Closed Robrechtc closed 6 years ago
BjarniRunar
commented
7 years ago No, the voting is not verifiable, as that would prevent anonymity.
If you can prove how you voted after the fact, then your boss can threaten to fire you unless you vote correctly. This is not a theoretical problem, it has happened in real life in real elections.
BjarniRunar
commented
7 years ago To clarify - the voting is not supposed to be verifiable. Once you have cast your ballot the ties between your identity and the ballot are severed.
A malicious admin could still compromise the code or keep backups of the intermediate "still voting" state. But that is out of scope for the software itself and preventing that sort of abuse is a social / management problem.
Robrechtc
commented
7 years ago That's a very valid point. I wonder if it's possible to use a blockchain for the voting process? That way the transactions can be (and are independently) verified, while remaining anonimity (unless people share their address, of course). Thanks for the reply.
BjarniRunar
commented
7 years ago The technology is irrelevant: If people can verify their own votes, they can prove to others how they voted. And that means they can be coerced (there are some exceptions, but they are super geeky and would be hard to make user-friendly enough to benefit the general voting public).
You can't really have your cake and eat it too - it's verifiability or anonymity, not both.
Verifiability protects you against malicious admins, anonymity protects against outside influence. Depending on your circumstance, one may be more important than the other - but my personal opinion is that if you don't trust your admin, you shouldn't be doing e-voting at all.
So I think prioritising anonymity is the only sensible choice.
Robrechtc
commented
7 years ago Yeah, I realised after replying that intimidation would still be an issue but I had to get ready for work so I couldn't edit my reply. You're correct in that you can't have both, sadly.
On Tue, Jun 13, 2017 at 1:40 PM, Bjarni Rúnar Einarsson < notifications@github.com> wrote:
The technology is irrelevant: If people can verify their own votes, they can prove to others how they voted. And that means they can be coerced.
You just can't have your cake and eat it too - it's verifiability or anonymity, not both.
Verifiability protects you against malicious admins, anonymity protects against outside influence. Depending on your circumstance, one may be more important than the other - but my personal opinion is that if you don't trust your admin, you shouldn't be doing e-voting at all.
So I think prioritising anonymity is the only sensible choice.
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/piratar/wasa2il/issues/149#issuecomment-308089613, or mute the thread https://github.com/notifications/unsubscribe-auth/ACo4tto67bdvVj3g6eU14mIzZqjZ7woGks5sDnUggaJpZM4JzDBu .
helgihg
commented
6 years ago Considering the conclusion of this conversation, I'm closing this issue. Perhaps we'll invent something brilliant to handle this in the future, but for now, it'll have to remain outside of our scope. @Robrechtc @BjarniRunar
Hey folks,
Another quick question - is the voting in Wasa2il End-to-end verifiable? As a sidenote, I haven't managed to deploy it on a free Heroku server. I will be getting a VPS and am willing to host a test env for you if needed.
Thanks and good luck with the elections! Robrecht