I noticed that there were some accounts that were hijacked by the instance owners. All the posts from that user were then edited to say what happened.
This kind of surprised me, I figured instances could delete posts, but not edit them. So how much control do they have?
I assume they can’t see my password (hopefully). Can they post in my name? Do they have all the access to my posts to foreign instances that they do over local posts?
Edit: thanks for all the responses everyone! I’ve wanted my own instance for a while, but maybe I’ll get on it now
No, there is no API to get the votes (https://join-lemmy.org/api/). If my understanding is correct, now that I upvoted your comment my instance will push that information. I’m not sure whether it pushes it to dandroid.app first or to all instances, saying basically “Sal@mander.xyz upvoted https://dandroid.app/comment/441785”, and so every instance that has that comment can save my user ID in the “upvote” list of that comment, and that upvote is counted.
If only the vote direction was federated, then it would be very easy for me to spam the message “Upvote https://dandroid.app/comment/441785”. I would not even need to create an instance for that, I just need to speak ActivityPub. And it would be more difficult to detect that I am doing that, because the database would only hold the vote count.
I don’t think there is a way to ask an instance to reveal this list. You can only get it by directly querying the database if you have access to it. This is why if you fetch an older post or comment, it will arrive with a single or zero votes.