YSK: Your Lemmy activities (e.g. downvotes) are far from private - eviltoast

Edit: obligatory explanation (thanks mods for squaring me away)…

What you see via the UI isn’t “all that exists”. Unlike Reddit, where everything is a black box, there are a lot more eyeballs who can see “under the hood”. Any instance admin, proper or rogue, gets a ton of information that users won’t normally see. The attached example demonstrates that while users will only see upvote/downvote tallies, admins can see who actually performed those actions.

Edit: To clarify, not just YOUR instance admin gets this info. This is ANY instance admin across the Fediverse.

  • QuadratureSurfer@lemmy.world
    link
    fedilink
    English
    arrow-up
    10
    arrow-down
    2
    ·
    1 year ago

    Let me be a little more clear, the Admins of your account’s particular instance should be the only ones that have access to your votes.

    Now the question remains about when your account posts/comments into a different instance, who should have access to those votes? Perhaps your instance has a way of obfuscating the votes of any user coming from your instance, or else only the admins of the community that you’re posting into will have access to your votes?

    The problem really comes down to how we avoid the problem with duplicating votes. Currently this is easy as each vote is public so every instance can verify the correct vote count. But implementing either of the solutions above will need a way to verify the correct number of votes.

    To top it off you would also need a way to detect if a malicious instance had come along and started lying about how many votes had been cast.

    One thing we can look at under the hood would be how cryptocurrency works as they have solved both the problem of duplicate values as well as the ability to trust those values being sent. All of the code is free and open source so we can pick out the parts that we need and reuse it. (And no, I’m not telling people to go out and buy crypto).

    Z Cash would be a particularly good one to look at as it ensures a “zero knowledge” (or “zero trust”) method of sending the values across “nodes” (or in our case “instances”). Using this, who is voting on what would be hidden, but we could ensure that the values are correct.

    Additionally you could probably throw out the second hashing algorithm altogether and just keep the Blake2b hashing algorithm as this one is far more efficient and quick to compute (and that second algorithm was mostly thrown in to prevent people with specialized hardware from being able to come in and beat anyone else running on just a GPU/CPU). https://github.com/zcash/zcash

    However, using this particular method would make it so that not even the instance admins would be able to view the details of anyone’s votes (which may be a good thing after all if we decide that any random instance admin is not to be trusted).

    • sauerkraus@lemmy.world
      link
      fedilink
      English
      arrow-up
      6
      arrow-down
      3
      ·
      1 year ago

      There’s no need to complicate things by bringing crypto buzzwords into it. It’s already been solved faster, better, and easier just like everything else cryptobros invent a problem for.

      • QuadratureSurfer@lemmy.world
        link
        fedilink
        English
        arrow-up
        5
        ·
        1 year ago

        The crypto example was only a suggestion because they have simply solved the exact same problem we are looking at: duplicate votes (transactions) and verifying the results while being able to hide it.

        I would love to hear any other suggestions that people may have that solve these problems. Copying open source code from crypto isn’t the only option. So let’s look for solutions instead of dismissals (unless you’re arguing for keeping votes public of course).