Consider how to deal with coordinated data spoilage attacks

[Hiroip]

Problem: I couldn't find if this has been considered or not : Votes can be subject to data poisoning attacks if an ill-intent group decides to run a coordinated spam campaign on a conversation, making the end results non-genuine.

Suggested solution: Being able to remove entire vote records coming from specific sources whom vote pattern is suspicious (participants voting no on everything, several participants with identical vote records over the same period of time, etc.), just like you would remove entries from a google form survey if it has trolling answers.

Alternative suggestions:

• Using voting metrics (how fast, at what time) for automated behavior detection ?

Additional context: Say you're running a democratic debate in south-east Asia via Polis. The governing junta doesn't like it a lot and decides to ruin your efforts by rendering all results unusable via data poisoning campaigns on your anonymous voting conversation.

[metasoarous]

Thanks for bringing this up @Hiroip. This is obviously a super important issue.

Right now, our recommendation for dealing with these issues is to filter the votes/data in post-processing analyses. Our automated reported is intended as a starting point for analysis, and in high-profile cases are typically followed up by a more in depth analysis, where custom filters (and analytical tools) may be applied. For now, this is where we suggest this potential problem be dealt with. This approach does have the problem that skewed results may affect comment routing, and thus which comments participants are being sent to participants, but the potential damage here is fairly limited.

Longer term I think a couple of features would be valuable:

• The ability to moderate out participants (from the mathematical results) suspected of being part of a coordinated attack. This would leave votes and other data in the database (so they could be analyzed for evidence of such activity), but would leave them out of the results so they don't affect comment routing and visualization.
• Coordinated attack detection would be valuable. It would be hard to automatically detect all attack patterns, but there are clearly some anomalies which should be possible to recognize and surface them for administrators to deal with.

[Hiroip]

These two features would do a lot to begin with. Can you elaborate on comment routing ? In any case all participants receive all comments to vote on, right ?

[patcon]

Hiya! Comment routing is described most officially in the knowledgebase: https://compdemocracy.org/comment-routing/

There's also some more advanced notes from a technical office hours that Chris ran last month, in which @LawrenceFulton (a Computer Science student) cornered him for a walkthrough of the "math" component's logic, for his pending bachelor's project 😉