piratar / safetyvalve

2 stars 2 forks source link

island.is confirmation token on each vote #8

Open busla opened 8 years ago

busla commented 8 years ago

What´s the story behind the necessity of this validation?

helgihg commented 8 years ago

The idea was that we wanted some sort of receipt for each vote, which could in theory be validated against an external database over which we had no control over. We've lately been discussing whether this is a misplaced principle, specifically whether it creates bigger problems than it solves.

busla commented 8 years ago

Given the number of legal bills being submitted by althingi, it feels cumbersome to have to login on each vote, but that goes without saying.

I can see the importance of validating the votes. But to make the ux more friendly the votes could perhaps be validated in batch?

For instance, if I endorse and oppose a few bills, they could be queued up in my "unconfirmed votes" list and batch validated from the queue list so I only need to enter my icekey auth info once.

bjornlevi commented 8 years ago

I've commented on this before - end result is less use which is catastrophic.

busla commented 8 years ago

Less use if the votes are queued? Sorry, I dont follow.

bjornlevi commented 8 years ago

No, the current feature where you have to log in each time you vote.

busla commented 8 years ago

Right. Any thoughts on my suggestion?

bjornlevi commented 8 years ago

I like it but the more "common" ux is to first just log in and then do stuff. Not first do stuff and then log in. Although if you put it into a "cart" system for checkout ... that might work.

tomage commented 8 years ago

The problem is of course that we are using authentication as a form of signature. But yeah.. we needed a specific token to match with a specific action made by an user of the system, so that we, the admins, could not create votes for users by re-using their tokens. And I agree, I don't see a problem with using a kind of "cart" for this.

Haven't looked much into using the electronic signature mechanisms that should be in place to do signatures, but that may also be a way forward, i.e. to actually create signatures, instead of using authentication tokens.

If we were to simply remove the re-authentication, then people could more easily suggest mistrust in the system. Perhaps that's not a huge issue... There's always some level of trust people put in the system anyway.

busla commented 8 years ago

Sounds good. I´ll take a look at it this week. Just finished porting to python3 and almost done migrating Django 1.9.

PR: https://github.com/piratar/safetyvalve/pull/11

jamesrobb commented 8 years ago

Helgi and I had been speaking over the last little while about this. Eventually we began to wonder if we were trying to solve a problem that maybe doesn't really exist.

The idea of the application at its' root is engagement. We want people to be able to express how they feel about the bills coming through parliament. Surely guaranteed signatures would be ideal, but I think strictly verified signatures are less important than ease of use.

I think a good example would be the thodareign petition that went around last year. It was easy to use, and lots of people signed up. More importantly though, I don't think anyone was seriously questioning the legitimacy of the signatures. Moving forward I want to still have the icekey as an authentication option, but I want to move into being able to verify oneself via google plus or facebook. Signing needs to be painless, this much has become obvious.

busla commented 8 years ago

I agree that auth through social media should be a priority in terms of increasing engagement. What I would like to see in the near future is that SV will be the de-facto platform to create pressure on PM´s and the president.

So after people authenticate through social media and start voting, sharing on fb, talking, et.c, there might become a point where a bill would reach the pressure point with thousands of votes with only social media signatures behind it. To make the petition legit, people would need to come back and sign with icekey. Another option would be that the system starts a campain (email, social media, whatever) when a lower threshold has been reached (whatever that threshold may be) to encourage people to come back and validate their vote.

busla commented 8 years ago

I think the idea of adding a user signup through social media is great and use icekey only if needed. For instance if for some reason there was a need for legit validation like scrutiny from the media.

Another idea: Aswell as using social-media-auth we could design a simple hybrid app with push notification when petitions are added so votes can be made with a single click.

helgihg commented 8 years ago

I think the word "catastrophic" is quite accurate to describe the lack of engagement due to the IceKey. I fear that the problem is deeper than having to use the IceKey for every signup - in fact, I think the biggest hurdle is simply getting people to apply for and use the IceKey in the first place, nevermind how often they have to use it. Hopefully and quite possibly I'm wrong, though.

