Just make a rainbow table and get the usernames back.
Comment on You can see who upvoted and downvoted a post by viewing it in friendica.
Irelephant@lemm.ee 1 year ago
I was thinking that it would make sense to federate upvotes, but with the hash of your username instead of your actual handle. Would this work?
Valmond@lemmy.world 1 year ago
m_f@discuss.online 1 year ago
The userbase is small enough that hashing would be easy cracked by a determined person. Even with salting, iterating through the entire userbase and hashing each username+salt to check for a match would probably not take long
Irelephant@lemm.ee 1 year ago
What if a uuid is generated every time a user signs up, and every upvote iterates through the uuids?
rglullis@communick.news 1 year ago
Replace “hashing” with “encrypted” (perhaps just using a symmetric key that the admin sets up) and then it gets impossible to know for any outsiders who is the real user behind the vote.
I for one just wish people understood once and for all that anything you do on social media is public.
If you are not comfortable backing up your opinion or action, then don’t do it.
Mirodir@discuss.tchncs.de 1 year ago
Assuming each user will always encrypt to the same value, this still loses to statistical attacks.
As a simple example, users are e.g. more likely to vote on threads they comment in. With data reaching back far enough, people who exhibit “normal” behavior will be identified with high certainty.
rglullis@communick.news 1 year ago
How long until it gets abused, and trolls start brigading though instances that hide their votes?
Maeve@midwest.social 1 year ago
Or mentally unwell people stalking.
queermunist@lemmy.ml 1 year ago
Nothing stops defederation, though.
rglullis@communick.news 1 year ago
That creates an incentive for trolls to create accounts at the popular instances using this mechanism in order to destroy their reputation.
queermunist@lemmy.ml 1 year ago
But they can just be banned from those instances?
RobotToaster@mander.xyz 1 year ago
One of the advantages of votes being public is that it keeps instance owners honest and, perhaps more importantly, means they know other instance owners are honest.
If they weren’t public it would be easy to modify your lemmy instance to send 10 votes with fake hashes for every real vote. There would be constant accusations of brigading and faking votes.
Rogue@feddit.uk 1 year ago
I’m honestly surprised it hasn’t already become rampant.