I have been working on Lemvotes, a tool to check who voted on a Lemmy post. In this blog post, I will describe how it works and the ethics of such a tool.
Compare your actions to releasing a 0-day exploit for a security vulnerability instead of responsibly disclosing. It doesn’t help, it just causes chaos until the people who do the actual work can figure out a solution.
This comparison is not fair at all. It’s not like the devs are unaware of this. They could start by removing the API endpoint that lists a post’s votes, but they haven’t, which means they seem to think it’s okay for the instance admins to snoop on votes if they so wish.
The best part of the fediverse is anyone can run their own server. The worst part is anyone can run their own server.
Server Admins would need to defederate that instance, there is nothing else stopping someone from creating a manipulative instance that multiplies votes to influence the larger network.
As I understand it, ActivityPub-compliance basically requires that a vote is tied to an actor. Although, they could have made a dummy actor do it. Maybe they were worried about stopping vote manipulation?
This comparison is not fair at all. It’s not like the devs are unaware of this. They could start by removing the API endpoint that lists a post’s votes, but they haven’t, which means they seem to think it’s okay for the instance admins to snoop on votes if they so wish.
Then couldn’t that give instances free reign to start creating fake votes?
The best part of the fediverse is anyone can run their own server. The worst part is anyone can run their own server.
Server Admins would need to defederate that instance, there is nothing else stopping someone from creating a manipulative instance that multiplies votes to influence the larger network.
As I understand it, ActivityPub-compliance basically requires that a vote is tied to an actor. Although, they could have made a dummy actor do it. Maybe they were worried about stopping vote manipulation?
That’s how piefed works iirc