I think this is less a problem of “nefarious bad actors” and more a problem of expectations. Honestly, I agree with the quoted comment: I think they should be visible all the time, like they already are on Mbin. I think it would help change the way people think about votes so that they don’t expect Reddit-style anonymous votes and instead it’s a more public Facebook/Twitter-style like system.
If you really want private votes, Piefed has feature that lets you anonymize your votes, but a determined bad actor could still deanonymize you. I think it’s better to change expectations than to try to massage a fundamentally public platform into having private votes, but it’s good there’s an option for people since it’s so highly requested.
I don’t see how? Normal HTTP/TLS validation would still apply so you’d need port forwarding. You can’t host anything on the CGNAT IP so you can’t pass validation and they won’t issue you a cert.