James and I have discussed this a few times but never really come up with a concrete plan. We definitely need fundamental change, though. It must be admitted that the project hasn't reached its goals, but it has however provided valuable insights.

Here's an idea which I'd like your input on.

  1. Change the root mechanism to a sort of login-unifier of a sorts. People sign up with the IceKey, but can then sign by email address (via confirmation link), or authenticate using Facebook or Google+ or whatever single sign-on mechanism preferred by the user in order to sign in the future. That way it's painless once you've used the IceKey once.

This may impact verifiability a bit, but probably mostly by complicating the verification process. If the login services of Google+ and Facebook provide some sort of "token" or "receipt", then the authentication is quite reliable, although perhaps not 100% as reliable as an IceKey login each time. This point is even debatable on the merits of whether the security risks involved are simply due to the nature of the internet. These authentication mechanisms are probably no less secure than the IceKey in and of themselves. Some of them might arguably even be more secure.

At any rate, the core idea would then be that the website allows easy authentication for people with the IceKey or Icelandic electronic ID. This could be useful for a whole host of different things, including what SafetyValve already does, which is collect signatures in regard to issues in Parliament.

Any thoughts? Should we go this route or no? :)

busla commented 8 years ago

:+1:

This definitely would make voting a simpler task and no re-authentication needed as suggested with voting-cart.

If this route is taken, I would like to suggest that the project will be developed as a package right from the start.

busla commented 8 years ago

Been thinking about this since my earlier comment.

I think there needs to be a discussion about the fundamental purpose of the project. Maybe I am misunderstanding the whole thing but how I see it, the fundamental purpose is to produce a tool that can have an affect on how people see themselves as participants in a societal change. I´m going to base my argument on that premise, so please correct me if I´m wrong.

To be a participant, I will need to be able do participate with the least amount of hurdles as possible. The Icekey is definitely a big one, an authentication that people use rarely and no one remembers their password. As mentioned multiple times, social media will definitely decrease those hurdles.

A radical thought: Why not adding the Icekey at a later stage and use only social media as an entry point? The downside is the scrutiny that will be raised if thousands of votes will be collected, but right now, it seems to be impossible to get even hundreds of votes when the Icekey auth is being used.

There will definitely be a few bogus votes, but to produce any conversation the votes need to exist. Could the Icekey be implemented at a later stage? If the votes reach the upper limit of 40.000 (as suggested by the new constitution committee to be the threshold for a referendum) everyone would be asked by mail or whatever to confirm their vote. Removing the Icekey is more likely to increase engagement and therefore raise awareness even if some of it is bogus. So maybe it´s a question of figuring out a way to ask people for Icekey confirmation if a bill receives thousands of votes, since that´s when SV can actually have an impact.

helgihg commented 8 years ago

It's not a completely insane idea. Hopefully we can remedy that by exploring it further.

Okay, so, basically, your idea is to make it really easy until it needs to get hard, which is when it reaches a point where verifiability actually becomes an issue. I must admit that the idea gives me a bit of an ick, but I can't say I hate the idea. At least not nearly as much as trying to make sense of Mein Kampf, for a completely random example.

One problem that comes to mind is that the people who are willing to prove their identity with the IceKey afterwards will be far fewer than those who are willing to log in with Facebook. We'll probably have the same problem, only later. Possibly, we might be able to negate the effect though, if by signing in by whichever means the user chooses (Facebook, Google+, email, whatever), he/she agrees to possibly be contacted at a later stage when more proof of identity is required.

Then, if we reach, say 50.000 people we could take a random scoop of users, say 500 or 1.000 of them or something (maybe some percentage), and generally try to verify their identity by asking them to confirm by IceKey or electronic ID. I don't know if it produced viable statistics, but maybe we can determine the percentage of illigetimate signatures. Those who don't do it can be pestered more, or manually, seeing that they agreed to the possibility when they signed up.

