I recently learned that voting on lemmy is not anonymous. Anyone can get information about who has upvoted and downvoted a post or comment.
In combination with your IP, this is a massive privacy (maybe even physical security) risk. Also, people can target you for your votes.
Sadly, this is something where I would prefer Reddit over Lemmy. Big tech scrapes data from both places anyways, at least Reddit is safe.
Votes are public more of a side effect of the fact that Lemmy is federated, rather than intentionally as something to be publicly visible, I don’t believe you can go find someone’s vote history just from the normal Lemmy ui, but someone could create their own Lemmy/mastodon/kbin version (or just some custom scraper that speaks activity pub and pretends to be one of these) to start collecting vote counts.
Votes being tied to accounts makes it slightly harder to do vote manipulation, but only slightly. It would be as simple as having my server tell the server of the original post that 5000 users that totally exist voted on this post. Of course you could do the same by actually creating 5000 fake accounts on your server, but that’s marginally more work, and also slightly more detectable. There’s a lot of trust in the activity pub protocol.
I don’t believe you can go find someone’s vote history just from the normal Lemmy ui
If you run your own Lemmy server, you can probably just query your server’s database. Lemmy admins can see upvoters and downvoters for all comments (and posts I think), not just comments/posts on servers they’re an admin on, so that data must be in the database.
got it. thank you for the in-depth explanation
