On Sun, 2003-04-13 at 12:32, J-F C. (Jefsey) Morfin wrote: > >It gives people a chance to check that their votes were probably > >interpreted correctly -- at least on the front-end. > >If the code becomes available for download, programmers can verify the > >back-end. > > This is the problem. This permits the Members to know they voted and that > they are not forgot. But it gives absolutely no warranty about what is > hapening on the server (manager adding votes) and additional "virtual voters". There's no reason why a few people cannot keep an eye on the server. Sure, it's not foolproof by any means, but if several people can "tail -f" the logs and check the md5sums of the programs as voting is happening, that would be helpful. > >It doesn't help with fraudulent additional accounts per person -- but I > >think we're all in agreement that that's too difficult to prevent at > >this point. > > No. This is the basis of the simplest system I propose. The only > control against fraudluent additional is a published list of the voters > IDs that can be checked by everyone. That still doesn't help, Jefsey. If I impersonate 12 different people, there's still no way to prove it. There are hints at detection: the Received: email headers might point out a single IP. Apache logs IPs. But I could always impersonate each person saying we were on a community access point behind an IP. Or disconnect/reconnect to get different IPs every time. Or use a tricky SMTP and/or SSL set-up to hide my origin. -s
Attachment:
signature.asc
Description: This is a digitally signed message part