fed/out: indicate our own polls are always anonymous

With regard to regular user and admin interaction via API.
Ofc, the server operator can still extract identites from the database.

lib/pleroma/web/activity_pub/utils.ex

@@ -105,7 +105,9 @@ defmodule Pleroma.Web.ActivityPub.Utils do
         "https://purl.archive.org/socialweb/webfinger",
         %{
           "@language" => "und",
-          "htmlMfm" => "https://w3id.org/fep/c16b#htmlMfm"
+          "htmlMfm" => "https://w3id.org/fep/c16b#htmlMfm",
+          "sm" => "http://smithereen.software/ns#",
+          "nonAnonymous" => "sm:nonAnonymous"
         }
       ]
     }

lib/pleroma/web/common_api/utils.ex

@@ -152,7 +152,13 @@ defmodule Pleroma.Web.CommonAPI.Utils do
         |> DateTime.to_iso8601()
 
       key = if Params.truthy_param?(data.poll[:multiple]), do: "anyOf", else: "oneOf"
-      poll = %{"type" => "Question", key => option_notes, "closed" => end_time}
+
+      poll = %{
+        "type" => "Question",
+        key => option_notes,
+        "closed" => end_time,
+        "nonAnonymous" => false
+      }
 
       {:ok, {poll, emoji}}
     end

priv/repo/migrations/20260403000010_mark_old_polls_as_anonymous.exs

@@ -0,0 +1,25 @@
+defmodule Pleroma.Repo.Migrations.MarkOldPollsAsAnonymous do
+  use Ecto.Migration
+
+  def up() do
+    # objects does not have a local flag.
+    # Pleroma.Web.Endpoint available during migrations, meaning we can't reliably
+    # get the local base url to test against instead.
+    # Thus we mustjoin either with the users or activity table to determine localality.
+    # The existing objects_actor_type' index is a perfect fit for this query and joining with users.
+    """
+    UPDATE objects AS o
+    SET data = jsonb_set(data, '{nonAnonymous}', to_jsonb(false), true)
+    FROM users AS u
+    WHERE
+      o.data->>'type' = 'Question' AND
+      o.data->>'actor' = u.ap_id AND
+      u.local
+    ;
+    """
+    |> Pleroma.Repo.query!([], timeout: :infinity)
+  end
+
+  # No need to revert
+  def down(), do: :ok
+end

test/pleroma/web/activity_pub/utils_test.exs

@@ -146,7 +146,9 @@ defmodule Pleroma.Web.ActivityPub.UtilsTest do
                "https://purl.archive.org/socialweb/webfinger",
                %{
                  "@language" => "und",
-                 "htmlMfm" => "https://w3id.org/fep/c16b#htmlMfm"
+                 "htmlMfm" => "https://w3id.org/fep/c16b#htmlMfm",
+                 "nonAnonymous" => "sm:nonAnonymous",
+                 "sm" => "http://smithereen.software/ns#"
                }
              ]
            }

test/pleroma/web/activity_pub/views/object_view_test.exs

@@ -36,6 +36,27 @@ defmodule Pleroma.Web.ActivityPub.ObjectViewTest do
     assert result["@context"]
   end
 
+  test "renders a local poll with anonymitiy promise" do
+    poller = insert(:user, local: true)
+
+    {:ok, activity} =
+      CommonAPI.post(poller, %{
+        status: "nemui...",
+        poll: %{options: ["suya", "nini", "eep"], expires_in: 10}
+      })
+
+    result = ObjectView.render("object.json", %{object: activity})
+
+    assert result["id"] == activity.data["id"]
+    assert result["type"] == "Create"
+
+    resobj = result["object"]
+
+    assert is_map(resobj)
+    assert resobj["type"] == "Question"
+    assert resobj["nonAnonymous"] == false
+  end
+
   describe "note activity's `replies` collection rendering" do
     setup do: clear_config([:activitypub, :note_replies_output_limit], 5)
 

test/pleroma/web/mastodon_api/views/poll_view_test.exs

@@ -45,7 +45,8 @@ defmodule Pleroma.Web.MastodonAPI.PollViewTest do
       votes_count: 0,
       voters_count: nil,
       akkoma: %{
-        anonymous: nil
+        # locally created polls are always anonymous
+        anonymous: true
       }
     }