That’s really good to know, and not how I thought the system worked previously. I thought instances were responsible for all vote aggregation and simply reported totals to each other at regular intervals, plus submitting comments/edits from users which are more obviously public

Y’know, that’s fair. I think I misspoke, and meant to say that the admins of your instance can see your IP but not the admins of another (assuming you’re not self hosting on your home PC without a VPN), but I’m not 100% sure that’s true because I’ve never looked at the protocol.

If every interaction is already public on the backend/API level, then simply not showing the info to users is just a transparency issue.

The more I’m thinking about this, the more I believe it’s a cultural/expectations thing. On websites like Tumblr, all of your reblogs and likes are public info, but it’s very up front about that. Social media like Facebook, IG, and sites like Discord, it’s the same; you can look through the list of everyone who reacted.

Data is not suddenly public just because some people have access to it. Data is public when it’s available for anyone to look at. Privacy is almost always going to be a trust issue on some level, and very few things are possible to do truly anonymously. Some data will always be available to someone in a position where it’s possible to abuse. Instance admins can see your IP address. Should that be available for everyone to see?

I mean, that’s already true and why the federation model is used in the first place. If another instance can’t be trusted, you can disconnect your own from it (extremely easy if you self-host, if you are a standard member of a larger instance it might require convincing)