I’m not sure how giving every server access to the votes solves that.
The malicious server can make fake users to pump up votes. your server admin has to notice, then check the vote logs, then see what’s happening and defederate them. That’s pretty much what you described in your scenario, anyways.
But it also has to be defended separately by the admin of every server that has a user subbed to that community. Seems like a large burden to put on small-mid instance admins.
I’d be surprised if my server admin was really paying attention that closely to votes on communities I’m subbed to, right?
I have to admit I don’t know the view that admins get of how their server intersects the fediverse.
Yes, that’s happened before. They were sending a very large number of votes, so it was immediately obvious. Even a couple dozen from an unknown instance will be noticed, when an admin sees it and says “huh I haven’t heard of that instance” and when they look there’s nothing there.
If that’s the concern it’s better to have each server send a signed counter of votes coming from its own users to the hosting server for the post being voted on, then people can see which servers three there’s how many votes from.
This provides the same privacy as intended before (your account host knows your votes, nobody else does) and you can see which servers are acting suspiciously while allowing everybody to get a consistent view of votes (the host simply tally up the votes from each other server, and offer up the signed counts on request)
A malicious hosting server could use fake points to blast any message to the top of everyone’s feeds until manually banned or defederated
I’m not sure how giving every server access to the votes solves that.
The malicious server can make fake users to pump up votes. your server admin has to notice, then check the vote logs, then see what’s happening and defederate them. That’s pretty much what you described in your scenario, anyways.
It’s way easier to notice and defed when you can see these fake usernames
But it also has to be defended separately by the admin of every server that has a user subbed to that community. Seems like a large burden to put on small-mid instance admins.
I’d be surprised if my server admin was really paying attention that closely to votes on communities I’m subbed to, right?
I have to admit I don’t know the view that admins get of how their server intersects the fediverse.
Yes, that’s happened before. They were sending a very large number of votes, so it was immediately obvious. Even a couple dozen from an unknown instance will be noticed, when an admin sees it and says “huh I haven’t heard of that instance” and when they look there’s nothing there.
If that’s the concern it’s better to have each server send a signed counter of votes coming from its own users to the hosting server for the post being voted on, then people can see which servers three there’s how many votes from.
This provides the same privacy as intended before (your account host knows your votes, nobody else does) and you can see which servers are acting suspiciously while allowing everybody to get a consistent view of votes (the host simply tally up the votes from each other server, and offer up the signed counts on request)