Post A3GbUcKP3XXyYRPIps by NickFreeman@linuxrocks.online
(DIR) More posts by NickFreeman@linuxrocks.online
(DIR) Post #A3GThtjOrbFof1vA6y by omnipotens@linuxrocks.online
2021-01-15T14:46:37Z
1 likes, 0 repeats
Open source Voting SystemPolitics aside if you were to create an open-source voting system how would you design it to be efficient, secure, and tamper-proof? I was thinking of something like using blockchain This would create a provable mathematical audit trail for each transaction then. Combined that with using your SSN and a unique ID from the voter registration. You would have proof of every valid vote basically 2fa. Then data will be exported to a write-only USB drive once an hour.
(DIR) Post #A3GTn0KBmERYYdZ0KG by Orakel@freespeechextremist.com
2021-01-15T14:48:15.646741Z
1 likes, 0 repeats
@omnipotens I think the White House lawyers have already spoken about using blockchain for secure voting. I think it's already in the works.
(DIR) Post #A3GTv750XsAppDKTzs by swiley@qoto.org
2021-01-15T14:49:25Z
0 likes, 0 repeats
@omnipotens Electronic voting can't be audited the way paper voting can. The last election should make it obvious what happens when a large portion of the population can't trust the voting system and that's what you get with electronic voting. Also: you don't (and should not!) need an SSN to vote. The US has no unique ID numbers.
(DIR) Post #A3GU3as5fGNgXTKatE by omnipotens@linuxrocks.online
2021-01-15T14:51:02Z
2 likes, 1 repeats
@Orakel interesting didn't know that still, it's just a fun thought experiment to see what people come up with. Tons of really smart people here and wanted to see where this went.
(DIR) Post #A3GUC3H1wvgMwZ1uVs by Orakel@freespeechextremist.com
2021-01-15T14:52:47.234821Z
2 likes, 0 repeats
@omnipotens I'm not a computer person. I just heard someone saying it while watching all those meetings on voter fraud. It's a great idea!
(DIR) Post #A3GVFUoe6YAbBexXf6 by omnipotens@linuxrocks.online
2021-01-15T15:01:42Z
0 likes, 0 repeats
@swiley Well every legal citizen that is allowed to vote has a social security number that is unique to the person. As for paper audits are full proof is the biggest lie ever told in my opinion. If money can be counterfeited so can ballets. We can still use both but I believe the answer is in technology. With 2 systems the offline voting machine and a registered voter chain. Each transaction can be matched and tagged as valid duplicated or not in the system. .
(DIR) Post #A3GVH5zjMOrQmhuIBU by omnipotens@linuxrocks.online
2021-01-15T15:04:04Z
0 likes, 0 repeats
@swiley Not to mention when they do a paper audit they do not check the validity of the votes cast only the number of votes. If they see the same person voted 10 times there is nothing they can do as the task is to count them not investigate them.
(DIR) Post #A3GVv746nbWtgk2JxQ by wolf480pl@mstdn.io
2021-01-15T15:12:05Z
0 likes, 0 repeats
@omnipotens @swiley Have you watched Tom Scott's video about electronic voting?
(DIR) Post #A3GW2ZIyCdvhIcXiGO by matt@linuxrocks.online
2021-01-15T15:13:03Z
0 likes, 0 repeats
@omnipotens @swiley regarding SSNs, we still have situations where multiple people have the same SSN.https://www.nbcnews.com/technolog/odds-someone-else-has-your-ssn-one-7-6C10406347Of course this is a flaw with the SSN system itself, as they don't want to do anything about this to prevent it.Also, not every American has a SSN, though functioning in society without one is next to impossible. When my kids were born, i was not required by law to sign them up for a SSN (but had I chose not to, it would have made life hell)
(DIR) Post #A3GWry165KICi5gwN6 by eviloatmeal@linuxrocks.online
2021-01-15T15:22:16Z
0 likes, 0 repeats
@omnipotens I don't know, but seems to me like conventional voting systems place a lot of importance on anonymity, and also are very much reliant on a centralized means of authorization (i.e the government keeps a list of everyone, and crosses your name off when you show up to vote), which suggests to me that any such system would hinge entirely on trusting the central authority.I'm not sure how you could carry forward those premises into an "open source" system, depending on what that means.
