-
### Is there an existing issue for this?
- [X] I have searched the existing issues
### which package/s did you face the problem with?
Dashboard
### What happened?
Got error 'vote failed' when try…
-
For the mock election, you submit your name and an email address for verification after voting.
You can then vote again, and on the auth page you can enter the same name and email address again.
…
-
Based on the procedures page, it appears that the voter's verification number is being randomly generated on their own device. If this is the implementation, then there will always be a chance (howeve…
-
In stead of login and user role based access control, a better solution can be verification of email
if the email address it not verified, the votes and comments are not recorded
if the email addr…
-
(quicker / perfect Voter Verification)
-
> One other nit: https://docs.siv.org/compare conflates coercion resistance and vote selling. These are actually two different things, and have different definitions in the literature (see the Bernhar…
-
Testing was done in the mock election live during DEFCON32.
If you intercept your POST request to the /api/submit-vote endpoint after you've made your selections, you can just resend the same cip…
-
On the auth screen, there is only one field for email address.
After the user submits their vote, they may accidentally mistype their email address and never get the verification email.
So at …
-
> Defense against malicious clients (e.g. a malicious browser extension) are also not described well in the documentation. There's statements about the use of QR codes here, though (again), it is uncl…
-
Protecting against "Recycled Verification # Attack"
=================================
One possible attack:
-----
Malware on your device, OR malicious voter software, wants to modify your vote …