Yep, and even when talking about living things it’s not a clear distinction.

In biology, poison is a substance that causes harm when an organism is exposed to it. Venom is a poison that enters the body through a sting or bite. In a bunch of medical fields though, poisons only apply to toxins that are ingested or absorbed through the skin and that definition sometimes carries across to zoology.

Venomous creatures are poisonous by most definitions because venom is a poison. But if the distinction is useful in a medical or zoological context then they’re not.

tldr: The pedantry of eg. correcting someone who says a snake is poisonous is totally pointless and mostly wrong.

Hmmm…

That looks pretty paywally to me. That said, I’m all for people supporting independent media.

I don’t think that’s how it works? It’s the client application that has the key for the end to end encryption, not the server. I don’t think you need to trust the matrix server you use? I could be wrong, I don’t know matrix particularly well.

Yeah, that’s fair enough, though I’m not sure it’s very different from malicious instances creating normal user accounts?

You can see when users from an instance are all suspiciously voting the same way at the same time regardless of whether they are usernames or IDs.

There’s lots of legitimate users that only vote but never post so doing it based on that doesn’t seem very effective?

The second problem is solved using public key cryptography, the same way that you can’t impersonate someone else’s username to post comments. Votes and comments are digitally signed (There would need to be a different public key for voting to maintain pseudonymity though).

How about pseudonymous as a compromise? Votes could be publicly federated but tied to some uuid instead of the username. That way you still have the same anti spam ability (can see that a user upvoted these things from this instance at this time) but can’t tie it directly to comments or actual user accounts without some extra osint.

It might be theoretically possible to correlate the uuids with an account’s activity and dox the user in some cases, especially with some instances having a single user, but it would be very difficult or impossible to do on larger instances and would add an extra layer. Single user instances would be kind of impossible to make totally private anyway because they can be identified by instance.