ISF Logo   IS Forum
Forum Index Register Members List Events Mark Forums Read Help

Go Back   International Skeptics Forum » General Topics » USA Politics
 


Welcome to the International Skeptics Forum, where we discuss skepticism, critical thinking, the paranormal and science in a friendly but lively way. You are currently viewing the forum as a guest, which means you are missing out on discussing matters that are of interest to you. Please consider registering so you can gain full use of the forum features and interact with other Members. Registration is simple, fast and free! Click here to register today.
Reply
Old 14th August 2018, 05:42 PM   #361
psionl0
Skeptical about skeptics
 
psionl0's Avatar
 
Join Date: Sep 2010
Location: 31°57'S 115°57'E
Posts: 13,450
GOTO 358
__________________
"The process by which banks create money is so simple that the mind is repelled. Where something so important is involved, a deeper mystery seems only decent." - Galbraith, 1975
psionl0 is offline   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 14th August 2018, 06:08 PM   #362
Upchurch
Papa Funkosophy
 
Upchurch's Avatar
 
Join Date: May 2002
Location: St. Louis, MO
Posts: 31,020
Smile

Originally Posted by psionl0 View Post
Yeah. You're putting your trust in an unknown unverified third-party client and your solution to the potential security threat is to just go out and put your trust in a different unknown unverified third-party client.

At that point, why bother with pretense? Why not just let the country that bid the highest pick our leaders for us?
__________________
"There is nothing more deceptive than an obvious fact." -- Sherlock Holmes.
"It’s easier to fool people than to convince them that they have been fooled." -- Mark Twain, maybe.
Upchurch is offline   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 14th August 2018, 07:00 PM   #363
psionl0
Skeptical about skeptics
 
psionl0's Avatar
 
Join Date: Sep 2010
Location: 31°57'S 115°57'E
Posts: 13,450
Originally Posted by Upchurch View Post
Yeah. You're putting your trust in an unknown unverified third-party client and your solution to the potential security threat is to just go out and put your trust in a different unknown unverified third-party client.

At that point, why bother with pretense? Why not just let the country that bid the highest pick our leaders for us?
Stop embarrassing yourself! Needing a computer to read computer data is the least surprising fact in the world.

If you were limited to using propriety closed source software to view a blockchain then yes, there would be a problem. But you can use any software that you choose so there is no problem. It is impossible to get a bogus reading on a blockchain either personally or at an official level.

Similarly, it would be impossible to get a false vote total from a blockchain because every interested person would be able to personally verify the count using any software that they choose.
__________________
"The process by which banks create money is so simple that the mind is repelled. Where something so important is involved, a deeper mystery seems only decent." - Galbraith, 1975

Last edited by psionl0; 14th August 2018 at 07:03 PM.
psionl0 is offline   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 14th August 2018, 08:34 PM   #364
Upchurch
Papa Funkosophy
 
Upchurch's Avatar
 
Join Date: May 2002
Location: St. Louis, MO
Posts: 31,020
Originally Posted by psionl0 View Post
Stop embarrassing yourself! Needing a computer to read computer data is the least surprising fact in the world.
A third party interpreter app, is not “needing a computer” and it puts an asterisk next to the claim of transparency.


Originally Posted by psionl0 View Post
It is impossible to get a bogus reading on a blockchain either personally or at an official level.
Are you saying it is impossible for a bad actor to create and distribute an app that misrepresents the contents of a blockchain to its users? Or multiple apps that do so? Or flood the market with such apps to the point where it becomes impossible to tell good apps from bad?

Have you ever dealt with security before? You’re not thinking like a hacker.



Full disclosure: I used to work for a company that took advantage of SEO in a way that was not illegal, but certainly wasn’t what I would call 100% ethical either. I put together systems that would look different depending on whether you were a human, a bot, or an ad click reviewer, force ad styles to be identical to search results, and even a click-jacking scheme that tricked the user into giving a Facebook like when they thought they were clicking something else. I once made a shopping site that was nearly impossible to complete an actual sale, including a captcha that was often intentionally illegible. For nearly three years, I made the internet a slightly worse place to be and I made good money doing it.

I absolutely guarantee if there are fractions of a penny per compromised vote to be made online, hundreds or thousands of people will exploit every single vector to get that money.
__________________
"There is nothing more deceptive than an obvious fact." -- Sherlock Holmes.
"It’s easier to fool people than to convince them that they have been fooled." -- Mark Twain, maybe.
Upchurch is offline   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 14th August 2018, 09:23 PM   #365
psionl0
Skeptical about skeptics
 
psionl0's Avatar
 
Join Date: Sep 2010
Location: 31°57'S 115°57'E
Posts: 13,450
Originally Posted by Upchurch View Post
Are you saying it is impossible for a bad actor to create and distribute an app that misrepresents the contents of a blockchain to its users? Or multiple apps that do so? Or flood the market with such apps to the point where it becomes impossible to tell good apps from bad?

Have you ever dealt with security before? You’re not thinking like a hacker.
And your thinking is so vertical that you can't imagine how having many different apps (some free, some propriety and many open source) minimizes the possibility of miscounting votes.

