Yes, and this would be fairly easy to make them at least pseudonymous without even needing to modify activitypub itself.
That said, I still don't support anything which lowers the friction of vote stalking like exposing votes in even more places. Technically people can look up my address from my license plate number if they really care to, but that doesn't mean I want to list it in bold letters on my windshield.
Right now votes really don't matter in terms of post sorting so I'm not sure if there's really a point to this. As far as I understand it, any vote is engagement in terms of making a post active/hot/whatever
The simplest form of this is literally just a token which replaces the universal identity. So you ban the token, you ban the user. This only applies for voting anyway, since commenting and posting follows the plaintext user agent.
A more robust trust model with rotating tokens would fully move ban enforcement to the home instance, which I actually believe is already the case in some situations. Eg, when I am banned from a specific community on another instance it seems as if my host instance knows not to even display a vote on the UI, which suggests that it has knowledge of my federated ban. With this trust model it would be possible to fully enforce cryptographically secure forward security as well.
It would at least provide a means for obfuscating identity for users who care to make an effort. All you'd have to do is not vote when you comment and vice versa.
Because it is giving in to the already problematic functionality of AP, which is the fact that way too much user telemetry is exposed to way too may people as it stands. Work should focus on making AP more private, not less.
There is nothing in the AP spec which states that user strings need to be plaintext. Lemmy should be building out tools which allow AP participants to optionally participate via tokenized user strings.
Pseudonymous voting doesn't mean a unique ID for every vote. It just means the user string itself is tokenized. You can still ban participation for that token without revealing the actual user. Literally the only thing this stops is easily seeing users who use the same name across several instances.
You don't even need to upstream the protocol changes imo. An instance could decide to participate with tokenized user IDs. Other instances could decide to defederate because this is out of spec behavior, but as far as I am concerned it is perfectly aligned with the core spec. Nothing says user activity cannot be anonymized.
This is literally already a problem. I can easily set up an instance and write a simple bot which just spams votes with randomized user strings. There are generally a bunch of these functional vulnerabilities in the AP trust model which are only mitigated by the current lack of scale. Work needs to be put into reworking the trust model, not exposing user telemetry to even more people.
If anything, Lemmy devs should work on methods to obscure user identities, not expose them.
One of the biggest issues with the fediverse is very specifically how much user information can be exposed outside your home instance. As has been pointed out in this thread, it is very easy for rogue instance admins to set up quiet data mining instances.
It seems like it should be relatively straightforward for certain activities, like votes and telemetry, to be anonymized/tokenized for the purposes of federation, since that information all propagates outward from the home instance anyway.
No, it won't, because it has never not been creepy. People should be allowed to go into public without constantly being approached. The part you don't get is that being asked out for coffee once is novel, twice is fun, but after that it gets old really fucking quick. I do not want to have to deal with that every time I just want to do some fucking laundry.
And 90% of the people who do/did this are legitimately creeps.
Yes, and this would be fairly easy to make them at least pseudonymous without even needing to modify activitypub itself.
That said, I still don't support anything which lowers the friction of vote stalking like exposing votes in even more places. Technically people can look up my address from my license plate number if they really care to, but that doesn't mean I want to list it in bold letters on my windshield.