I have a very practical question with big political implications: Can electronic passports be used to make large-scale elections without government involvement?
I am thinking of authoritarian countries that issue modern e-passports but do not allow free elections. Can activists organize an election for all citizens of that country in some online form, asking the voters to scan their passports using their phones, so that
- only legitimate citizens (who have passports) can vote
- votes remain anonymous
- everybody can vote only once
- the whole election can be audited
> authoritarian countries that issue modern e-passports but do not allow free elections
Those tend to not issue passports (of any kind) to many citizens.
Then there's access. In America for example only half the adults in the country even have a passport, and I suspect that skews quite heavily towards one demographic. Do you think that India, Nigeria, or Russia have more equitable access?
And even if they did, what stops the state issuing extra fake passports to citizens they want to vote.
of course then there's key elements of a free election, freedom of access to the ballot paper, freedom to campaign the same as others, freedom from imprisonment because you are running against the incumbent leader, having each vote being worth the same. Many countries prevent people in jail from voting, or even people who used to be in jail. Many countries give more power to one constituency than another, almost all have some level of unequal access to campaigning.
It's not a "Free election" or "no election".
The actual casting of the vote is only part of the story.
Yes, as long as the passports implement a signing scheme, and the set of valid public keys (the electorate) can be agreed upon. If you can sign arbitrary data, then you can sign other public keys, including whatever the voting system requires.
Vitalik has a great blog post about blockchain voting.
You probably wouldn't want to use the cryptography on the passports themselves to implement the voting system. You probably want to use one of the general purpose zkSTARKs or multi-party-computation systems.
Can it be anonymous though? Ie you as a citizen can check that the outcome didn't count illegitimate votes, and that it included your vote, but can't tell who voted each way or at all.
Yes, it is possible to anonymously aggregate votes from a set of public keys, and ensure that no key has voted twice.
It's also possible to ensure that one's own vote was included in the total.
The fact that this is even possible is deeply un-intuitive as it requires some of the most sophisticated cryptography.
That's probably the greatest barrier to adoption.
When people think of electronic voting, they think about trusting a company to make machines that operate on plaintext, and require humans to guard access to the machines.
They aren't thinking about systems that are provably correct, where it is more likely for an asteroid to wipe out the country conducting the election than for the election results to be incorrect.
For the details and tradeoffs, I highly recommend Vitalik's blog.
The problem is ensuring that the set of allowed public keys you have is actually the set of allowed public keys you want.
As others in the thread have said, there's nothing stopping the government from manufacturing millions of fake passport (or even just generating millions of fake passport keys) and using them to rig the election.
For the purposes of this, I was assuming 1:1 passport to citizen and just wondering if that can be made anonymous. The real idea with an untrusted passport authority doesn't work ofc.
>You probably wouldn't want to use the cryptography on the passports themselves to implement the voting system. You probably want to use one of the general purpose zkSTARKs or multi-party-computation systems.
Even if you're using a separate key for voting, the passport key had to sign it. How do you prove legitimacy of the voting key without exposing the passport key? It's not like in blockchain where your anonymity normally comes from people just not knowing which irl person owns a pubkey. (Though I know Monero etc use homomorphic enc for anon payments)
I'm also assuming here that the govt is signing all the passport keys, cause idk how else that would work.
This seems like navel gazing. Under OP's constraints it wouldn't matter what the tally is. The authoritarian won't cede power because they lost by a cryptographically secure election. They'll either
A. Force the cryptography to be weak to provide plausible deniability
B. Issue more passports for "citizens" that "voted" for them
C. Refuse the count and just keep power
Leaders don't cede power because their citizens are angry. Especially not in authoritarian countries.
>Can activists organize an election for all citizens of that country in some online form, asking the voters to scan their passports using their phones, so that
By the point said activists reach organizational capacity to do so, they have already won and can hold the vote basically with scanning a qr code with a simple app.
>only legitimate citizens (who have passports) can vote
this makes no sense as a requirement in a situation you described.
I think once an authoritarian government is holding elections, regardless digital, analog or anything else, they can manipulate the results, there is no 100% foolproof way of holding honest elections when the top authority might not be honest.
My wife can testify that me saying "marg bar balesh" (death to pillow) every night does not mean that I want to stab my pillow to death, rather that it hurts my neck(+) when I use a soft pillow in bed.
+ Fortunately, with a new hard medical pillow I feel much better nowadays.
As a first step, I'd suggest IndieWeb applies to become a supported project under Software Freedom Conservancy (SFC). SFC provides various services to libre software projects such as fiscal sponsorship, fundraising assistance, legal advice, logistical support for conferences, etc. See
https://sfconservancy.org/projects/services/
Why do you say that a release with only stabilization brings you more users but not customers? Wouldn't the quality word-of-mouth convince more businesses to switch? And I assume they need professional support anyhow, don't they?
Another Nextcloud enthusiast and (very small) contributor here. Thank you for the awesome work you and the team do :)
I feel the same. Basically, I wouldn't like to publish the address of my personal Nextcloud server to anyone (unless I am sharing a file privately with a friend). Fortunately, the social features are not built into the Nextcloud core, rather they are in a separate app. So we can just forget about it if we don't like it.
If you're not sure about the security you can firewall it of course, but keep in mind we pay 5K to anyone who can find a remote execute vulnerability in Nextcloud (and smaller amounts for smaller bugs).
What do you mean by "not on the web"? It is accessible on the web. Everybody with a web browser can see public posts and replies. For writing new posts, you need an account though. Here is the public account of Mastodon's founder: https://mastodon.social/@Gargron
I can’t post or reply by creating a web page, and identity is not email or dns, but specific to whatever mastadon instance I register with.
I already have a domain, blog, and email. Posts, replies, likes, etc. But mastadon doesn’t work with the web, or my existing web identity - instead it’s entirely based on federated ActivityPub servers plus various extensions.
So get a blog that complies with ActivityPub or host a Pleroma instance with an account that mirrors your blogposts / posts them on the fediverse. Shouldn't be hard.
In the other hand, as a home user I like to be able to install only one base system (Nextcloud) and use it for all of my online life. This will free me up from setting up yet another system (Mastodon etc) only to host my social networking needs.
And this is implemented as a separate app, so you can dismiss it if you don't need it.