The only possibility for error would come from a human source. The electoral commission might decide to use secret propriety software that turns out to be compromised to count the votes. Like most "we can't do anything wrong" type bureaucracies, they might refuse to listen no matter how many voices say that their tally is wrong. More likely however, it would end up as a court case.
__________________
"The process by which banks create money is so simple that the mind is repelled. Where something so important is involved, a deeper mystery seems only decent." - Galbraith, 1975
psionl0 is offline   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 14th August 2018, 09:30 PM   #366
WilliamSeger
Illuminator
 
WilliamSeger's Avatar
 
Join Date: Nov 2006
Posts: 3,976
Originally Posted by psionl0 View Post
You apparently have a very specific algorithm in mind whereas I was intending to be more general with these vote encryption algorithms.

From the Monero website:

They are using ring signatures. That's a way to insure that some member of a group signed a transaction without identifying which member. Please explain how that would be used to verify that the vote I cast actually made it into the blockchain.
WilliamSeger is online now   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 14th August 2018, 09:51 PM   #367
psionl0
Skeptical about skeptics
 
psionl0's Avatar
 
Join Date: Sep 2010
Location: 31°57'S 115°57'E
Posts: 13,450
Originally Posted by WilliamSeger View Post
They are using ring signatures. That's a way to insure that some member of a group signed a transaction without identifying which member. Please explain how that would be used to verify that the vote I cast actually made it into the blockchain.
The Monero website has a FAQ section (https://getmonero.org/get-started/faq/) that goes into some detail about your questions.
__________________
"The process by which banks create money is so simple that the mind is repelled. Where something so important is involved, a deeper mystery seems only decent." - Galbraith, 1975
psionl0 is offline   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 14th August 2018, 10:30 PM   #368
WilliamSeger
Illuminator
 
WilliamSeger's Avatar
 
Join Date: Nov 2006
Posts: 3,976
Originally Posted by psionl0 View Post
The Monero website has a FAQ section (https://getmonero.org/get-started/faq/) that goes into some detail about your questions.
No it doesn't, but that's mainly because Monero appears to be a cryptocurrency financial transaction system, whereas you haven't yet explained precisely how you would use blockchain in your proposed voting system. Depending on your answer (if you ever have one), if it does address the particular question I asked, then it raises others. As best I can tell, it appears that in the system you're imagining, each voter would need to have the equivalent of a cryptocurrency wallet to use it -- is that correct? If so, where are these wallets stored, and how are they accessed?
WilliamSeger is online now   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 14th August 2018, 11:16 PM   #369
psionl0
Skeptical about skeptics
 
psionl0's Avatar
 
Join Date: Sep 2010
Location: 31°57'S 115°57'E
Posts: 13,450
Originally Posted by WilliamSeger View Post
No it doesn't, but that's mainly because Monero appears to be a cryptocurrency financial transaction system, whereas you haven't yet explained precisely how you would use blockchain in your proposed voting system. Depending on your answer (if you ever have one), if it does address the particular question I asked, then it raises others. As best I can tell, it appears that in the system you're imagining, each voter would need to have the equivalent of a cryptocurrency wallet to use it -- is that correct? If so, where are these wallets stored, and how are they accessed?
Why do you expect me to design the entire system?

What matters is that it can be done on the blockchain even though verybody else is saying that blockchain is such a small part of the electronic voting process that it is irrelevant. You were saying that yourself originally.
__________________
"The process by which banks create money is so simple that the mind is repelled. Where something so important is involved, a deeper mystery seems only decent." - Galbraith, 1975
psionl0 is offline   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 14th August 2018, 11:38 PM   #370
WilliamSeger
Illuminator
 
WilliamSeger's Avatar
 
Join Date: Nov 2006
Posts: 3,976
Originally Posted by psionl0 View Post
Why do you expect me to design the entire system?

What matters is that it can be done on the blockchain even though verybody else is saying that blockchain is such a small part of the electronic voting process that it is irrelevant. You were saying that yourself originally.

Oh, I still am, for many reasons that you simply assume can be designed away. Why should I accept that assumption when it doesn't appear that you have answers to fundamental issues? Can you at least answer the last question: Are you imagining a system where each voter needs a private "wallet," and if so, where are these stored? I know the answer for cryptocurrency systems; I'm asking if you have something different in mind for a voting system.
WilliamSeger is online now   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 15th August 2018, 02:00 AM   #371
psionl0
Skeptical about skeptics
 
psionl0's Avatar
 
Join Date: Sep 2010
Location: 31°57'S 115°57'E
Posts: 13,450
Originally Posted by WilliamSeger View Post
Oh, I still am, for many reasons that you simply assume can be designed away. Why should I accept that assumption when it doesn't appear that you have answers to fundamental issues? Can you at least answer the last question: Are you imagining a system where each voter needs a private "wallet," and if so, where are these stored? I know the answer for cryptocurrency systems; I'm asking if you have something different in mind for a voting system.
The mechanics of storing a file on a computer and storing a message on the blockchain is a fundamental issue for you?

You are still trying to tell us that there is a back door around the SHA256 algorithm so what could I possibly say that you would even believe? Maybe if you were honest and told me what sort of "GOTCHA!" you had in mind I could give a better answer.
__________________
"The process by which banks create money is so simple that the mind is repelled. Where something so important is involved, a deeper mystery seems only decent." - Galbraith, 1975
psionl0 is offline   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 15th August 2018, 03:53 AM   #372
Upchurch
Papa Funkosophy
 
Upchurch's Avatar
 
Join Date: May 2002
Location: St. Louis, MO
Posts: 31,020
Originally Posted by psionl0 View Post
And your thinking is so vertical that you can't imagine how having many different apps (some free, some propriety and many open source) minimizes the possibility of miscounting votes.
Evasion noted.

