As it was recently discussed a lot of the data you generate while using the fediverse is public. If we’re looking at the threadiverse even more of it is public including your votes.
I only know the specifics of Mastodon and mbin, so maybe @rimu@piefed.social @nutomic@lemmy.ml @julian@community.nodebb.org and other devs can chime in here.
Voting on Mastodon is a lot more private than voting in the threadiverse. Only the author of a post (and their instance) knows everyone who voted on a post. Everybody else can retrieve the total numbers, but not the individual votes. Of course this comes with the downside that everyone else has to fetch this data and while the instance could send an Update activity - informing other instances that the numbers changed - Mastodon currently does not do that.
In the threadiverse on the other hand, every single vote gets send around the network, including all the details.
I would like the threadiverse software to get a bit better at privacy. Mastodon is often restrictive with activities for that exact reason and while I do not want to completely screw visibility by not sending anything to anyone, I think the visibility of votes can be improved a lot.
So my proposal would be: votes are only sent to the author of a post. The author then sends an Update activity to their followers and the magazine the post belongs to. The magazine then announces this Update activity to all its subscribers. The post object has to contain the relevant numbers of course and Mastodon and PeerTube use shares, likes and dislikes (PeerTube only). These properties then contain a Collection with a property called totalItems and not a list of the people who actually voted, that would defeat the purpose (looking at you PeerTube)
Because nobody wants to break federation with other software, it would be nice if this could be coordinated between all the threadiverse actors
If you have malicious software, then nothing. Nothing prevents malicious software to invent users who create like activities either… So in my opinion nothing changes about that
If your instance invents fake users for voting, that is very easy to spot if you view the profile and its all empty. So you need to add a profile picture, bio and some posts as well. But if the names and avatars are all similar, or the posts are obviously LLM generated, its still quite easy to spot manipulation. Or if the modlog for that user has entries for vote manipulation. On the other hand if there is only the total number of votes, there is no way at all to see if they are legit.
I think a much better option for vote privacy is what Piefed tried using “Local-only votes”. So privacy-conscious users can choose that their votes are not federated, and then only the local admin can see them. This could be a simple boolean user setting, or could be more granular to allow/disallow vote federation with specific instances.
That’s more effort to do and easier to detect.