have servers sending each other information "somebody upvoted this" and also tell when servers are allowing users to vote more than once.

So upvotes and downvotes aren't actually private, never have been, some servers may display them publicly even if most don't.

[–] clutchtwopointzero@lemmy.world 8 points 5 days ago (3 children)

Hashing exists for this use case

[–] Natanael@infosec.pub 3 points 4 days ago* (last edited 4 days ago) (1 children)

Hashing alone if it's just usernames isn't enough. Need something like keyed hashes, but then malicious servers can lie about numbers of votes.

Otherwise you need something ridiculously overengineered like public but encrypted logs of user actions and Zero-knowledge proofs of correctness mapping everything to a distinct existing user without revealing who it is.

As I mentioned in another post: for consistency is better to have each server count total votes from their own users, send a signed & timestamped message with the count to the host of the post being voted on. Then the host can display a consistent vote count to everybody that shows where votes are coming from without manipulation of external votes.

Each individual server can lie about its count, but not by too much or else it will be detected and the server can get defederated (or have its votes ignored).

[–] barsoap@lemm.ee 4 points 4 days ago (1 children)

but then malicious servers can lie about numbers of votes.

They already can do that by pretending to have users they don't have. It's definitely a quick way to get defederated.

[–] Draconic_NEO@lemmy.world 4 points 4 days ago

And it wouldn't be caught quickly or maybe even ever if they opted to use hashes instead of just showing who voted and when.

load more comments (1 replies)

load more comments (13 replies)