I recently learned that voting on lemmy is not anonymous. Anyone can get information about who has upvoted and downvoted a post or comment.
In combination with your IP, this is a massive privacy (maybe even physical security) risk. Also, people can target you for your votes.
Sadly, this is something where I would prefer Reddit over Lemmy. Big tech scrapes data from both places anyways, at least Reddit is safe.
Yeah, at worst it’s a necessary evil to prevent a rogue user on a second instance from mass downvoting. Your username is tied to your vote, because otherwise a rogue user could just spam downvotes at whatever they didn’t like.
Instance 1 has a post. Instance 2 has a user who disagrees with that post. User is able to spam downvotes, because instance 2 is not binding their username to the vote. So Instance 1 has no way of knowing if the votes are multiple different users, or all one user. The only real solution here is to disable external voting, but the entire point of the fediverse is cross-compatibility and self-hosting. By binding the username to the vote, instance 1 is able to detect repeat votes and disregard them.
Important to note here, too, is that ip addresses of users arent synced across instances.
This is only a problem for people who care about the reputation of their user account - which is something people should be rotating out anyway if they care about their privacy.