I recently learned that voting on lemmy is not anonymous. Anyone can get information about who has upvoted and downvoted a post or comment.
In combination with your IP, this is a massive privacy (maybe even physical security) risk. Also, people can target you for your votes.
Sadly, this is something where I would prefer Reddit over Lemmy. Big tech scrapes data from both places anyways, at least Reddit is safe.
If you’re an instance admin, for any post, you can just click “view votes” and see everything tied to usernames, even outside your own instance. Moderators can too, but it’s restricted to the communities they moderate.
So if a bad actor wanted to get aces to vote data, they could setup and instance and have it federate with any instance they want to extract voting data from?
Yes, it’s very simple too. You don’t even need to extract anything from a database or do some complicated stuff. As an admin you have free access to all moderation tools no matter where the post is from, including the option to “view votes”.