I also took a look at BlockExplorer, which I chose specifically for the generic name. The rest in a quick google all seemed to be bitcoin specific. BlockExplorer is also bitcoin specific. This tells me that blockchain explorers are implementation specific, meaning you can’t use a bitcoin explorer to make sense of a voting blockchain. Blockchain handles the encryption, but doesn’t make sense of the data. You need a parser specific to the data format being used for it to be human readable.

I did not find a standardized data format for political elections. I’m guessing that there isn’t one and almost certainly isn’t one for US federal elections, which means there isn’t a wide and public selection of explorers for it.

But here is the kicker, BlockExplorer is not a secured stand-alone app existing on your device in a way that can be locked down. It is a web app written in node, flippin’ javascript, used in a browser.

As soon as the US federal standardized blockchain data format is published, there will be as many blockchain readers available as there are medical advice websites, and they’ll be about as reliable. Not counting spoofs of the more popular readers.


But, that’s just one reader implementation. For argument’s sake, if we had online US federal elections tomorrow, which open source blockchain reader would you be using to check the election’s progress and results?
__________________
"There is nothing more deceptive than an obvious fact." -- Sherlock Holmes.
"It’s easier to fool people than to convince them that they have been fooled." -- Mark Twain, maybe.
Upchurch is offline   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 15th August 2018, 04:12 AM   #373
jimbob
Uncritical "thinker"
 
jimbob's Avatar
 
Join Date: Jan 2007
Location: UK
Posts: 19,317
Open Source is also not a guarantee against holes.

ETA, just that there are more potential people checking the code.
__________________
OECD healthcare spending
Expenditure on healthcare
http://www.oecd.org/els/health-systems/health-data.htm
link is 2015 data (2013 Data below):
UK 8.5% of GDP of which 83.3% is public expenditure - 7.1% of GDP is public spending
US 16.4% of GDP of which 48.2% is public expenditure - 7.9% of GDP is public spending

Last edited by jimbob; 15th August 2018 at 04:19 AM.
jimbob is online now   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 15th August 2018, 04:30 AM   #374
jimbob
Uncritical "thinker"
 
jimbob's Avatar
 
Join Date: Jan 2007
Location: UK
Posts: 19,317
If you are standardising your voting on a blockchain-based system, you then have the potential for the more paranoid hardware attacks as well.

The US military is concerned about the possibility of chips being compromised between design and manufacture (adding extra logic circuitry onto the mask designs at the fab where it's made).

It could be worth it to add something similar to the cpus for a range of phones so that with the right inputs it adds a layer between the voting software input and output - mapping them as desired.

If the prize is a country, then the stakes are high.
__________________
OECD healthcare spending
Expenditure on healthcare
http://www.oecd.org/els/health-systems/health-data.htm
link is 2015 data (2013 Data below):
UK 8.5% of GDP of which 83.3% is public expenditure - 7.1% of GDP is public spending
US 16.4% of GDP of which 48.2% is public expenditure - 7.9% of GDP is public spending
jimbob is online now   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 15th August 2018, 04:41 AM   #375
Upchurch
Papa Funkosophy
 
Upchurch's Avatar
 
Join Date: May 2002
Location: St. Louis, MO
Posts: 31,020
Originally Posted by jimbob View Post
If the prize is a country, then the stakes are high.
This x1000

Earlier in the thread, I said your vote is way more valuable than your bank account. This is why.

What is good enough for your personal checking account is not good enough for your vote. We should stop pretending they are, in any way, equivalent.
__________________
"There is nothing more deceptive than an obvious fact." -- Sherlock Holmes.
"It’s easier to fool people than to convince them that they have been fooled." -- Mark Twain, maybe.
Upchurch is offline   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 15th August 2018, 06:09 AM   #376
lomiller
Philosopher
 
lomiller's Avatar
 
Join Date: Jul 2007
Posts: 9,360
Originally Posted by Upchurch View Post
That’s kind of the point, isn’t it. If you cannot read the raw file, you’re introducing yet another layer of trust between auditors and the record being audited. That a blockchain requires a specialized software to read them is a weakness, not an acceptable assumption.

I honestly don’t know why you’re surprised by this. I’ve been pointing out this particular flaw from the beginning.
I suspect he’s the type that when a gets a popup with that has an X with “Close” written beside it, he just blindly clicks on it. I mean it says close right, no one would put that there if it wasn’t to close the window right?


IOW he seems to be assuming software can be taken at face value, and that it's doing what it says and only what it says. =This was always a bad idea, but an especially bad one today where harvesting your information they to sell is big business.
__________________
"Anything's possible, but only a few things actually happen"
lomiller is online now   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 15th August 2018, 06:26 AM   #377
WilliamSeger
Illuminator
 
WilliamSeger's Avatar
 
Join Date: Nov 2006
Posts: 3,976
Originally Posted by psionl0 View Post
The mechanics of storing a file on a computer and storing a message on the blockchain is a fundamental issue for you?

You are still trying to tell us that there is a back door around the SHA256 algorithm so what could I possibly say that you would even believe? Maybe if you were honest and told me what sort of "GOTCHA!" you had in mind I could give a better answer.

If I were honest? Sheesh, I give up.
WilliamSeger is online now   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 15th August 2018, 06:49 AM   #378
Upchurch
Papa Funkosophy
 
Upchurch's Avatar
 
Join Date: May 2002
Location: St. Louis, MO
Posts: 31,020
Okay. Let me lift my skirt a bit more and explain something I, personally, have pulled off before.

