YSK: Your Lemmy activities (e.g. downvotes) are far from private
Edit: obligatory explanation (thanks mods for squaring me away)...
What you see via the UI isn't "all that exists". Unlike Reddit, where everything is a black box, there are a lot more eyeballs who can see "under the hood". Any instance admin, proper or rogue, gets a ton of information that users won't normally see. The attached example demonstrates that while users will only see upvote/downvote tallies, admins can see who actually performed those actions.
Edit: To clarify, not just YOUR instance admin gets this info. This is ANY instance admin across the Fediverse.
On Reddit and Twitter most people would presume that admins aren't going to be making attempts to correlate those accounts and that those platforms would have checks in place to prevent such abuse.
No such checks exist within Lemmy. Some people are already using this data to correlate bot accounts and activities. It certainly has the potential to correlate burner accounts with mains. Being that anybody in the world can be an instance admin that's a lot more potential people who could abuse the data in such a manner.
Obviously, but this info might extend to emails and such as well.
It's important to be aware that unlike reddit employees who are liable to their company and the law, some rando with a grudge isn't, and there's very little recourse if they choose to abuse their access.
It's not that it's intrinsically bad to do this, but it's something that should be clearly explained and signposted to the users.
ETA: Apparently account details are only on your "home instance", so pick your home instance well I guess.
Because some day we'll have web of trust filtering capabilities, and you'll lose weight behind your votes if you make them with sock puppets instead of a trusted account.