Edit: obligatory explanation (thanks mods for squaring me away)…

What you see via the UI isn’t “all that exists”. Unlike Reddit, where everything is a black box, there are a lot more eyeballs who can see “under the hood”. Any instance admin, proper or rogue, gets a ton of information that users won’t normally see. The attached example demonstrates that while users will only see upvote/downvote tallies, admins can see who actually performed those actions.

Edit: To clarify, not just YOUR instance admin gets this info. This is ANY instance admin across the Fediverse.

  • Wander@yiffit.net
    link
    fedilink
    English
    arrow-up
    6
    ·
    1 year ago

    It’s not possible to make votes private is your care about no manipulation happening. Otherwise any self hosted instance could just communicate any made up amount of votes.

    • WIPocket@lemmy.world
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      Cant they? Sure, they would have to make up new users instead of simply saying a number, but what is actually preventing that?

      • Wander@yiffit.net
        link
        fedilink
        English
        arrow-up
        3
        ·
        1 year ago

        We can monitor actual active users that an instance has. Anything artificial in volumes enough to have an impact would be noticeable in some way to other instances.

        • lightrush@lemmy.ca
          link
          fedilink
          English
          arrow-up
          3
          ·
          1 year ago

          Can’t someone talk ActivityPub directly and do this? If the instance is responsible to authenticate the users, the instance can just directly talk ActivityPub to the rest of the network and tell it users and votes on the fly, without even Lemmy running there.

      • lightrush@lemmy.ca
        link
        fedilink
        English
        arrow-up
        2
        ·
        edit-2
        1 year ago

        Without a common authentication scheme that every instance checks against… Probably anyone can do it. I don’t know how you’d even approach this. Signed messages via GPG with a common pubkey host? Some blockchain scheme for authentication that obviates the need for a central host? I’ve no idea.