The userbase is small enough that hashing would be easy cracked by a determined person. Even with salting, iterating through the entire userbase and hashing each username+salt to check for a match would probably not take long

[–] rglullis 13 points 6 days ago (1 children)

Replace "hashing" with "encrypted" (perhaps just using a symmetric key that the admin sets up) and then it gets impossible to know for any outsiders who is the real user behind the vote.

I for one just wish people understood once and for all that anything you do on social media is public.

If you are not comfortable backing up your opinion or action, then don't do it.

[–] Mirodir@discuss.tchncs.de 18 points 6 days ago (1 children)

Assuming each user will always encrypt to the same value, this still loses to statistical attacks.

As a simple example, users are e.g. more likely to vote on threads they comment in. With data reaching back far enough, people who exhibit "normal" behavior will be identified with high certainty.

[–] rglullis 1 points 6 days ago

Brigaders are less likely to engage in the conversation and just mass-downvote, or they might simply comment with their own id and downvote with an alt.

We can be here all day playing these cat-and-mouse games. The so-called "authorized fetch" from Mastodon is also another shortsighted idea.

Really, why can't we just stop pretending that we have any privacy in social media and just educate users to use the proper tools?

[–] Irelephant@lemm.ee 1 points 6 days ago

What if a uuid is generated every time a user signs up, and every upvote iterates through the uuids?