search

siv-org / siv

Secure Internet Voting protocol
https://siv.org
Other
12 stars 9 forks source link

Clarity around Safari localStorage purging #76

Open dsernst opened 2 years ago

dsernst commented 2 years ago

See https://github.com/mdn/content/issues/8510, which is still unclear.

dsernst commented 2 years ago

If there is an issue here, the implications are:

  1. voters using Safari (web or mobile) would lose their private verification #s after not opening the SIV domain for a week. Then they can't do personal voter verification. Could still use their Submission Receipt in their email to confirm their encrypted vote is in the final list + Universal Verification checks.
  2. verifying observers using Safari (web or mobile) would lose their private key after a week of not opening the SIV domain. This could make votes unable to be unlocked, affecting Robustness of the election.
dsernst commented 2 years ago

We are already tracking user agent strings for both voters & observers, so we can see historically how many people this would affect, and any new elections going forward, if it is an issue, we could send them a message before it's too late.

dsernst commented 2 years ago

Related to https://github.com/dsernst/siv/issues/47, as w/ that issue, in both cases we just want to warn the user about this, and encourage them to also back up this important data in another place if necessary.