We had a website that showed a series of pictures, I forget the content of the pictures. In a "hot or not" sort of interface, we had two big buttons under each picture. One was definitely "Like" and the other was some synonym of "dislike".

What would happen is that when the user moved their mouse over our Like button, I would insert a 1x1 px iframe under the pointer that contained a second page with a Facebook like button. When the user clicked the mouse, they were actually clicking on Facebook's like button, registering the data on their social graph with all the yummy SEO benefits that go with it. I would then listen for the event that Facebook would emit with that like click and programmatically click our Like button for them that they could see on the screen. From the user's perspective, they clicked our button and it reacted the way they expected it to, with absolutely no knowledge that we were utilizing their social capital to boost whatever it is we were trying to boost.

To their credit, Facebook started to clue in on what we were doing and took counter measures by rate-limiting our Facebook likes. I should point out that they were only noticing suspicious behavior and didn't know the exact nature of what was happening. My next step, if I had been truly evil and let my bosses know, would have been to cut back on the attempted number of click-jacking attacks to, for example, 1-in-20 or 1-in-100, still getting the advantage in aggregate, but at a lower harder-to-detect pace.

This is the level of shenanigans I'm talking about. And that was just get a few extra likes on Facebook. Elections control the fate of the country with the strongest military on Earth.
__________________
"There is nothing more deceptive than an obvious fact." -- Sherlock Holmes.
"It’s easier to fool people than to convince them that they have been fooled." -- Mark Twain, maybe.

Last edited by Upchurch; 15th August 2018 at 06:51 AM.
Upchurch is offline   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 15th August 2018, 07:01 AM   #379
Mongrel
Begging for Scraps
 
Mongrel's Avatar
 
Join Date: Aug 2004
Location: 20 minutes in the future
Posts: 1,841
Originally Posted by jimbob View Post
Open Source is also not a guarantee against holes.

ETA, just that there are more potential people checking the code.
See Heartbleed

Quote:
The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library
__________________
“Ignorance more frequently begets confidence than does knowledge: it is those who know little, and not those who know much, who so positively assert that this or that problem will never be solved by science.” - Charles Darwin

...like so many contemporary philosophers he especially enjoyed giving helpful advice to people who were happier than he was. - Tom Lehrer
Mongrel is offline   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 15th August 2018, 07:33 AM   #380
psionl0
Skeptical about skeptics
 
psionl0's Avatar
 
Join Date: Sep 2010
Location: 31°57'S 115°57'E
Posts: 13,450
Originally Posted by Upchurch View Post
Evasion On topic response noted.
ftfy.

Originally Posted by Upchurch View Post
I also took a look at BlockExplorer, which I chose specifically for the generic name. The rest in a quick google all seemed to be bitcoin specific. BlockExplorer is also bitcoin specific. This tells me that blockchain explorers are implementation specific, meaning you can’t use a bitcoin explorer to make sense of a voting blockchain. Blockchain handles the encryption, but doesn’t make sense of the data. You need a parser specific to the data format being used for it to be human readable.
Are you really that pathetic? Did you seriously believe that any old blockchain explorer could read every blockchain that may or may not yet exist? Do you also believe that motor car and motor cycle parts are interchangeable?

Once a format for a voting blockchain has been specified you can be sure that programmers all around the world will be writing code to read and analyze it. They won't be able to do anything to the blockchain itself. At worst, an explorer will interpret the blockchain incorrectly.
__________________
"The process by which banks create money is so simple that the mind is repelled. Where something so important is involved, a deeper mystery seems only decent." - Galbraith, 1975

Last edited by psionl0; 15th August 2018 at 07:35 AM.
psionl0 is offline   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 15th August 2018, 07:56 AM   #381
Upchurch
Papa Funkosophy
 
Upchurch's Avatar
 
Join Date: May 2002
Location: St. Louis, MO
Posts: 31,020
Originally Posted by psionl0 View Post
ftfy.
You avoided my question. Yes, that's evasion. I noted it.


Originally Posted by psionl0 View Post
Are you really that pathetic? Did you seriously believe that any old blockchain explorer could read every blockchain that may or may not yet exist? Do you also believe that motor car and motor cycle parts are interchangeable?
More ad hominem.

You said:
Originally Posted by psionl0 View Post
Of course it's transparent. In the case of bitcoin, there are many blockchain explorers that one could use to see what is happening. If you don't trust one explorer then you can simply use another one. No skill is required. The results are displayed in plain English.
But the point is (1) there are not many blockchain explorers that one can use to see what is happening in a voting blockchain. They will have to be built, which leads to (2) you will have to trust the people who build the explorers. They are presenting the data to you. You are not seeing it for yourself. There are people, perhaps unknown people, between you and the raw data.

That's not transparency.

Originally Posted by psionl0 View Post
Once a format for a voting blockchain has been specified you can be sure that programmers all around the world will be writing code to read and analyze it. They won't be able to do anything to the blockchain itself. At worst, an explorer will interpret the blockchain incorrectly.
Okay, but which ones do you trust? Which ones do the people on the other side of a political issue trust? What if they are not the same people?

Again, this is not transparency. This is a layer of obfuscation that requires specialized skills to verify. Skills that most people do not have and must rely on others to do for them.


Compare to paper ballots. Many people watch the ballot box. Many people can see, first hand, that every person only gets one ballot and that every person only puts one ballot in the ballot box. Many people watch that the ballot box is not opened until the count is ready to be made. Many people count the ballots and have to agree on the totals.

