Yes, after all other servers need this information in order to prevent double voting, you can’t just have servers sending each other information “somebody upvoted this” and also tell when servers are allowing users to vote more than once.
So upvotes and downvotes aren’t actually private, never have been, some servers may display them publicly even if most don’t.
It only needs to tell other servers the vote count, and the votes of people on that other server.
That may not be how it actually works, but that’s all that’s needed
Yes, but then you can have malicious servers sending fake numbers without other server operators being able to check whether this is at all plausible.
(It’s still possible for malicious servers to send fake votes, but server operators can see which users they are stated to originate from, then block that server if that looks like it’s doing that. At least that is my understanding.)
What do you mean “send fake votes”?
Or rather, who do you think should be responsible for identifying and blocking fraudulent votes?
And how do you reconcile votes that come from servers that you’ve defederated with? Should everyone have the same view of the post, or should people only see votes from servers that their server is federated with? What about votes from users you’ve personally blocked? Etc
I personally kinda think that the responsibility is on the server hosting the post, and that everyone should see the same (but anonymous) vote count, of which the hosting server is the single source of truth.
There are plenty of ways to handle double voting without plaintext user strings. The fact that it’s done this way is just lazy and poor design and doesn’t actually do anything to prevent a rogue instance from vote spamming with fake users.
Yes, after all other servers need this information in order to prevent double voting, you can’t just have servers sending each other information “somebody upvoted this” and also tell when servers are allowing users to vote more than once.
So upvotes and downvotes aren’t actually private, never have been, some servers may display them publicly even if most don’t.
The server hosting the post needs it.
It only needs to tell other servers the vote count, and the votes of people on that other server.
That may not be how it actually works, but that’s all that’s needed
Yes, but then you can have malicious servers sending fake numbers without other server operators being able to check whether this is at all plausible.
(It’s still possible for malicious servers to send fake votes, but server operators can see which users they are stated to originate from, then block that server if that looks like it’s doing that. At least that is my understanding.)
What do you mean “send fake votes”?
Or rather, who do you think should be responsible for identifying and blocking fraudulent votes?
And how do you reconcile votes that come from servers that you’ve defederated with? Should everyone have the same view of the post, or should people only see votes from servers that their server is federated with? What about votes from users you’ve personally blocked? Etc
I personally kinda think that the responsibility is on the server hosting the post, and that everyone should see the same (but anonymous) vote count, of which the hosting server is the single source of truth.
It’s only fake numbers for posts on the instance.
Not the first malicious instance, wont be the last.
There are plenty of ways to handle double voting without plaintext user strings. The fact that it’s done this way is just lazy and poor design and doesn’t actually do anything to prevent a rogue instance from vote spamming with fake users.
Over thinking.
Only the instance with the post needs the username to register the vote, the count can then be updated by the instance. Simple and lightweight
They should be.