It depends what your threat model is. Admins being dickheads about who downvoted what was the main issue at the time so I made it about choosing which admins to trust.
If future Lemmy versions show votes to mods (not just admins) then Pandora’s box would be well and truly open so we’d need to rethink this.
Yeah I guess for me I don’t really trust any admins. At the end of the day that’s a permanent database of user activity which could be passed along to anyone, so ideally the minimum threat surface would be that it exists only on the home instance.
Also, I kind of just don’t get the point of obfuscating for some and not others unless there are some politics going on behind the scenes, which just gives me even more cause for concern. I think this is a killer feature for piefed and really addresses a major concern I have with Lemmy so it is just disheartening to hear that the functionality has been nerfed for seemingly no good reason.
I hear ya. There was quite a bit of back-and-forth about it and we ended up with a compromise. It would be good to have more configurability of this to suit different preferences.
There’s a niche out there for a max-privacy instance. No server logs, no email verification, automatic deletion of old content. And if it was running PieFed, no trusted instances set.
Do you have a link to any discussions on this? I have browsed local posts on piefed.social but can’t find it. I’d be curious to see more context in support of the trusted instance concept.
Check this out for general background discussion https://piefed.social/post/205362. The idea to differentiate by trusted instances was mine and not discussed there. Pretty sure there was some discussion about it in the Matrix channel which is lost to time.
During the recent roadmap planning one of the potential units of work was to sort all this out https://piefed.social/post/411591 but it didn’t garner significant interest and didn’t make it through to the final version of the roadmap.
Hah, I am all over that first thread already. Also in that second thread. This discussion is getting pretty out of band at this point, but I’ve actually thought about proper cryptographic solutions to this problem, but it would require modifying activity pub itself. Which is why I’m very much in favor of voting agent anarchy to force the issue.
IIRC, piefed’s private votes are disabled for “trusted” instances. You can see which instances are trusted here.
Ah, well that sucks :( i thought it just used a different strategy to do so if it was trusted, not outright disable it.
Will correct it, thanks
IIRC PieFed’s method is to send the upvote using a second random username not connected to your username.
Damn, so this is how I find out we’re least trustworthy part of the commonwealth.
That is stupid and defeats the point and makes me rethink my decision to support piefed.
Bummer.
It depends what your threat model is. Admins being dickheads about who downvoted what was the main issue at the time so I made it about choosing which admins to trust.
If future Lemmy versions show votes to mods (not just admins) then Pandora’s box would be well and truly open so we’d need to rethink this.
Yeah I guess for me I don’t really trust any admins. At the end of the day that’s a permanent database of user activity which could be passed along to anyone, so ideally the minimum threat surface would be that it exists only on the home instance.
Also, I kind of just don’t get the point of obfuscating for some and not others unless there are some politics going on behind the scenes, which just gives me even more cause for concern. I think this is a killer feature for piefed and really addresses a major concern I have with Lemmy so it is just disheartening to hear that the functionality has been nerfed for seemingly no good reason.
I hear ya. There was quite a bit of back-and-forth about it and we ended up with a compromise. It would be good to have more configurability of this to suit different preferences.
There’s a niche out there for a max-privacy instance. No server logs, no email verification, automatic deletion of old content. And if it was running PieFed, no trusted instances set.
Not a niche I want to pursue but someone could.
Do you have a link to any discussions on this? I have browsed local posts on piefed.social but can’t find it. I’d be curious to see more context in support of the trusted instance concept.
Check this out for general background discussion https://piefed.social/post/205362. The idea to differentiate by trusted instances was mine and not discussed there. Pretty sure there was some discussion about it in the Matrix channel which is lost to time.
During the recent roadmap planning one of the potential units of work was to sort all this out https://piefed.social/post/411591 but it didn’t garner significant interest and didn’t make it through to the final version of the roadmap.
Hah, I am all over that first thread already. Also in that second thread. This discussion is getting pretty out of band at this point, but I’ve actually thought about proper cryptographic solutions to this problem, but it would require modifying activity pub itself. Which is why I’m very much in favor of voting agent anarchy to force the issue.