(DIR) Post #A3GX1ehik8tfi2FS6q by omnipotens@linuxrocks.online
2021-01-15T15:23:44Z
0 likes, 0 repeats
@matt @swiley Well you need an SSN to pretty much do anything from getting a job to a driver's license. Regardless if it has been stolen or not it is just used as an identifier. ssn=person + unique voter id=home address.
(DIR) Post #A3GXCw6iNZDuryJmc4 by matt@linuxrocks.online
2021-01-15T15:26:10Z
0 likes, 0 repeats
@omnipotens @swiley I'm of the mind that you need to use biometric markers to make an ID bind to a specific person. Something that cannot be easily altered, and something that doesn't readily change over a person's lifetime.Of course, then you open Pandora's Box for a myriad of reasons.
(DIR) Post #A3GXFo56fxhYqWw0oq by swiley@qoto.org
2021-01-15T15:26:17Z
0 likes, 0 repeats
@omnipotens https://www.usa.gov/who-can-voteI don't see an SSN on this list. I don't think paper audits are fool proof. The reason electronic voting is a problem is that *you have to convince the skeptics that it's correct.* Most of the people skeptical of your voting scheme may not even understand PKI and other ideas necessary to judge it's correctness. The result is a mass rejection of the results like what we had last year.
(DIR) Post #A3GXLlpdx5BDbiXt5M by omnipotens@linuxrocks.online
2021-01-15T15:27:47Z
0 likes, 0 repeats
@eviloatmeal no not true, If that was the case then people would not have received letters in the mail saying their vote was rejected due to signatures validation. It depends on the state and how each state runs there election process.
(DIR) Post #A3GXYbjSoVCq33mBxw by swiley@qoto.org
2021-01-15T15:29:57Z
0 likes, 0 repeats
@omnipotens @matt You need an SSN to pay taxes. It's not required for anything else. They're not unique, they're trivial to forge, and they should not be used for anything other than social security accounts.
(DIR) Post #A3GXfOnbIVfLxnwwMa by omnipotens@linuxrocks.online
2021-01-15T15:30:42Z
0 likes, 0 repeats
@matt @swiley retinal scanning I can get behind the thought however, you will need multiple ways for that one-off person that does not have any eyes at all but guess they can signup for more of a traditional method.
(DIR) Post #A3GXj5fiM0QRnf1NMe by swiley@qoto.org
2021-01-15T15:32:14Z
0 likes, 0 repeats
@omnipotens @matt Furthermore an SSN doesn't mean you have a right to vote anyway. Visa holders are given SSNs and still aren't allowed to vote.
(DIR) Post #A3GXodIujmaPYZ01aK by eviloatmeal@linuxrocks.online
2021-01-15T15:33:10Z
0 likes, 0 repeats
@omnipotens If this is directed toward the anonymity part, then I should clarify that I mean anonymity in the sense that you can't tell from the end result who voted for what, as in, most of the voting systems I've heard of either have some mechanism by which you can't figure out what someone else voted, or at least actively refrain from publishing that information.
(DIR) Post #A3GXuP2IhM0x2hyoOO by omnipotens@linuxrocks.online
2021-01-15T15:34:03Z
0 likes, 0 repeats
@swiley @matt I don't know where you are from but every job I ever had they needed a copy of my ssn. I needed it to get my DL open a bank account. It is used for lots of things.
(DIR) Post #A3GXykjVyHPtUdGcb2 by matt@linuxrocks.online
2021-01-15T15:21:38Z
0 likes, 0 repeats
@omnipotens @swiley That said, presuming that the feds actually fix the idea of a SSN and make the digits sufficiently long enough so that name/number collision do not happen, there's still the issue that Americans are not required to have one.You aren't even required to have legal state-issued ID to prove your identity in many states. Even if you have state-issued ID, they aren't biometrically linked in any way to you except photos (which are easily fooled)
(DIR) Post #A3GXyv5rS3EXcpnboe by swiley@qoto.org
2021-01-15T15:27:56Z
0 likes, 0 repeats
@matt @omnipotens We wouldn't want a biometric link anyway. All that does is create hassles for people who's biometrics change and make it easier to defraud people trying to authenticate you because every where you go you leave biometric information.
