Hey folks! Just realized something that makes Lemmy different from Reddit. Because of the federation, your votes are not technically anonymous on Lemmy. At least, I think.

Although there’s no UI to look at a user’s voting history yet, one could conceivably be built by an instance. Perhaps coincidentally, I hear there’s instances out there populated by mostly bots?

  • JackbyDev@programming.dev
    link
    fedilink
    English
    arrow-up
    6
    ·
    1 year ago

    Maybe you could hash the user and post together somehow this way it is hashed but also unique per post. If you only hashed the username then the entirety of the user’s voting history would be known if the hash was reverted.

    • o_o@programming.devOP
      link
      fedilink
      English
      arrow-up
      7
      ·
      1 year ago

      Could be hashed and salted, with a random salt.

      The trouble is, then, that it’s harder to disallow users from voting multiple times if the voting user isn’t on the post’s home instance.

        • o_o@programming.devOP
          link
          fedilink
          English
          arrow-up
          5
          ·
          1 year ago

          Yes, true, the current system does allow that. But the current system also doesn’t allow users to accidentally vote twice (and it remembers your vote)— this is the feature I think would be more challenging to implement if we were to hash & salt the user’s ID.

    • kevincox@lemmy.ml
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      Hashing can’t effectively protect known values. If you want to know if someone voted for a post you can just hash their username and post ID. This is trivial and cheap.

      If you want to know who voted on a post you just find every username you can find and hash it. It isn’t super cheap but isn’t very expensive either. There are only 8G people on the planet, many bitcoin rigs can calculate this in seconds. Sure, you can use a more expensive hash and there may be more accounts than people but it will remain feasible.

      This is the same reason you can’t hash phone numbers in a meaningful way.

      The best option is probably just for the instance to report counts and you just have to trust it. If it is noticed that an instance seems to be inflating votes you stop counting its votes. People can work together to create blocklists for known cheating instances. Your instance would still know this but at least it is within your trust, not federated publicly.

      • JackbyDev@programming.dev
        link
        fedilink
        English
        arrow-up
        0
        ·
        1 year ago

        Nah, if you can properly hash a password such that it doesn’t match the same properly hashed password from a different website then you can properly hash usernames in this case such that others couldn’t reverse it or put in the same input and get the same output you created. The technology is there. It’s more of a question if it’s really worth it. At least for now I’m not concerned with a malicious admin leaking someone’s vote history.

        https://en.wikipedia.org/wiki/Salt_(cryptography)

        • kevincox@lemmy.ml
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          No, hashing passwords is a different case because you know what the user is so you can use a unique salt. The password itself is also high entropy. For this use cause you can have at best per-post salt.

          Think about it. The task that you are asking for is to quickly check if a user has voted for a post to prevent duplicates. So literally the operation you want is the same as you are trying to prevent. If you can enumerate users then you an by definition check if they have voted for a post.