Edit: obligatory explanation (thanks mods for squaring me away)…

What you see via the UI isn’t “all that exists”. Unlike Reddit, where everything is a black box, there are a lot more eyeballs who can see “under the hood”. Any instance admin, proper or rogue, gets a ton of information that users won’t normally see. The attached example demonstrates that while users will only see upvote/downvote tallies, admins can see who actually performed those actions.

Edit: To clarify, not just YOUR instance admin gets this info. This is ANY instance admin across the Fediverse.

  • haventbeenlistening@lemmy.world
    link
    fedilink
    English
    arrow-up
    31
    arrow-down
    4
    ·
    há 1 ano

    It is only shocking if the expectation was set that your votes are private. If you wanted to avoid linking an identifiable account with their votes then you could use a de-identified user account to track a user’s votes.

    You could to perform deterministic hashing prior to persisting a vote to ensure that those looking at the database can’t go backwards to find the specific users who voted on a post. But any service that knows the salt and hashing algorithm can start with a user account and determine that user’s voting history.

    This allows you to track up/down votes per user without allowing over-priviledged DBAs or malicious actors from poking around voting histories of identifiable users.

      • haventbeenlistening@lemmy.world
        link
        fedilink
        English
        arrow-up
        4
        ·
        há 1 ano

        Right. Applying any form of application-level encryption to the account IDs stored in the voting tables would prevent anyone without the secret from being able to find out who voted for what by peeking at the voting tables.

        The more I think about this problem, the more solvable it seems to be.