Other > Follow My Vote
Follow My Vote Press Release!
modprobe:
--- Quote from: donschoe on February 04, 2016, 09:59:39 am ---
* You say you will utilize mobile devices as they have the best security models. My first thought was "W00T?", really? I mean I am not very good at evaluating smart phones regarding their security, but I have the subject feeling that my phone is the device where I have least control over it, regarding security.
* You say it is possible for voters to revoke votes in case they notice something went wrong. Is that a technical solution, like revokation certificates in PGP? Or is that simple the possibility to go to voting officials and state that something went wrong. Couldn't that be abused?
--- End quote ---
For question 1, karnal's response is dead-on. Yes, we can make a far more secure system on a desktop computer, but with much, much lower convenience. In terms of balancing security and convenience, mobile does a great job. Obviously nothing's perfect, but mobile has pretty rigorous security by default while desktop does not.
For question 2, this is a technical solution by which the voter publishes a nullifying vote to the chain (which serves as notice to vote counters that the identity's previous or future votes should be ignored). When they arrive at the central polling place, they provide that TXID and the poll workers publish to the chain an acceptance of that nullifying vote and give the voter a paper ballot to vote on. If the voter attempts to use that same identity to cast a second paper ballot, the poll workers will observe that the nullified vote has already been accepted and will refuse to issue a second paper ballot.
btswolf:
@Slick Willy When are you going to put FMV Token to the chain so we can trade it?
When will you connect your alpha/beta... Voting Software to the chain?
karnal:
--- Quote from: donschoe on February 04, 2016, 09:59:39 am ---
--- Quote from: roadscape on February 01, 2016, 02:26:58 pm ---Full report: https://webrootsdemocracy.files.wordpress.com/2016/01/secure-voting-webroots-democracy.pdf
--- End quote ---
Just read the report. Two questions:
* You say you will utilize mobile devices as they have the best security models. My first thought was "W00T?", really? I mean I am not very good at evaluating smart phones regarding their security, but I have the subject feeling that my phone is the device where I have least control over it, regarding security.
* You say it is possible for voters to revoke votes in case they notice something went wrong. Is that a technical solution, like revokation certificates in PGP? Or is that simple the possibility to go to voting officials and state that something went wrong. Couldn't that be abused?
--- End quote ---
For average Joe/Jane, this is (somewhat sadly) true. At least for Android, I don't know much about iOS but it should be about the same.
Why? Simple.
99.999% of desktop/laptop users out there will run all of their stuff without any virtualization, under a single user account in the operating system, and more often than not, with an account that has administrator access (or can escalate without much/any authentication)
Essentially what that means is that it takes one bug in any one program to potentially compromise ALL of the users' data.
With mobile it's different, it's not virtualized but each app runs as its own user id in the operating system, therefore app A data is isolated from app B which is isolated from app C and so on. And since by default they don't come with administrator (root) access enabled, this boundary is clearly enforced.
Of course, both android and iOS come from the manufacturers with giant backdoors in them (google play store, apple store) .. backdoors, you say?
Well, let's just say that the google stuff in your android (to make an example out of android again) can remotely install apps on your device, without any notification.. need I say more?
It's equally obvious that such a capability will not be used often in the wild, or there would be massive backlash. Anyway, the point I'm trying to make is that at least on mobile, average joe/jane would have to be specifically targetted by a government/3 letter agency.
There are also exploits for android/iOS (android is a glorified linux, after all), and there have been some epic examples last year, which can break the security model, but once again .. for the average joe/jane, there are MANY more in desktop computing.
For people who take advantage of all the possibilities that today's technology can offer, mobile (even w/o the google/apple crap on them [not sure if one can eviscerate the apple crap from iThings]) is no match in terms of security -- one can do much, much better with a "normal" computer.
But for the average, nontechnical person, that's simply not true. Mobile does a much better job by default.
Which is exasperating seeing as people have no idea just how much their phones are tracking them. But I digress.
5chdn:
--- Quote from: roadscape on February 01, 2016, 02:26:58 pm ---Full report: https://webrootsdemocracy.files.wordpress.com/2016/01/secure-voting-webroots-democracy.pdf
--- End quote ---
Just read the report. Two questions:
* You say you will utilize mobile devices as they have the best security models. My first thought was "W00T?", really? I mean I am not very good at evaluating smart phones regarding their security, but I have the subject feeling that my phone is the device where I have least control over it, regarding security.
* You say it is possible for voters to revoke votes in case they notice something went wrong. Is that a technical solution, like revokation certificates in PGP? Or is that simple the possibility to go to voting officials and state that something went wrong. Couldn't that be abused?
roadscape:
Legit.. excited to see what you guys are cooking up.
Full report: https://webrootsdemocracy.files.wordpress.com/2016/01/secure-voting-webroots-democracy.pdf
Navigation
[0] Message Index
[#] Next page
Go to full version