Post · bonfire.cafe

@strypey@mastodon.nzoss.nz · 4 months ago

Thanks to the #NoScript plugin I use in my browsers, I just noticed that scripts from at least 2 Goggle domains and at least 1 Cloudflare domain (see screenshots) are being served to people visiting the official enrol to vote website;

https://vote.nz/enrolling/enrol-or-update/enrol-or-update-online/

In the context of the united front formed with the Orange Stalin regime by SillyCon Valley, I find this profoundly disturbing. Official websites should not be serving third-party scripts, especially from known #DataFarmers.

#elections

Screenshot of NoScript showing the primary domain vote.nz, and third-party domain cloudflareinsights.com

Screenshot of NoScript showing the primary domain vote.nz, and third-party domains googletagmanager.com and gstatic.com

Strypey

@strypey@mastodon.nzoss.nz replied · 4 months ago

Me:
> Official websites should not be serving third-party scripts, especially from known DataFarmers

*Especially* website that have anything to do with elections.

I first started to see that US democracy was dying when they started using digital voting machines. Whose hardware and software were proprietary and couldn't be independently audited. I can't think of many better examples of why software freedom and open technical standards matter.

(1/3)

#elections

Strypey

@strypey@mastodon.nzoss.nz replied · 4 months ago

It's probably not possible to secure digital elections for legislatures.

They happen only every few years, effectively handing over full dictatorial power over a whole country until the next one. This is a *very* juicy target, for both corporate and state level actors, from anywhere in the world.

The attacker always has the advantage in digital security, because they can focus on one attack at a time and it only has to work once. Defenders have to secure everything, and win every time.

(2/3)

mkj

@mkj@social.mkj.earth replied · 4 months ago

@strypey Voting is special in that there are two *independent* things that matter roughly equally.

1) the result has to be correct. Any errors must not be systemic.

2) the general population has to *trust* the result to be correct and represent the voters' actual wishes.

If the organizer fails at either, the vote loses its legitimacy.

Voting by pen-marked paper ballot in individual booths may seem old and quaint but virtually *everyone* can understand the process. Digital voting not so much!

mkj

@mkj@social.mkj.earth replied · 4 months ago

Now, there are plenty of details if one drills down into those two points. For example, "the result has to be correct" carries a lot of weight. That includes ensuring only eligible voters can vote, that no voter can vote more than once, that each ballot counted corresponds to a vote, etc. Similarly, that the result represent the voters' wishes includes things like there must not be opportunities for making someone vote in any particular way.

While maintaining things like vote secrecy.

@strypey

Strypey

@strypey@mastodon.nzoss.nz replied · 4 months ago

If we are lucky and diligent enough to achieve digital democracy, it almost certainly won't look anything like 18th century nation-state liberal democracy.

It will probably involve radical devolution of decision-making power, so that there are a multitude of polling processes to attack. Almost none of them high stakes enough to justify the effort of anyone but script kiddies, who are much easier to defend against. Failure in a particular case has much lower stakes and is more reversible.

(3/3)

Mr Salteena is not quite a gentleman

@stephen@microbe.vital.org.nz replied · 4 months ago

@strypey as one who has tried to persuade public sector clients to use locally used analytics - Matomo for example is more than adequate and easy to run up and host - they don't care. They should, but they don't.

bonfire.cafe

A space for Bonfire maintainers and contributors to communicate

bonfire.cafe: About · Code of conduct · Privacy · Users · Instances

Bonfire social · 1.0.1-alpha.8 no JS en

Automatic federation enabled