In the latter case, I think it might be feasible to prevent upvotes from being counted multiple times if the username is identical on different instances, since upvotes are public. Is there already a mechanism to do this?
Also, isn’t it much more common in the Fediverse than on central platforms for the same user to have multiple accounts with different usernames? This seems likely to me, if only because popular usernames may already be taken on a given instance. In this case it seems to me hardly possible to prevent double counting. I suppose this would only be possible if the different instances would log IP addresses and share this information with other instances. That doesn’t seem desirable to me at all, and probably wouldn’t be legal, at least in Europe, because of the GDPR. Are there other possibilities? Cookies?
Please excuse the maybe stupid questions - I’m new here and not very good at finding info on my own yet…
If I have it correct, each upvote is individually federated with the username and instance. Each instance will only consider upvotes (and downvotes only if they’re enabled) from federated instances (and from non banned users?). So instances can see wildly different vote counts if you are on say lemmy.world or kbin.social. You could theoretically have multiple accounts with the same name but what is stopping two different people from having the same name at different instances?
A potential solution I’ve considered is a signing certificate which identifies a user which can only be granted to a human. Verifying that the person who received it was human would be difficult as you would either need to verify IDs, which is problematic in a number of ways:
Or if identifying a unique person isnt necessarily needed, you could just accept going for a less strict standard and just try to verify the person generating the certificate is at least human and not a bot pumping out requests. One way is captchas, but thats can be relatively easy to pump through either an OCR bot or through a paid captcha service (they run human farms of people answering captchas)
That certificate would then have a slightly higher standard to receive and its private key can then be used to sign votes. This wouldn’t prevent a single user from generating several accounts, but would help limit how fast and how many they could.
Of course, one could just add more layers of captchas and human verification directly to their lemmy or kbin sign ups, but the benefit of the certificate is that if you wanted to, you could link accounts (e.g. with same or different username) with the same certificate. This is less important in the fediverse and might in fact cause more problems such as people being blocked from instance A when it defederates from instance B even though they have an account on both. However it also means that if instance A permanently shuts down or loses all its data somehow, you still have access to your comments, upvotes, and posts as you can verify that you are who you say you are.
Another benefit is it shifts the sign up verification part from the instance itself, so it could be easier either for an instance to run signups on a different server or if its run as a certificate authority it could mean that instances dont need to sort through sign ups at all as long as the person has a certificate from a valid authority (though this relies on using trusted authorities only)
I’m not sure how easy the shift from non-signed to signed content would be; it would probably break federation with instances that haven’t caught up, but then again the 0.18.1 update breaks it with 0.18.0 and it’s not a huge deal at the moment.
ETA: another benefit is for better GDPR compliance, you can delete content and verify your account’s identity without your instance running. Obviously the fediverse is a GDPR nightmare but its still better than nothing.