(DIR) Post #A3GXz3jVKXhKQ6PNia by matt@linuxrocks.online
2021-01-15T15:29:14Z
0 likes, 0 repeats
@swiley @omnipotens Biometrics markers, by their nature, should not easily change in the first place.If you're thinking DNA, that's one biometric marker, but its not the only one.
(DIR) Post #A3GXzAmF8l32GckASW by swiley@qoto.org
2021-01-15T15:30:18Z
0 likes, 0 repeats
@matt @omnipotens I was thinking of fingerprints actually but it really doesn't matter.
(DIR) Post #A3GXzG21bVduZ1ALFg by omnipotens@linuxrocks.online
2021-01-15T15:34:47Z
0 likes, 0 repeats
@swiley @matt fingerprints are pretty easy to compromise.
(DIR) Post #A3GY2W7KFruLJxCQYi by swiley@qoto.org
2021-01-15T15:35:39Z
0 likes, 0 repeats
@omnipotens @matt That sounds extremely unpleasant and I'm sure you could still find ways to forge a correct scan with eg contacts.If we really wanted a national ID than the federal government should be running a key server. No one reasonable wants this because it would create a huge mess and we absolutely should not be tying it to biometrics. Biometrics are worse than requiring a shared secret to authenticate because you can at least choose who you share the secrete with and change it if you think it's been compromised.
(DIR) Post #A3GY5lzVgzgHQD62QC by matt@linuxrocks.online
2021-01-15T15:30:56Z
0 likes, 0 repeats
@swiley @omnipotens Actually, you do not need a SSN to pay taxes. You need a taxpayer identification number, which *can* be your SSN.https://www.self.inc/blog/possible-pay-taxes-without-social-security-number
(DIR) Post #A3GY5mPk7SfGjZMzJI by omnipotens@linuxrocks.online
2021-01-15T15:36:01Z
0 likes, 0 repeats
@matt @swiley and again it really has nothing to do with SSN I was just using that as a unique identifier. This can be anything really.
(DIR) Post #A3GYES3hAchOCzBydc by swiley@qoto.org
2021-01-15T15:37:06Z
0 likes, 0 repeats
@omnipotens @matt You job needs your SSN so it can fill out tax forms (for social security.)Same with the banks, they'll accept an ITN instead.
(DIR) Post #A3GYGO4Yxeh8QQWMeO by swiley@qoto.org
2021-01-15T15:37:45Z
0 likes, 0 repeats
@omnipotens @matt Right, but we don't have a unique identifier and I'm pretty sure most people would be against having one.
(DIR) Post #A3GYqwaq5kvjuj38Yi by omnipotens@linuxrocks.online
2021-01-15T15:44:37Z
0 likes, 0 repeats
@swiley @matt everyone has some form of unique ID these days from driver's license numbers, SSN, ITN whatever. even if it is not 100% unique that not the point. Heck in most states you cannot vote without some form of ID
(DIR) Post #A3GZ6E0nbzO2HTTk00 by matt@linuxrocks.online
2021-01-15T15:38:41Z
0 likes, 0 repeats
@swiley @omnipotens one problem with the 2fa approach:I wouldn't expect some numbskull in Kentucky to understand any of this.
(DIR) Post #A3GZ6FAlIQwxsf9DAO by omnipotens@linuxrocks.online
2021-01-15T15:47:09Z
0 likes, 0 repeats
@matt @swiley You don't give people enough credit.
(DIR) Post #A3GZF6GllcxgsHBGFc by swiley@qoto.org
2021-01-15T15:49:13Z
0 likes, 0 repeats
@omnipotens @matt Regardless *I* don't want to deal with maintaining a national ID.The problems caused by having an SSN are enough of an annoyance.
