No, ActivityPub votes aren't anonymoushttps://shkspr.mobi/blog/2024/09/no-activitypub-isnt-anonymous/
-
No, ActivityPub votes aren't anonymous
https://shkspr.mobi/blog/2024/09/no-activitypub-isnt-anonymous/Several years ago, I posted this poll on Twitter.
Terence Eden is on Mastodon
@edent
If the recent Twitter hack had exposed they way you voted on every Twitter poll, how would you feel? (There is no suggestion that this has happened, I'm just curious about people's relationships to voting and privacy.)
Meh. So what?: (167)
167
Hmph. That's annoying.: (68)
68
Umm… This could be bad!: (32)
32
Delete account & run away: (8)
8Most of the tech world that I interact with has moved to Mastodon and other ActivityPub-based social networks. Decentralised social media is great. It allows you to be fully in control of what you post, what you see, and how you interact with others.
Of course, there are downsides. No centralised authorities means verification is difficult. Abuse (of all sorts) can only be dealt with in a piecemeal fashion. And anonymity takes a bit of a nosedive.
When you block or mute someone, that information might leak to the offending user. By its nature, you need to send a message to someone else's server in order to interact with them.
So what about polls on the Fediverse? This poll, for example, is gathering sensitive personal information.
@[email protected]
Farooq Karimi Zadeh
Let's see how many Muslims are out there on Fediverse. Are you a #muslim?
Please boost it so we can have more accurate statistics.
I am a Muslim: (62)
62
Not a Muslim: (3,696)
3696In order to vote on the poll, your server sends a message to the poll's server saying "I am user @[email protected]. I wish to vote for option X. Here is an HTTP signature confirming my message."
Does the receiving server abide by GDPR? Who knows!
The specification around questions is a little ill-defined and the Mastodon documentation is also a bit vague. Neither of them discuss privacy.
There is an excellent blog post by Humberto Rocha looking at Mastodon Poll in ActivityPub. It shows quite clearly that a vote is just a normal message which is passed onto the receiving server.
Services like Mastodon won't let the poll's author see who voted for which option. But that's by convention. There's nothing technical to stop them. Indeed, I understand that the Akkoma social network does show users how users voted.
Of course, on a centralised service like Facebook or Twitter your vote is still recorded somewhere. It can be subpoenaed or looked at by unscrupulous engineers.
Privacy is, of course, a social construct. In some communities it might be sensible to have all votes on the public record. In others, it could be deadly. Some countries have laws mandating strong privacy protections, others less so.
Conduct yourself with that in mind!
https://shkspr.mobi/blog/2024/09/no-activitypub-isnt-anonymous/