- cross-posted to:
- askchapo@hexbear.net
- fediverse@lm.korako.me
- cross-posted to:
- askchapo@hexbear.net
- fediverse@lm.korako.me
Probably better to post in the github issue rather than replying here.
Probably better to post in the github issue rather than replying here.
Exactly. If private votes were intended, Lemmy servers would have had voting privacy setting where the vote is federated as
@privacy-vote-{sha256sum userid & postid}@instance.foo
instead of the actual voter’s username.Not privacy-protecting. You can easily deduct the voter by enumeration.
A privately-stored salt would fix that :)
Then what is the point of hashing the data? Just use an UUID.
Anyway, this is all pointless bike shedding because the activity needs to be associated with the actor, as it can only be accepted if the signature can be verified.