(DIR) Post #A3GZZsLwhgPRnJVa8e by swiley@qoto.org
2021-01-15T15:42:22Z
0 likes, 0 repeats
@matt @omnipotens 2fa is a whole separate issue. Now you're requiring people to run certain OSes or use specific private networks to authenticate.People in Kentucky are just as dumb as people in virginia. Hopefully you see why even if we had a national ID you couldn't expect it to actually refer to individuals 100% of the time. Fraud happens and the world is messy and the cleanup is way too slow for whatever automation you'd want to build for it anyway.
(DIR) Post #A3GZZsoJ0F5vDGmELI by omnipotens@linuxrocks.online
2021-01-15T15:52:39Z
0 likes, 0 repeats
@swiley @matt No I am not requiring them to run any OS. Right now when I go and vote I show ID. All I am adding is a randomized voter registration number. When you vote. you put in your id and your voter registration number. If those two match then it's a valid vote. It will just add another layer of difficulty to slow corruption. I am not even saying it's a full-proof idea but its a start.
(DIR) Post #A3GZkWbhtVB3XJxUKu by swiley@qoto.org
2021-01-15T15:54:54Z
0 likes, 0 repeats
@omnipotens @matt Maybe it's different where you live but that's essentially what they do here IIRC:You're authenticated by the volunteers running the Poll and they issue you a serialized ballot.
(DIR) Post #A3GaVR9xxuSqFgLuT2 by omnipotens@linuxrocks.online
2021-01-15T16:02:58Z
0 likes, 0 repeats
@swiley @matt Right now many states do signature validation. However, you frame that you just serialized your ballet.
(DIR) Post #A3Gac91rlzAI31lJb6 by swiley@qoto.org
2021-01-15T16:04:30Z
0 likes, 0 repeats
@omnipotens @matt Signiture validation is somewhere between meaningless and potentially a good excuse for throwing away votes.I sign my credit card purchases with a PR Nonce for this reason.
(DIR) Post #A3GaeXR9znKwKKjbZQ by omnipotens@linuxrocks.online
2021-01-15T16:04:50Z
0 likes, 0 repeats
@swiley @matt Oh and voting is done by the state not national so all systems would be at a state level.
(DIR) Post #A3GampxX0ydm5ZpiO8 by omnipotens@linuxrocks.online
2021-01-15T16:06:22Z
0 likes, 0 repeats
@swiley @matt I agree with you about the signature validation. That's why I tossing ideas for a better way to validate just to see where that goes.
(DIR) Post #A3GbUcKP3XXyYRPIps by NickFreeman@linuxrocks.online
2021-01-15T16:14:22Z
0 likes, 0 repeats
@omnipotens If you vote on any personal devices it's obviously completely insecure. If you vote on any machine that is controlled by the state, you can't verify what it does. I think the only possible way is to vote on paper and then perhaps have a very transparent way of counting the results that uses more modern technology than people counting. For example if you have a simple single choice voting, a machine could take the votes and sort them, then the sorting would only needed to be verified.
(DIR) Post #A3Gc9PsuE2pjpo04EC by omnipotens@linuxrocks.online
2021-01-15T16:21:30Z
0 likes, 0 repeats
@NickFreeman I completely disagree granted personal device your correct on but paper ballets can easily be forged. They do it for money and they use much more precautions than the ballets. Paper is definitely not the way to go. If you want a paper to be apart of the process ok but they are way too easy to manipulate and way too hard to investigate. Even the audits they call do nothing more than a recount and never investigate the validity of the ballet.
(DIR) Post #A3GefnQoPjYS2TQXa4 by NickFreeman@linuxrocks.online
2021-01-15T16:50:00Z
0 likes, 0 repeats
@omnipotens I don't want to talk about the US as it is rather complex compared to other countries (electoral college, no proper way of identifying voters, etc). At least the way we vote in Germany, there is no need for tamper-proof paper, it's just ordinary paper.
(DIR) Post #A3Gg9xeB65PAMbctiS by omnipotens@linuxrocks.online
2021-01-15T17:06:32Z
0 likes, 0 repeats
@NickFreeman Well the electoral college was put in place to give each state a voice. Without it all the states would be dictated by the highest populated states which are California and new york. Each state runs it's own elections so yes it can be messy.