There is no filter between the auditors and the thing they are auditing. The auditors do not need any special skills, or have to rely on a third-party with special skills, to do the audit.
__________________
"There is nothing more deceptive than an obvious fact." -- Sherlock Holmes.
"It’s easier to fool people than to convince them that they have been fooled." -- Mark Twain, maybe.

Last edited by Upchurch; 15th August 2018 at 07:58 AM.
Upchurch is offline   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 15th August 2018, 08:51 AM   #382
Upchurch
Papa Funkosophy
 
Upchurch's Avatar
 
Join Date: May 2002
Location: St. Louis, MO
Posts: 31,020
Official results of the Defcon special election between George Washington and Benedict Arnold. The Dark Tangent wins in a landslide, despite not having been on the ballot. I suspect foul play...
__________________
"There is nothing more deceptive than an obvious fact." -- Sherlock Holmes.
"It’s easier to fool people than to convince them that they have been fooled." -- Mark Twain, maybe.
Upchurch is offline   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 15th August 2018, 09:11 AM   #383
Blue Mountain
Resident Skeptical Hobbit
 
Blue Mountain's Avatar
 
Join Date: Jul 2005
Location: Waging war on woo-woo in Winnipeg
Posts: 5,470
Originally Posted by Upchurch View Post
<snip>
Okay, but which ones do you trust? Which ones do the people on the other side of a political issue trust? What if they are not the same people?

Again, this is not transparency. This is a layer of obfuscation that requires specialized skills to verify. Skills that most people do not have and must rely on others to do for them.
<snip>
In my opinion this isn't much of an issue. Provided the format of the blockchain is documented and the raw chain can be downloaded, any competent programmer could write their own explorer. In the case of two explorers giving different results, a third, fourth, or fifth could be consulted. There would be explorers on GitHub and SourceForge written in half a dozen languages that anyone running Windows, Linux, BSD, or MacOS, or even browser based languages like JavaScript and WebAssembly, could download and use to explore their own downloaded copy of the blockchain.

And how would they know they got the real blockchain and not some hacked up copy? Well, that's what a blockchain is all about. The very first block would be signed with a private key held by the people running the election. The associated public key would be available for download from their web site. Once you verify the first block is the one they signed, it follows that the rest of the chain is valid as well.

But all of the above merely shows the blockchain is secure and verifiable. It has nothing to say about how the votes added to the chain were generated. This is where we get into the conundrum of anonymous vs verifiable.
__________________
The social illusion reigns to-day upon all the heaped-up ruins of the past, and to it belongs the future. The masses have never thirsted after truth. They turn aside from evidence that is not to their taste, preferring to deify error, if error seduce them. Gustav Le Bon, The Crowd, 1895 (from the French)
Canadian or living in Canada? PM me if you want an entry on the list of Canadians on the forum.
Blue Mountain is offline   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 15th August 2018, 09:21 AM   #384
Upchurch
Papa Funkosophy
 
Upchurch's Avatar
 
Join Date: May 2002
Location: St. Louis, MO
Posts: 31,020
Originally Posted by Blue Mountain View Post
In my opinion this isn't much of an issue.
I agree that blockchain is a fine storage mechanism, but it still requires more trust than paper ballots and is not as transparent.
__________________
"There is nothing more deceptive than an obvious fact." -- Sherlock Holmes.
"It’s easier to fool people than to convince them that they have been fooled." -- Mark Twain, maybe.
Upchurch is offline   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 15th August 2018, 10:25 AM   #385
Hellbound
Merchant of Doom
 
Hellbound's Avatar
 
Join Date: Sep 2002
Location: Not in Hell, but I can see it from here on a clear day...
Posts: 12,775
Just an aside, but got this in my inbox yesterday and thought of this thread. While it focuses primarily on blockchain and bitcoin, it does bring up some attack vectors aimed at the blockchain itself.

Thought I'd toss in a bit of info from the experts everyone was interested in naming.

https://www.mcafee.com/enterprise/en...s.pdf?smcid=EM
Hellbound is offline   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 15th August 2018, 10:55 AM   #386
Upchurch
Papa Funkosophy
 
Upchurch's Avatar
 
Join Date: May 2002
Location: St. Louis, MO
Posts: 31,020
Originally Posted by Hellbound View Post
That conclusion pretty much nails the problem, not just blockchain but for any networked hard or software. The question is whether the risks are worth the convenience because every system will be compromised at some time.

For national elections, the risks are very high. Too high.
__________________
"There is nothing more deceptive than an obvious fact." -- Sherlock Holmes.
"It’s easier to fool people than to convince them that they have been fooled." -- Mark Twain, maybe.
Upchurch is offline   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 15th August 2018, 11:24 AM   #387
lomiller
Philosopher
 
lomiller's Avatar
 
Join Date: Jul 2007
Posts: 9,360
Originally Posted by Blue Mountain View Post
In my opinion this isn't much of an issue. Provided the format of the blockchain is documented and the raw chain can be downloaded, any competent programmer could write their own explorer. In the case of two explorers giving different results, a third, fourth, or fifth could be consulted. There would be explorers on GitHub and SourceForge written in half a dozen languages that anyone running Windows, Linux, BSD, or MacOS, or even browser based languages like JavaScript and WebAssembly, could download and use to explore their own downloaded copy of the.
There would also be people building dozens of slightly different looking fakes all designed to show an identical fake result. This is commonplace already with web sites where you get dozens sometimes hundreds of “different” sites all created by the same company/person to create the impression you are going to multiple sources all of which show the same thing.

