It’s only fake numbers for posts on the instance.
Not the first malicious instance, wont be the last.
Comment on You can see who upvoted and downvoted a post by viewing it in friendica.
schnurrito@discuss.tchncs.de 3 days agoYes, but then you can have malicious servers sending fake numbers without other server operators being able to check whether this is at all plausible.
(It’s still possible for malicious servers to send fake votes, but server operators can see which users they are stated to originate from, then block that server if that looks like it’s doing that. At least that is my understanding.)
Wooki@lemmy.world 3 days ago
PeriodicallyPedantic@lemmy.ca 3 days ago
What do you mean “send fake votes”?
Or rather, who do you think should be responsible for identifying and blocking fraudulent votes?
And how do you reconcile votes that come from servers that you’ve defederated with? Should everyone have the same view of the post, or should people only see votes from servers that their server is federated with? What about votes from users you’ve personally blocked? Etc
I personally kinda think that the responsibility is on the server hosting the post, and that everyone should see the same (but anonymous) vote count, of which the hosting server is the single source of truth.
skulblaka@sh.itjust.works 3 days ago
A malicious hosting server could use fake points to blast any message to the top of everyone’s feeds until manually banned or defederated
PeriodicallyPedantic@lemmy.ca 3 days ago
I’m not sure how giving every server access to the votes solves that.
The malicious server can make fake users to pump up votes. your server admin has to notice, then check the vote logs, then see what’s happening and defederate them. That’s pretty much what you described in your scenario, anyways.
Die4Ever@programming.dev 3 days ago
It’s way easier to notice and defed when you can see these fake usernames
catloaf@lemm.ee 3 days ago
Yes, that’s happened before. They were sending a very large number of votes, so it was immediately obvious. Even a couple dozen from an unknown instance will be noticed, when an admin sees it and says “huh I haven’t heard of that instance” and when they look there’s nothing there.