• @[email protected]
    link
    fedilink
    English
    234 months ago

    That would be great. I’m not sure how to solve the problems that arises though. If i can send an anonymous vote to an instance, what stops me from sending 100?
    Maybe there’s some smart cryptographical solution here that alludes me, but it seems hard, if possible.

    • @Feathercrown
      link
      English
      04 months ago

      You could just hash your username+instance combo, right?

      • @[email protected]
        link
        fedilink
        English
        114 months ago

        hmm, how would the receiving instance verify? what happens if I send 100 random hashes?

        • @[email protected]
          link
          fedilink
          English
          54 months ago

          This is literally already a problem. I can easily set up an instance and write a simple bot which just spams votes with randomized user strings. There are generally a bunch of these functional vulnerabilities in the AP trust model which are only mitigated by the current lack of scale. Work needs to be put into reworking the trust model, not exposing user telemetry to even more people.

          • @[email protected]
            link
            fedilink
            English
            34 months ago

            I can easily set up an instance and write a simple bot which just spams votes with randomized user strings.

            Well you can do that for a little bit, until your instance gets found out and it gets defederated. And you need to pay for a new domain if you want to do it again. So the current system actually makes it cost real money to do this spam you’re talking about.

          • @[email protected]
            link
            fedilink
            English
            14 months ago

            well, since the voting is public it’s easy to remove your votes and block your instance after the fact

        • @Feathercrown
          link
          English
          1
          edit-2
          4 months ago

          Each instance could store a static private key used to encrypt all usernames in that instance maybe?