Over thinking.
Only the instance needs the username to register the vote, the count can then be updated by the instance. Simple and lightweight
Comment on You can see who upvoted and downvoted a post by viewing it in friendica.
schnurrito@discuss.tchncs.de 4 days ago
Yes, after all other servers need this information in order to prevent double voting, you can’t just have servers sending each other information “somebody upvoted this” and also tell when servers are allowing users to vote more than once.
So upvotes and downvotes aren’t actually private, never have been, some servers may display them publicly even if most don’t.
Wooki@lemmy.world 4 days ago
clutchtwopointzero@lemmy.world 4 days ago
Hashing exists for this use case
socsa@piefed.social 4 days ago
There are plenty of ways to handle double voting without plaintext user strings. The fact that it's done this way is just lazy and poor design and doesn't actually so anything to prevent a rogue instance from vote spamming with fake users.
MDCCCLV@lemmy.ca 4 days ago
They should be.
PeriodicallyPedantic@lemmy.ca 4 days ago
The server hosting the post needs it.
It only needs to tell other servers the vote count, and the votes of people on that other server.
schnurrito@discuss.tchncs.de 4 days ago
Yes, but then you can have malicious servers sending fake numbers without other server operators being able to check whether this is at all plausible.
(It’s still possible for malicious servers to send fake votes, but server operators can see which users they are stated to originate from, then block that server if that looks like it’s doing that. At least that is my understanding.)
PeriodicallyPedantic@lemmy.ca 4 days ago
What do you mean “send fake votes”?
Or rather, who do you think should be responsible for identifying and blocking fraudulent votes?
And how do you reconcile votes that come from servers that you’ve defederated with? Should everyone have the same view of the post, or should people only see votes from servers that their server is federated with? What about votes from users you’ve personally blocked? Etc
I personally kinda think that the responsibility is on the server hosting the post, and that everyone should see the same (but anonymous) vote count, of which the hosting server is the single source of truth.
skulblaka@sh.itjust.works 4 days ago
A malicious hosting server could use fake points to blast any message to the top of everyone’s feeds until manually banned or defederated
Wooki@lemmy.world 4 days ago
It’s only fake numbers for posts on the instance.
Not the first malicious instance, wont be the last.