this post was submitted on 22 Jun 2023
171 points (98.9% liked)

Lemmy

2172 readers
21 users here now

Everything about Lemmy; bugs, gripes, praises, and advocacy.

For discussion about the lemmy.ml instance, go to [email protected].

founded 4 years ago
MODERATORS
 

Hey folks! Just realized something that makes Lemmy different from Reddit. Because of the federation, your votes are not technically anonymous on Lemmy. At least, I think.

Although there’s no UI to look at a user’s voting history yet, one could conceivably be built by an instance. Perhaps coincidentally, I hear there’s instances out there populated by mostly bots?

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] -1 points 1 year ago (1 children)

Nah, if you can properly hash a password such that it doesn't match the same properly hashed password from a different website then you can properly hash usernames in this case such that others couldn't reverse it or put in the same input and get the same output you created. The technology is there. It's more of a question if it's really worth it. At least for now I'm not concerned with a malicious admin leaking someone's vote history.

https://en.wikipedia.org/wiki/Salt_(cryptography)

[–] [email protected] 2 points 1 year ago

No, hashing passwords is a different case because you know what the user is so you can use a unique salt. The password itself is also high entropy. For this use cause you can have at best per-post salt.

Think about it. The task that you are asking for is to quickly check if a user has voted for a post to prevent duplicates. So literally the operation you want is the same as you are trying to prevent. If you can enumerate users then you an by definition check if they have voted for a post.