(DIR) Post #A3GgJYVvOdLFJJLCxU by montdor@linuxrocks.online
2021-01-15T17:08:23Z
0 likes, 0 repeats
@omnipotens @NickFreeman and that's its beauty
(DIR) Post #A3GhA4mqeRXMSgIhNo by malin@linuxrocks.online
2021-01-15T17:17:52Z
0 likes, 0 repeats
@omnipotens A fundamental difference to overcome here is that one can verify open source programs by compiling it ourselves, or a hash sum.You can't verify a voting machine unless you're allowed full access, and if you're allowed access then other people cannot trust the machine.
(DIR) Post #A3GmymYEi698RbSoVc by mh70@mastodon.online
2021-01-15T18:22:56Z
0 likes, 0 repeats
@omnipotens I do like this idea. Definitely, such a system is possible to design, implement, test, audit, and, finally put into production.However, the main challenge will be to explain the functionality of such a system to a common voter in plain language. There are so many prerequisites of exact and intrinsic knowledge. A common voter will have no chance to trust it without a plain belief.
(DIR) Post #A3GnPlrvM6xi98Xey0 by NickFreeman@linuxrocks.online
2021-01-15T18:28:00Z
0 likes, 0 repeats
@omnipotens Well, in the US it is all based on majority vote instead of proportional representation, with the result that there are only 2 relevant parties. In my opinion a monopoly or oligopoly is not only bad in a market, but also in politics. With a proper proportional representation, everyone's vote would be equally relevant and the whole system so much simpler and easier to unterstand.
(DIR) Post #A3HLumJJA0A4w1J7dw by SnabelAdmin@snabelen.no
2021-01-16T00:54:31Z
0 likes, 0 repeats
@omnipotens I'd never trust a non paper based voting system. And even worse, with digital systems there can be no proof of tampering.Votes should not be counted with a machine either.
(DIR) Post #A3HOYBDwfMXDP9iOJs by omnipotens@linuxrocks.online
2021-01-16T01:23:59Z
0 likes, 0 repeats
@SnabelAdmin I still believe if you can counterfeit money you can counterfeit ballets. And it's nearly impossible to validate all the paper ballots are legit.
(DIR) Post #A3HQIleHfhdjeJoU0e by SnabelAdmin@snabelen.no
2021-01-16T01:43:42Z
0 likes, 0 repeats
@omnipotens Well, the difference is scale. You need massive infrastructure, organization and resources to do voting fraud. And keeping it secret will be difficult because of the amount of hands that have to be gathered without leaking.The current American system sucks, but the solution isn't going away from paper.There is extensive research on this made by experts, and USA has always been critizised for digitalize voting by these experts.
(DIR) Post #A3HQMl9LT8FVGBFHDU by SnabelAdmin@snabelen.no
2021-01-16T01:44:27Z
0 likes, 0 repeats
@omnipotens Well, the difference is scale. You need massive infrastructure, organization and resources to do voting fraud. And keeping it secret will be difficult because of the amount of hands that have to be gathered without leaking.The current American system sucks, but the solution isn't going away from paper.There is extensive research on this made by experts, and USA has always been critizised for digitalizing voting by these experts.
(DIR) Post #A3IHbaz8q0ixeKQr8C by OldTinfoil@linuxrocks.online
2021-01-16T11:40:54Z
0 likes, 0 repeats
@omnipotens you cannot. Computers are a black box system to the voter and ergo, have no place in the electoral system.
(DIR) Post #A3IWiSArUgBpf7dt7Q by weirdwriter@mastodon.social
2021-01-16T14:30:13Z
0 likes, 0 repeats
@omnipotens Check out Resist Bot
(DIR) Post #A3IjNwTUwNmixcuQQC by e8johan@mastodon.technology
2021-01-16T16:52:10Z
0 likes, 0 repeats
@omnipotens Have a look at Patricia Aas' work in this area. Why paper ballots is the good and how to secure such a system.