The decentralization forces a tradeoff.
To effectively decentralize the site, each peer has to know everything necessary to enforce the ruleset.
This creates an inherent conflict with privacy if you want to restrict votes to people/accounts.
If everyone submitted government IDs and attached them to their account for instance, that would be one way to get closer to a one vote per person model.
A milder form is you could have a centralized private service that verified accounts as coming from unique IP's at least. If you don't want to share those IP's you then have to trust that provider to be a fair arbiter of alts.
Without any additional effort though that would require all votes to be publicly associated with accounts. You could have this trusted entity become the steward of private ballots and move even closer to the traditional model....
All of that, and the current system can all coexist over the same content network. And that's what notabug is. I start with the simplest, authority-free case, but it can coexist with multiple centralized providers of services on the same content network, with the same account base.
But most importantly (IMO) in the longer term the distribution costs (the really expensive part once hitting critical mass) will be spread out amongst peers, making it much cheaper for individuals to offer those sorts of services cheaply.
Edit:
This is why I talk about eventually assimilating other social networks like voat. I aim to enable all the features of those networks even if they require centralization in such a way that the cost burden can be decentralized.
I feel like we're not on the same frequency...
Voat/Phuks/Poal are not really attempting to verify that each person has only one account. The way the system works, it's clear that ideally they 'should' just be operating one account, but it can't really be enforced while respecting privacy.
For now the above problem is unsolvable and I don't see it as your problem to solve - it doesn't work on a centralised system, nobody's going to to care if it doesn't work on a distributed system. You won't really have to worry about professional vote manipulation unless you reach Voat's size (and are essentially successful).
One user account voting at the same time from two nodes to get two votes is too minor to think about - let them do it! It's about as easy for them to use two accounts at the same node and vote at their leisure.
These sites are putting in recommended rules that cannot be enforced - with the worst case scenario being that people engage in sophisticated wholesale vote manipulation. Your system seems to start from their worst-cast scenario, and your user-experience is not the better for it.
That's a fair criticism, and I can see where you're coming from.
My thinking has been that if it's ridiculously easy to bypass (like hiding downvotes via CSS in reddit as an example) it simply disadvantages and potentially deceives novice users.
But additionally, to even get anywhere close to a traditional site's alt management I'd have to compromise user privacy and track ip addresses to some degree which I currently don't do.
If it was only tracking for the purposes of establishing a vaguely unique userbase it wouldn't be so bad, but it still means storing some information that I could potentially be compelled to give up to a government and I see that sort of thing as bad.
But really the main reason I've not explored this at all is because of the plan for notabug to not just be federated, but radically p2p to a point where I won't even see individual traffic myself.
It's not just a matter of it being simple to compromise any approach at doing this; it's also a pretty difficult to do at all without compromising privacy when you assume the p2p model.
Maybe some sort of highly salted hash of signup ip address attached to account could be a first step at giving non-reversible, deterministic ip based identifiers to attach to accounts. (but this is kinda scary too, if the salt leaks reversing the hashes isn't so hard given how small the ip address space is)
That would get you to a roughly voat level of protection (1 vote per IP) but where alts are publicly identifiable (this is a requirement if you want to identify alts at all in a distributed way even if just for voting purposes)
This would still require account signup going through a trusted entity. Without that it's impossible to do anything like this at all in a distributed environment without everyone knowing everyone's IPs associated with account.
If you stop at centralized trusted account verification then votes have to be publicly attributed to individual users to be able to do anything useful with that info.
So you can do a similar trusted authoritative party to accept private votes and provide public scores like a traditional site.
That's what's necessary to get anywhere close to the level of protection a traditional reddit clone provides.
I think building something like this out would be a good thing, and I aim to support it if I don't build it out myself.
The general approach of notabug is to build a decentralized content environment that you can centralize services on top of.
But this approach means that the features requiring central services will likely be the last to be built out.
The thing that I'm actually blocked on right now is waiting on GUN to fix an issue with crypto logins in node.js
I will be using this to authoritatively count votes for users to save bandwidth, signed by a key representing notabug.io
This approach allows for the decentralized distribution of centralized services (like what will be necessary to get closer to traditional clones for voting) and this will allow for models near identical to voat, reddit, poal etc... to reach wide distribution without huge costs for any single party.
(post is archived)