I believe this does have privacy issues which must be dealt with explicitly in some sort of EULA, but I can't see anything wrong with that if we have a first-signup process unlike we have now.

busla commented 8 years ago

Right. If the Icekey is a strict requirement, then I think the point in time where it will be used should be related to how many votes SV can gather before that happens. Then a percentage could be sent an Icekey-login-email if the votes reach a certain threshold

Those who don't do it can be pestered more, or manually, seeing that they agreed to the possibility when they signed up.

I think this might also prevent some of the bogus registrants to actually signup since they know that they might need to verify their account with Icekey at a later stage.

Edit: I also think that it´s an incentive for people to sign in with the Icekey and going through that hassle, after the threshold has been reach, knowing that they might actually have an impact on law proposals being submitted. That incentive doesn´t really exist if there are only a few votes, which is the problem now.

bjornlevi commented 8 years ago

Logging in with the IceKey each time you vote was, as I've always maintained, a disastrous design idea. OAuth log in with IceKey verification should be good enough.

On Tue, Mar 15, 2016 at 7:56 PM, Jón Levy notifications@github.com wrote:

Right. If the Icekey is a strict requirement, then I think the point in time where it will be used should be related to how many votes SV can gather before that happens. Then a percentage (or everyone) could be sent an Icekey-login-email if the votes reach a certain threshold.

Those who don't do it can be pestered more, or manually, seeing that they agreed to the possibility when they signed up. I think this might prevent some of the bogus registrants to actually signup since they know that they might need to verify their account with Icekey at a later stage.

— You are receiving this because you commented. Reply to this email directly or view it on GitHub https://github.com/piratar/safetyvalve/issues/8#issuecomment-196996387

busla commented 8 years ago

I would really, really, really like to see SV move towards social media auth as soon as possible, preferrably before the next prez elections.

As I mentioned before, the main reason I am interested in SV is to pressure the prez to take votes from the public into account before signing bills from the gov, and pipe them to a referendum.

We might disagree on this from an idealogical standpoint but I am throwing this out there :-)

Can we meet to discuss asap and try to push this project forward?

Kveðja

Jón Levy 7798217 github.com/busla

On 16 Mar 2016, at 08:41, bjornlevi notifications@github.com wrote:

Logging in with the IceKey each time you vote was, as I've always maintained, a disastrous design idea. OAuth log in with IceKey verification should be good enough.

On Tue, Mar 15, 2016 at 7:56 PM, Jón Levy notifications@github.com wrote:

Right. If the Icekey is a strict requirement, then I think the point in time where it will be used should be related to how many votes SV can gather before that happens. Then a percentage (or everyone) could be sent an Icekey-login-email if the votes reach a certain threshold.

Those who don't do it can be pestered more, or manually, seeing that they agreed to the possibility when they signed up. I think this might prevent some of the bogus registrants to actually signup since they know that they might need to verify their account with Icekey at a later stage.

— You are receiving this because you commented. Reply to this email directly or view it on GitHub https://github.com/piratar/safetyvalve/issues/8#issuecomment-196996387

— You are receiving this because you authored the thread. Reply to this email directly or view it on GitHub

jamesrobb commented 8 years ago

Hey Jón,

Yes, we can definitely meet. Sorry for the late reply. That being said, I think Helgi and I are a go for your ideas on the authentication system.

Helgi will take care of getting you access to the server, and either him or I will give you the access you need for the repo very soon.

Sound good?

When would you like to meet? I'd prefer if it was after next Friday.

//-- James Robb //-- +354.666.0887 (Iceland/Ísland) On Apr 10, 2016 6:30 PM, "Jón Levy" notifications@github.com wrote:

I would really, really, really like to see SV move towards social media auth as soon as possible, preferrably before the next prez elections.

