Thank you. That answers my question. I figured you wanted to remain anonymous, but I liked your answer and I’ll be interested in what you find.

I was trying to word my initial post in a way to prevent you from becoming defensive, perhaps I failed. Though, I do feel quoting yourself is a bit… gauche, no? Especially since you are remaining anonymous.

Are you a single person or a group of people? Do you have any credentials that you’d like to share that might give some context to your research?

Where is the quote in your bio from?

I’m not touting apple. Its just a fact.Graphene has you check boxes so you know you’re giving permissions to your car. It informs you what information you’re giving to android auto. And, if you’ve installed apps through alternate sources, you do have to go through developer mode in Android Auto to enable apps from alternative sources. It takes less than 5 mins and you only have to do it once, but if you don’t, you’ll end up thinking android auto is broken in graphene, like the poster I was responding to believed.

I don’t think there is a better solution for graphene - it works fine after minimal setup. I’d gladly do that to preserve my privacy when it matters.

Apple doesn’t give a removed about informing you what it does with your info so it doesn’t do that. I’m not saying its better I’m just being honest. Its quick and dirty.

Android auto also works fine for me. I haven’t used an android phone in years so I can only compair it to apple car play. There are extra configuration steps to make it work but its not hard (just have to read some messages and go through some menus)

Apple car play “just works”.

Yea, I agree. It’s good enough. Sorry, I didn’t mean to sound like it was a bad solution, it’s just not perfect and people ought to be aware of limitations.

I used a small instance in my example so the problem was easier to understand, but a motivated person could target someone on a large instance, too, so long as that person tended to vote in the posts they commented on.

Just for example (and I feel like I should mention, I have no bad feelings towards this guy), Flying Squid on lemmy.world posts all over the place, even on topics with few upvotes. If you pull all his posts, and all votes left in those posts from all users, I bet you could find one voter who stands out from the crowd. You just need to find the guy following him everywhere: himself.

I mean, if he tends to leave votes in topics he comments on, which I assume he does.

It would have to be a very targeted attack and that’s much better than the system lemmy uses right now. I’m remembering the mass tagger on Reddit, I thought that add on was pretty toxic sometimes.

Also, it just occurred to me, on Lemmy, when you post you start with one vote, your own. I can even remove this vote (and I’ll do it and start this post off with score 0). I wonder how this vote is handled internally? That would be an immediate flaw in this attempt to protect people’s privacy.

While not a perfect solution, this seems very smart. It’s a great mitigation tactic to try to keep user’s privacy intact.

Seems to me there’s still routes to deanonymization:

1. Pull posts that a user has posted or commented in
2. Do an analysis of all actors in these posts. The poster’s voting actor will be over represented (if they act like I assume most users do. I upvote people I reply to etc)
3. if the results aren’t immediately obvious, statistical analysis might reveal your target.

Piefed is smaller than lemmy, right? So if only one targeted posting account is voting somewhat consistently in posts where few piefed users vote/post/view, you got your guy.

Obviously this is way harder than just viewing votes. Not sure who would go to the trouble. But a deanonymization attack is still possible. Perhaps rotate the ids of the voting accounts periodically?

I think they should be public. They’re already accessible for mbin posts and anyone administrating a lemmy instance. It should be clear to all users that their votes are already not private.

Someone could make a lemmy instance just to get voting behavior and make a website with cool graphs and stuff today and the only thing that could stop them is defederation. If Lemmy gets popular, this is just an inevitability.

Imagine if a large instance decided to do that today. Imagine if lemmy.world released lemmy.world/votes. Would people defederate just for that? Remember: Mbin already displays scores and I don’t think anyone has defederated over it.

Might as well put it on the interface so everyone understands it isn’t private. Rip off the bandaid.

Thanks for taking the time to reply, that makes a lot of sense.

I haven’t switched to Wayland yet. It makes sense why xscreensaver wouldn’t work well with an entirely different window server. I was just surprised it was so difficult (for me at least) to use with modern window managers despite being relevant and mature, haha.

I tried Linux briefly in highschool (around the year 2000) before going back to Windows (I love video games). I switched about 2 years ago back to Linux (Debian). Your comment made me remember xscreensaver and I went and installed it again. The matrix screensaver is a huge throwback, I love it and I missed it.

But it was a pain to do this. I’m using KDE/Plasma on Debian, and I had to follow this process to get it done. My lock buttons built into KDE menus still don’t work despite replacing kscreenlocker_greet like the manpage recommends. I’m not sure it’s worth my time to try to figure out, since the page warns an update will revert this. I’m not going to remember how to fix it later. I choose to lock my computer with super+L so this isn’t a huge issue for me.

The process to use xscreensaver with gnome looks equally bad.

WHY is this so tough, though? Debian “just works” for me, so needing to fumble through this manpage feels pretty lame. The process looks similar on other distros, from a quick google. I’m not an IT person or a programmer, and this doesn’t feel very “linux” that it’s this way. Why would these window managers replace something that just works?

I suppose it does look a bit dated?