Of course people just limit themselves to “reputable” sites but looks what’s happened with news outlets. Along comes a candidate that calls outlets with good journalistic standards get called “fake news” while promoting outlets with a long history of dishonesty, misrepresentation and being a 24X7 political commercial and we see the sheep follow right along trusting the ones they are told to believe instead of the one they should trust.

Originally Posted by Blue Mountain View Post
And how would they know they got the real blockchain and not some hacked up copy? Well, that's what a blockchain is all about. The very first block would be signed with a private key held by the people running the election. The associated public key would be available for download from their web site. Once you verify the first block is the one they signed, it follows that the rest of the chain is valid as well.
The people running the election are often the worst offenders for trying to cheat. A truly transparent process should make it as difficult as possible for them to do so, but this is a case where the inherent security makes it as easy as possible for them to rig the election.

Even assuming the election officials are honest, the site itself can still be compromised. Even if it’s not compromised people can be sent to the wrong site, have their traffic intercepted by a man in the middle attack, have their DNS hijacked, etc, etc etc. So there are still plenty of ways to compromise the blockchain itself.
__________________
"Anything's possible, but only a few things actually happen"
lomiller is online now   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 15th August 2018, 11:58 AM   #388
jimbob
Uncritical "thinker"
 
jimbob's Avatar
 
Join Date: Jan 2007
Location: UK
Posts: 19,317
Originally Posted by lomiller View Post
There would also be people building dozens of slightly different looking fakes all designed to show an identical fake result. This is commonplace already with web sites where you get dozens sometimes hundreds of “different” sites all created by the same company/person to create the impression you are going to multiple sources all of which show the same thing.

Of course people just limit themselves to “reputable” sites but looks what’s happened with news outlets. Along comes a candidate that calls outlets with good journalistic standards get called “fake news” while promoting outlets with a long history of dishonesty, misrepresentation and being a 24X7 political commercial and we see the sheep follow right along trusting the ones they are told to believe instead of the one they should trust.


The people running the election are often the worst offenders for trying to cheat. A truly transparent process should make it as difficult as possible for them to do so, but this is a case where the inherent security makes it as easy as possible for them to rig the election.

Even assuming the election officials are honest, the site itself can still be compromised.
Even if it’s not compromised people can be sent to the wrong site, have their traffic intercepted by a man in the middle attack, have their DNS hijacked, etc, etc etc. So there are still plenty of ways to compromise the blockchain itself.
The rest is true, but the highlighted is key.

Also, how would people vote? Using their mobile phone or laptop /tablet?

What happens if Huawei puts in a backdoor to its phones once the voting system is defined? It could easily lie undetected until the correct commands are sent, instructing the phone to alter the vote before sending but giving the correct response to the phone owner.

See what Upchurch said about dubious ways used simply to get Facebook likes.
__________________
OECD healthcare spending
Expenditure on healthcare
http://www.oecd.org/els/health-systems/health-data.htm
link is 2015 data (2013 Data below):
UK 8.5% of GDP of which 83.3% is public expenditure - 7.1% of GDP is public spending
US 16.4% of GDP of which 48.2% is public expenditure - 7.9% of GDP is public spending
jimbob is online now   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 15th August 2018, 12:41 PM   #389
Upchurch
Papa Funkosophy
 
Upchurch's Avatar
 
Join Date: May 2002
Location: St. Louis, MO
Posts: 31,020
Originally Posted by jimbob View Post
See what Upchurch said about dubious ways used simply to get Facebook likes.
I dutifully went to see what Upchurch said about it and realized I left out the part that the hacked worked for at least two months before Facebook noticed anything at all.

An election would, arguably, need the hack in place for a single day.
__________________
"There is nothing more deceptive than an obvious fact." -- Sherlock Holmes.
"It’s easier to fool people than to convince them that they have been fooled." -- Mark Twain, maybe.
Upchurch is offline   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 15th August 2018, 12:42 PM   #390
lomiller
Philosopher
 
lomiller's Avatar
 
Join Date: Jul 2007
Posts: 9,360
You don’t even need to hack anything. It would be SOOO easy to sew confusion and misinformation that even if you held the election the result of the vote would be impossible to determine with everyone presenting a set of “results” that they wanted.


Imagine a scenario were Fox news Reports Republicans win in a landslide, CNN and other networks report the Democrats win but both sides offer downloads of the “real” software for evaluating the election results. Now what?
__________________
"Anything's possible, but only a few things actually happen"
lomiller is online now   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 15th August 2018, 12:48 PM   #391
Upchurch
Papa Funkosophy
 
Upchurch's Avatar
 
Join Date: May 2002
Location: St. Louis, MO
Posts: 31,020
Originally Posted by lomiller View Post
You don’t even need to hack anything. It would be SOOO easy to sew confusion and misinformation that even if you held the election the result of the vote would be impossible to determine with everyone presenting a set of “results” that they wanted.


Imagine a scenario were Fox news Reports Republicans win in a landslide, CNN and other networks report the Democrats win but both sides offer downloads of the “real” software for evaluating the election results. Now what?
Social engineering counts as a security hack, in not just my opinion.

