Lemmy votes ARE public, should they be anonymous?

lalo@discuss.tchncs.de to Fediverse@lemmy.world – 688 points –

Currently, almost anyone in the Fediverse can see Lemmys votes. Lemmy admins can see votes, as well as mods. Only regular Lemmy users can't. Should the Lemmy devs create a way to make the votes anonymous?

There is a discussion going on right now considering "making the Lemmy votes public" but I think that premisse is just wrong. The votes are public already, they're just hidden from Lemmy users. Anyone from a kbin/mbin/fedia instance can check out the votes if they are so inclined.

The users right now may fall into a false sense of privacy when voting because the votes are hidden from Lemmy users. If you want to vote something and not show up on the vote list, please create another account to support that type of content and don't tell anyone.

245

You are viewing a single comment

For anyone interested, there are a few papers on cryptographically secure voting, where both voter anonymity and election integrity are preserved.

Most designs consider three separate entities, where if you accumulate the information between those entities you would be able to identify a voter and his vote, but each entity on itself does not hold enough information.

The problem isn't keeping votes anonymous, that's easy. The problem is bots/spam. You could just create a new instance and then upvote a post from another instance a thousand times. If the votes are anonymous for the other instance it's tough to say if they are genuine users or just bots.

That's the main issue here, when votes are anonymous you could easily just spam votes with no way to trace it back. If it's a rogue instance then fine, you can ban the whole instance. But imagine if lemmy.world starts using fake votes in the background towards other instances.

What keeps from doing that right now? You can just create an instance and bot accounts on that

It would be damn easy to look up the instance and their "users" and see that the users are not genuine. Then ban the whole instance.

If you are worried about duplicates, aka a single bot spamming multiple votes, then that's feasible to mitigate.

If you are worried about multiple bots spamming one vote each, that's harder to mitigate and it comes down to how the instances handles bot accounts in general. IMO it's best to ignore the bot problem and instead focus on designing a vote weighting system that favors similar instances.

designing a vote weighting system that favors similar instances

Would make the whole thing even worse, as I could create several new instances with 10 bot users each, then hammer out the votes.

The entire problem is that you can't trace back each vote to a genuine user. It would be bad in case of fake instances that create 100 user accounts and upvote/downvote stuff, but you can ban the instance. It would be a disaster if a big instance creates fake votes (like lemmy.world suddenly adds 1000 fake users and uses them to manipulate other instances, if votes were anonymous you couldn't check if it's genuine lemmy.world users or fake accounts).

Thanks @souperk@reddthat.com,
i believe many users will be interested in these papers about cryptographically secure voting.

Amongst them there would be :
@rimu@piefed.social
@SorteKanin@feddit.dk
@brbposting@sh.itjust.works

Not sure if you are being sarcastic or not but I found this review.

https://www.mdpi.com/2073-8994/14/5/858

I had done some research about a year ago, but I don't have the papers saved.

No I was not sarcastic. So now i am trying to read your paper and i think that it is above my knowledge level.

As a layman i had the intuition that instead of having two accounts as i proposed for voting and commenting which was implemented by @rimu, we might have had something like blockchain or filecoin or some coin that would represent voting power and that would be based on our commenting value... so that coin would have been an intermediary to make voting anonymous.

Finally i know enough about science that i know that i don't know much.

Edit : after a rapid overview of the article i would say that this method :
"Blind Signature-Based e-Voting"
would be most appropriate to our social media voting and i noticed the work they have done is more targeting national elections where the outcome is much more important.

This isn't going to solve anything. Cryptographically secure voting helps when you can ensure that each person only gets to vote once. But anyone can just sign up for more accounts or make loads of bot accounts and vote multiple times. This solves nothing.

That's interesting. I have read multiple comments to the effect that it would not be possible for lemmy to implement anonymous voting because the underlying ActivityPub protocol does not support it. So it sounds like solutions do exist, although I suppose the effort required to modify ActivityPub is too much, more likely the feature will be included in some successor to the fediverse.