this post was submitted on 30 Aug 2023
318 points (94.4% liked)
Funny
6745 readers
646 users here now
General rules:
- Be kind.
- All posts must make an attempt to be funny.
- Obey the general sh.itjust.works instance rules.
- No politics or political figures. There are plenty of other politics communities to choose from.
- Don't post anything grotesque or potentially illegal. Examples include pornography, gore, animal cruelty, inappropriate jokes involving kids, etc.
Exceptions may be made at the discretion of the mods.
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
This is not exclusive to federated communities. Reddit has vote manipulation too.
Reddit does have vote manipulation, but reddit admins can easily see much stronger indicators of the same person behind multiple user accounts: Server logs of user agent, IP address, interface/API key, script support and activity that tends to give away browser type and history, etc.
Most of that information is only available to instance admins, so admins of one instance can't see when external votes are coming in from the same users who already voted using accounts on your instance.
Admins can see how users vote, even external users. So it's no different from local users on the same instance (which would be how reddit operates). So I don't see how this is different.
The instance I'm logged into doesn't forward my user agent, IP address, or CSS/script support (or other fingerprinting techniques) to the other instance. Everything I do in a community hosted on another instance is forwarded through my instance server as a middleman, and I never directly connect to the other instance server.
The admins of an instance (or reddit) might be able to analyze server logs of different users on their own instance to be able to determine those things, but can't apply that analysis to accounts from other instances, whose interaction with the server doesn't actually include a login or any direct connections to the server they administer. All they have to go on is the ActivityPub logs, which won't include that fingerprinting information.