You need to put yourself in the shoes of a non-technical person who doesn’t know how to evaluate the relative security of all the tools that are out there available to them. If you are posting your pre-alpha untested software with a title like “Anti-forensic and secure messenger” then there are many people who will read that and think that it’s on an equal footing as the other tools they have heard of. The vast majority of people are not software engineers, and even fewer are cryptographers.

this project is still in heavy development so without it getting professional security audit i wouldn’t recommend using it for sensitive stuff.

You’ve got to lead with this.

Well a professional security audit would be at the top of the requirements for an established product that has a userbase and some kind of funding, but as a solo developer the least you can do before releasing your software to the world is to have at least one other person who has some experience in security look it over - that’s what I was asking.

If you can tell people that your software is secure and “anti-forensic” (!) then you must be pretty confident in your understanding of security systems to release that without even a single code review by a peer.

Anti-forensic and secure? Those are bold claims. If you’re the only person working on the project, have you at least had someone else look at the code to find any obvious security vulnerabilities?

That’s it, I’m calling the police.

a ISO

Trying to monetize the piracy of your users. That’s a bold business strategy.

Look, I know a lot of people could be using the sharing feature to share material that is in the public domain or that they own the copyright to, but let’s be honest: most of that sharing would be considered an “unlicensed public performance” by the MAFIAA.

I will describe how it works and the ethics of such a tool.

Where in this post do you describe the ethics of such a tool?

non-technical users believe that their votes are private, which is far from the truth. This attitude could potentially lead to harassment of Lemmings (yes, that’s what we Lemmy users call ourselves) for upvoting a particular post. Lemvotes makes it clear that votes are not private, which could help bring a more accurate picture of the way votes work on Lemmy to its users.

This is what needs discussion. It is this tool which will lead to harassment due to the way someone votes. And the threat or spectre of harassment will lead to the Chilling Effect, ie. self-censorship (of voting) to avoid harassment.

The chilling effect this causes will make communities even more like echo-chambers, as dissent will be pre-emptively squashed.

Without a tool like this existing, people have to go out of their way to find out this information (setting up their own instance, or finding someone who already does this surreptitiously). By making such a tool available to the lemmy community at large, you make it extremely easy for anyone to do this, and so the chance of harassment occurring is much higher.

You might think you’re being clever, or on some kind of crusade to educate the uneducated. But actually your actions are making this (community-built) platform worse. Compare your actions to releasing a 0-day exploit for a security vulnerability instead of responsibly disclosing. It doesn’t help, it just causes chaos until the people who do the actual work can figure out a solution.

Think about how your tool existing now changes the dynamic of Lemmy as a whole. Is it better, or worse? How would you actually solve this problem in Lemmy, instead of exploiting it?