EDIT: Initial self-votes don’t federate, so it seems this specific way doesn’t work.
Am I missing something, or is Piefed’s private voting kinda trivial to reverse engineer as long as every user by default upvotes every post and comment they make?
If you have a username and want to find the matching private voting ID, search through that user’s posts and comments for an entry that only has one upvote. The vote cast on that entry will be the private voting ID.
If you have a private voting ID and want to find the matching username, search through all votes cast by the private voting ID to find a post/comment that only has one upvote. The user that posted that entry will be the original user.
If it really is this easy, it seems like it’s sort of a false sense of security. On the other hand, if automatic upvoting of your own content could be disabled by default, that would prevent this from working.
If the accounts aren’t randomized, which I think weren’t, then yes, this is possible to do. If the voting timestamps are also recorded, then it is as easy as checking the oldest vote in a comment/post. To make it harder for someone to associate your voting account with your actual account, you would either need to:
I think the best would be creating a new voting account on each vote, but that would kill moderation.
Actually yeah this is pretty easily the best option. Just make it so that every post/comment is upvoted once with your real account, and leave any other votes to the private voting account. This feels so obvious that I’m guessing it already works this way.
Actually I’ve been thinking about this more and I’ve changed my mind. If someone really wants to figure out who voted, they probably still can. It just makes it a bit harder, not impossible.
Say user X makes a post in a dead community and gets a comment from user Y. Then user X upvotes that comment. Now the comment has only two votes. One is from Y themselves and the other is almost certainly from X. The chances would be even higher if X replies to that comment too.
Or imagine a situation where user X and user Z are arguing and start downvoting each other. Depending on how new the comments are and how active the post is, it’s still possible to connect the downvotes to their real accounts
Which is why I now think the only real way to make voting private is to generate a completely new voting account for every single vote. That would make it impossible to trace the votes back to the user across posts/comments.