As I mentioned before, the main reason I am interested in SV is to pressure the prez to take votes from the public into account before signing bills from the gov, and pipe them to a referendum.

We might disagree on this from an idealogical standpoint but I am throwing this out there :-)

Can we meet to discuss asap and try to push this project forward?

Kveðja

Jón Levy 7798217 github.com/busla

On 16 Mar 2016, at 08:41, bjornlevi notifications@github.com wrote:

Logging in with the IceKey each time you vote was, as I've always maintained, a disastrous design idea. OAuth log in with IceKey verification should be good enough.

On Tue, Mar 15, 2016 at 7:56 PM, Jón Levy notifications@github.com wrote:

Right. If the Icekey is a strict requirement, then I think the point in time where it will be used should be related to how many votes SV can gather before that happens. Then a percentage (or everyone) could be sent an Icekey-login-email if the votes reach a certain threshold.

Those who don't do it can be pestered more, or manually, seeing that they agreed to the possibility when they signed up. I think this might prevent some of the bogus registrants to actually signup since they know that they might need to verify their account with Icekey at a later stage.

— You are receiving this because you commented. Reply to this email directly or view it on GitHub https://github.com/piratar/safetyvalve/issues/8#issuecomment-196996387

— You are receiving this because you authored the thread. Reply to this email directly or view it on GitHub

— You are receiving this because you commented. Reply to this email directly or view it on GitHub https://github.com/piratar/safetyvalve/issues/8#issuecomment-208041070

busla commented 8 years ago

Hey,

Sounds great.

I will be available the week after so I suggest we talk again next weekend to fix a date sometime next week?

On 15 Apr 2016, at 19:27, James Robb notifications@github.com wrote:

Hey Jón,

Yes, we can definitely meet. Sorry for the late reply. That being said, I think Helgi and I are a go for your ideas on the authentication system.

Helgi will take care of getting you access to the server, and either him or I will give you the access you need for the repo very soon.

Sound good?

When would you like to meet? I'd prefer if it was after next Friday.

//-- James Robb //-- +354.666.0887 (Iceland/Ísland) On Apr 10, 2016 6:30 PM, "Jón Levy" notifications@github.com wrote:

I would really, really, really like to see SV move towards social media auth as soon as possible, preferrably before the next prez elections.

As I mentioned before, the main reason I am interested in SV is to pressure the prez to take votes from the public into account before signing bills from the gov, and pipe them to a referendum.

We might disagree on this from an idealogical standpoint but I am throwing this out there :-)

Can we meet to discuss asap and try to push this project forward?

Kveðja

Jón Levy 7798217 github.com/busla

On 16 Mar 2016, at 08:41, bjornlevi notifications@github.com wrote:

Logging in with the IceKey each time you vote was, as I've always maintained, a disastrous design idea. OAuth log in with IceKey verification should be good enough.

On Tue, Mar 15, 2016 at 7:56 PM, Jón Levy notifications@github.com wrote:

Right. If the Icekey is a strict requirement, then I think the point in time where it will be used should be related to how many votes SV can gather before that happens. Then a percentage (or everyone) could be sent an Icekey-login-email if the votes reach a certain threshold.

Those who don't do it can be pestered more, or manually, seeing that they agreed to the possibility when they signed up. I think this might prevent some of the bogus registrants to actually signup since they know that they might need to verify their account with Icekey at a later stage.

— You are receiving this because you commented. Reply to this email directly or view it on GitHub https://github.com/piratar/safetyvalve/issues/8#issuecomment-196996387

— You are receiving this because you authored the thread. Reply to this email directly or view it on GitHub

— You are receiving this because you commented. Reply to this email directly or view it on GitHub https://github.com/piratar/safetyvalve/issues/8#issuecomment-208041070

— You are receiving this because you authored the thread. Reply to this email directly or view it on GitHub