But you know the old saying, you sew what you rip.
__________________
"There is nothing more deceptive than an obvious fact." -- Sherlock Holmes.
"It’s easier to fool people than to convince them that they have been fooled." -- Mark Twain, maybe.
Upchurch is offline   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 15th August 2018, 01:27 PM   #392
jimbob
Uncritical "thinker"
 
jimbob's Avatar
 
Join Date: Jan 2007
Location: UK
Posts: 19,317
and, certainly in my case, and I guess in the others, I have not spent much time thinking about how to break it. Nor am I any sort of computer expert.
__________________
OECD healthcare spending
Expenditure on healthcare
http://www.oecd.org/els/health-systems/health-data.htm
link is 2015 data (2013 Data below):
UK 8.5% of GDP of which 83.3% is public expenditure - 7.1% of GDP is public spending
US 16.4% of GDP of which 48.2% is public expenditure - 7.9% of GDP is public spending
jimbob is online now   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 15th August 2018, 01:39 PM   #393
jimbob
Uncritical "thinker"
 
jimbob's Avatar
 
Join Date: Jan 2007
Location: UK
Posts: 19,317
Originally Posted by Mongrel View Post
Yes, that immediately sprang to mind.

Rowhammer is something that as a non-expert I am surprised that actual exploits were demonstrated
__________________
OECD healthcare spending
Expenditure on healthcare
http://www.oecd.org/els/health-systems/health-data.htm
link is 2015 data (2013 Data below):
UK 8.5% of GDP of which 83.3% is public expenditure - 7.1% of GDP is public spending
US 16.4% of GDP of which 48.2% is public expenditure - 7.9% of GDP is public spending
jimbob is online now   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 16th August 2018, 04:47 PM   #394
Blue Mountain
Resident Skeptical Hobbit
 
Blue Mountain's Avatar
 
Join Date: Jul 2005
Location: Waging war on woo-woo in Winnipeg
Posts: 5,470
Originally Posted by lomiller View Post
<snip>
The people running the election are often the worst offenders for trying to cheat. A truly transparent process should make it as difficult as possible for them to do so, but this is a case where the inherent security makes it as easy as possible for them to rig the election.
<snip>
Excellent observation. I was assuming a mature democracy like Canada or much of Europe. In less stable democracies where the ruling party often has its fingers deep into the election machinery not even a blockchain can guarantee the honesty of the votes. I note, however, that in these unstable democracies not even the paper ballot system is immune to tampering.

Quote:
Even assuming the election officials are honest, the site itself can still be compromised. Even if it’s not compromised people can be sent to the wrong site, have their traffic intercepted by a man in the middle attack, have their DNS hijacked, etc, etc etc. So there are still plenty of ways to compromise the blockchain itself.
For someone to compromise the official key pair, the people performing the tampering would have to build their own private/public key pair (trivial) and build an entirely fake blockchain based on it (probably easy), and hack the official government web site to present their public key (should be very hard) or use one of the other tactics you described.

However, let's suppose the electoral commission foresees this problem. They generate their own key pair and widely publicise the public key. Not only is it on their web site, but also on every voter registration card in plain text and as a QR code, and on election day it's also printed in every newspaper and prominently displayed on every news web site. That should make it pretty much impossible to convincingly distribute an alternate public key and its attendant blockchain. The media would be all over it in an instant.

All this assumes, of course, that the electoral commission isn't corrupt. All bets are off if it is.
__________________
The social illusion reigns to-day upon all the heaped-up ruins of the past, and to it belongs the future. The masses have never thirsted after truth. They turn aside from evidence that is not to their taste, preferring to deify error, if error seduce them. Gustav Le Bon, The Crowd, 1895 (from the French)
Canadian or living in Canada? PM me if you want an entry on the list of Canadians on the forum.
Blue Mountain is offline   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 16th August 2018, 05:33 PM   #395
lomiller
Philosopher
 
lomiller's Avatar
 
Join Date: Jul 2007
Posts: 9,360
Originally Posted by Blue Mountain View Post
I note, however, that in these unstable democracies not even the paper ballot system is immune to tampering.
When they do it's impossible to hide it from election observers. Also why assume trying to cheat elections is confined to unstable democracies. In the US (assume it still counts as a stable democracy) all kinds of dishonest tactics like gerrymandering, voter caging and id laws are used by those in power to influence election outcomes.


Originally Posted by Blue Mountain View Post

For someone to compromise the official key pair, the people performing the tampering would have to build their own private/public key pair (trivial) and build an entirely fake blockchain based on it (probably easy), and hack the official government web site to present their public key (should be very hard) or use one of the other tactics you described.
Nah just get into the server making the ballots and create as many fake votes as are required for you guy to win. Blockchain security prevents you from identifying which votes are real so even if people figure out the cheating what can they do about it?
__________________
"Anything's possible, but only a few things actually happen"
lomiller is online now   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 20th August 2018, 06:24 AM   #396
Hellbound
Merchant of Doom
 
Hellbound's Avatar
 
Join Date: Sep 2002
Location: Not in Hell, but I can see it from here on a clear day...
Posts: 12,775
Originally Posted by Blue Mountain View Post
However, let's suppose the electoral commission foresees this problem. They generate their own key pair and widely publicise the public key. Not only is it on their web site, but also on every voter registration card in plain text and as a QR code, and on election day it's also printed in every newspaper and prominently displayed on every news web site. That should make it pretty much impossible to convincingly distribute an alternate public key and its attendant blockchain. The media would be all over it in an instant.
Except for the fact that 90% of computer users, when their browser presents them with the "There is a problem with this site's security certificate" prompt, simply go ahead and click through.

