Aqu 18, 01 / Jan 18, 17 23:53 UTC
Re: How to secure on-line voting? ¶
Reason: leaving asgardia
Aqu 20, 01 / Jan 20, 17 16:52 UTC
If you want to waste tens of thousands of cycles for basically no reason.
Aqu 20, 01 / Jan 20, 17 18:46 UTC
Aqu 24, 01 / Jan 24, 17 11:07 UTC
What actually is the purpose though?
Blockchains make sense for, say, holding a ledger to process financial transactions. I don't see what it would do to improve security. Just waste cycles. Which could otherwise be used in something with purpose, like the user using their computer.
Pis 01, 01 / Jan 29, 17 19:14 UTC
I think that the best way to secure on-line voting is that every Asgardian votes via her/his account in the Asgardia website. Every Asgardian will choose her/his password personally for the login process to the personal so that its privacy will be her/his own responsibility.
After Asgardia is recognized as a state in the United Nations, every Asgardian should have an identity card as like as citizens of any other nation on Earth. I suggest that the asgardian ID card will have a number of 3 digits similar to VAT number on the visa card and this 3-digits number will be required for the voting through the personal account in asgardia.space website.
Pis 01, 01 / Jan 29, 17 23:45 UTC
The "best" way would be to have a password - preferably passphrase - unlock a PKCS-11/X.509 key that is then used as authentication. In the case of X.509 it's trivial to have certificates revoked and or have the user update fresh ones when they've inevitably allowed their passphrase to become compromised.
As this can all take place without the key ever leaving the local machine it's far more secure than ever inputing details into a website, for someone else to hold where you then have to question how they've protected such data because their 1970's data security protocols prevent them informing you. Even when their inattention results in systems compromise, your auth details are still secure.
Pis 02, 01 / Jan 30, 17 10:45 UTC
We could use homomorphic encryption : https://en.wikipedia.org/wiki/Homomorphic_encryption. This way we can cipher our vote locally and then make it public in a blockchain (for example by sending 0,X bitcoins to ourselves, with X being the cipher text). Then everyone can check what is the final decision We still have to ensure a few things such as: a person votes at most once and (depending on the vote) for at most one candidate.
However, I think that our current main issue is the authentication. We have currently no way to check that a person has at most one account.
Pis 02, 01 / Jan 30, 17 12:40 UTC
The easiest way to check if someone is using more than one account is to keep it centralised. Access can be controlled easier. This also makes it a lot easy to keep it secured, generally. You don't have to worry about what individuals are doing with their local copy of your algorythm, for a start. Typically when sanely designing a secure system the idea is to keep as much data out of public access as possible. They only give them what you need them to have, no more, and only accept valid responses.
And again, a blockchain just adds needless complexity, offers no additional security over a sensibly deployed method, and offers complete tracability in terms of what user has voted for what and thusly gives rise to concepts like me knowing if you've voted the way I've paid you to. Which I would need to know before you get your money. So basically perfect if you like wasting cycles on other people's hardware and are desperate to setup something easily crippled by corruption and greed.
The main issue with the current setup is indeed currently authentication - this doesn't impact multiple accounts being held, just the user being the one expected. However, something like PKCS-11/X.509 embedded into a user's passport is a little difficult, if implimented correctly, to end up with duplicate users with alternate identities, and if secured with a reasonable passphrase, almost impossible for an unautherised user to operate. However, lacking passports currently just X.509 can be used as a reasonable form of authentication - it seems to work well enough for my hardware - this ofc doesn't mitigate the possiblity of posessing more than one account. But neither would a blockchain. It'd just fail on that much more efficiently than a blockchain would.
The best way to mitigate multiple signups would be to actively seek known public proxy sites, TOR exit nodes etc and lock them from the signup process(this should already be in place if they knew what they was doing) as well as noting the same IP/Hardware fingerprints signing up for more than one account and filing this for investigation. Sometimes there are legitimately two or more users of the same hardware, and the same IP can be shared by many(typically a lot less in a "home" environemnt). Ultimately things like user behaviour, access times and locations etc speak volumes.
Cap 06, 01 / Dec 8, 17 22:37 UTC
We may want to look to Estonia which has completely digitalized their government and citizen access to services.
Surely, they have a good idea for a solution.
Cap 06, 01 / Dec 8, 17 22:40 UTC
This comes from my candidacy platform under comprehensive website redesign:
* (Asgard.Space) The public facing website which will be used for: public dissemination of information about Asgardia in general and publicly available information for its citizens.
* (e-gov.Asgard.Space) for citizens interaction with the government such as: application for citizenship, application for services, paying taxes, voting, banking, etc. We can look to Estonia which has completely digitized their government (and includes an app) for an implementation.
* (community.Asgard.Space) for all that is needed for volunteer workflow to get stuff done for the various ministries; various forums and social features for citizens and visitors interact with.