Currently, almost anyone in the Fediverse can see Lemmys votes. Lemmy admins can see votes, as well as mods. Only regular Lemmy users can’t. Should the Lemmy devs create a way to make the votes anonymous?

There is a discussion going on right now considering “making the Lemmy votes public” but I think that premisse is just wrong. The votes are public already, they’re just hidden from Lemmy users. Anyone from a kbin/mbin/fedia instance can check out the votes if they are so inclined.

The users right now may fall into a false sense of privacy when voting because the votes are hidden from Lemmy users. If you want to vote something and not show up on the vote list, please create another account to support that type of content and don’t tell anyone.

  • souperk@reddthat.com
    link
    fedilink
    English
    arrow-up
    36
    ·
    3 months ago

    For anyone interested, there are a few papers on cryptographically secure voting, where both voter anonymity and election integrity are preserved.

    Most designs consider three separate entities, where if you accumulate the information between those entities you would be able to identify a voter and his vote, but each entity on itself does not hold enough information.

    • Vlyn@lemmy.zip
      link
      fedilink
      English
      arrow-up
      8
      ·
      3 months ago

      The problem isn’t keeping votes anonymous, that’s easy. The problem is bots/spam. You could just create a new instance and then upvote a post from another instance a thousand times. If the votes are anonymous for the other instance it’s tough to say if they are genuine users or just bots.

      That’s the main issue here, when votes are anonymous you could easily just spam votes with no way to trace it back. If it’s a rogue instance then fine, you can ban the whole instance. But imagine if lemmy.world starts using fake votes in the background towards other instances.

      • nimpnin@sopuli.xyz
        link
        fedilink
        English
        arrow-up
        10
        ·
        3 months ago

        What keeps from doing that right now? You can just create an instance and bot accounts on that

        • Vlyn@lemmy.zip
          link
          fedilink
          English
          arrow-up
          3
          ·
          3 months ago

          It would be damn easy to look up the instance and their “users” and see that the users are not genuine. Then ban the whole instance.

      • souperk@reddthat.com
        link
        fedilink
        English
        arrow-up
        2
        ·
        3 months ago

        If you are worried about duplicates, aka a single bot spamming multiple votes, then that’s feasible to mitigate.

        If you are worried about multiple bots spamming one vote each, that’s harder to mitigate and it comes down to how the instances handles bot accounts in general. IMO it’s best to ignore the bot problem and instead focus on designing a vote weighting system that favors similar instances.

        • Vlyn@lemmy.zip
          link
          fedilink
          English
          arrow-up
          1
          ·
          3 months ago

          designing a vote weighting system that favors similar instances

          Would make the whole thing even worse, as I could create several new instances with 10 bot users each, then hammer out the votes.

          The entire problem is that you can’t trace back each vote to a genuine user. It would be bad in case of fake instances that create 100 user accounts and upvote/downvote stuff, but you can ban the instance. It would be a disaster if a big instance creates fake votes (like lemmy.world suddenly adds 1000 fake users and uses them to manipulate other instances, if votes were anonymous you couldn’t check if it’s genuine lemmy.world users or fake accounts).

    • wazoobonkerbrain@lemmy.world
      link
      fedilink
      English
      arrow-up
      2
      ·
      3 months ago

      That’s interesting. I have read multiple comments to the effect that it would not be possible for lemmy to implement anonymous voting because the underlying ActivityPub protocol does not support it. So it sounds like solutions do exist, although I suppose the effort required to modify ActivityPub is too much, more likely the feature will be included in some successor to the fediverse.