I don't care how well your technical security is; every system has a huge gaping security hole called the user

ETA: Yes, and I know this would be different (not just a browser thing), just using it to illustrate that the majority of users won't know why it's important, how to check it, nor care enough to.

Last edited by Hellbound; 20th August 2018 at 06:26 AM.
Hellbound is offline   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 20th August 2018, 06:42 AM   #397
Upchurch
Papa Funkosophy
 
Upchurch's Avatar
 
Join Date: May 2002
Location: St. Louis, MO
Posts: 31,020
Originally Posted by Hellbound View Post
Except for the fact that 90% of computer users, when their browser presents them with the "There is a problem with this site's security certificate" prompt, simply go ahead and click through.

I don't care how well your technical security is; every system has a huge gaping security hole called the user

ETA: Yes, and I know this would be different (not just a browser thing), just using it to illustrate that the majority of users won't know why it's important, how to check it, nor care enough to.
So, I have a far less sleazy web development job now than when I was pulling ad shenanigans. We have to balance security and UX all the time, largely because they tend to be mutually exclusive. Ultimately, the data we're handling is not that important, so we favor usability at the expense of security with the philosophy of, "If you want to go to all the trouble of having a lousy time, we're not going to stop you."

(Also, "Never underestimate the capability of a user to do stupid things.")

Voting way more important. IMHO, too important to open to the risks online shenanigans. If anyone doubts that controlling votes is important, I present the name "President Donald J. Trump" as Exhibit A.
__________________
"There is nothing more deceptive than an obvious fact." -- Sherlock Holmes.
"It’s easier to fool people than to convince them that they have been fooled." -- Mark Twain, maybe.
Upchurch is offline   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 20th August 2018, 08:58 AM   #398
jimbob
Uncritical "thinker"
 
jimbob's Avatar
 
Join Date: Jan 2007
Location: UK
Posts: 19,317
Originally Posted by lomiller View Post
When they do it's impossible to hide it from election observers. Also why assume trying to cheat elections is confined to unstable democracies. In the US (assume it still counts as a stable democracy) all kinds of dishonest tactics like gerrymandering, voter caging and id laws are used by those in power to influence election outcomes.




Nah just get into the server making the ballots and create as many fake votes as are required for you guy to win. Blockchain security prevents you from identifying which votes are real so even if people figure out the cheating what can they do about it?
And this is the thing. The electoral process is supposed to be seen to be fair so that the voters need minimal trust. With blockchain, you require trust in the system that sets up the votes, as well as all the other places where it has been pointed out.
__________________
OECD healthcare spending
Expenditure on healthcare
http://www.oecd.org/els/health-systems/health-data.htm
link is 2015 data (2013 Data below):
UK 8.5% of GDP of which 83.3% is public expenditure - 7.1% of GDP is public spending
US 16.4% of GDP of which 48.2% is public expenditure - 7.9% of GDP is public spending
jimbob is online now   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 20th August 2018, 12:56 PM   #399
Blue Mountain
Resident Skeptical Hobbit
 
Blue Mountain's Avatar
 
Join Date: Jul 2005
Location: Waging war on woo-woo in Winnipeg
Posts: 5,470
Originally Posted by Hellbound View Post
Except for the fact that 90% of computer users, when their browser presents them with the "There is a problem with this site's security certificate" prompt, simply go ahead and click through.

I don't care how well your technical security is; every system has a huge gaping security hole called the user
Yes, the PEBCAKWP issue.

Quote:
ETA: Yes, and I know this would be different (not just a browser thing), just using it to illustrate that the majority of users won't know why it's important, how to check it, nor care enough to.
Which is why I prefer the paper ballot system. You don't need to be a politics geek to understand it.
__________________
The social illusion reigns to-day upon all the heaped-up ruins of the past, and to it belongs the future. The masses have never thirsted after truth. They turn aside from evidence that is not to their taste, preferring to deify error, if error seduce them. Gustav Le Bon, The Crowd, 1895 (from the French)
Canadian or living in Canada? PM me if you want an entry on the list of Canadians on the forum.
Blue Mountain is offline   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Old 20th August 2018, 01:04 PM   #400
jimbob
Uncritical "thinker"
 
jimbob's Avatar
 
Join Date: Jan 2007
Location: UK
Posts: 19,317
Originally Posted by Blue Mountain View Post


Which is why I prefer the paper ballot system. You don't need to be a politics geek to understand it.
There are lots of other reasons too. We know what the attack vectors are for subverting a paper ballot, so can usually detect any significant meddling.
__________________
OECD healthcare spending
Expenditure on healthcare
http://www.oecd.org/els/health-systems/health-data.htm
link is 2015 data (2013 Data below):
UK 8.5% of GDP of which 83.3% is public expenditure - 7.1% of GDP is public spending
US 16.4% of GDP of which 48.2% is public expenditure - 7.9% of GDP is public spending
jimbob is online now   Quote this post in a PM   Nominate this post for this month's language award Copy a direct link to this post Reply With Quote Back to Top
Reply

International Skeptics Forum » General Topics » USA Politics

Bookmarks

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT -7. The time now is 08:55 AM.
Powered by vBulletin. Copyright ©2000 - 2018, Jelsoft Enterprises Ltd.

This forum began as part of the James Randi Education Foundation (JREF). However, the forum now exists as
an independent entity with no affiliation with or endorsement by the JREF, including the section in reference to "JREF" topics.

Disclaimer: Messages posted in the Forum are solely the opinion of their authors.