Researchers from several institutes worldwide recently developed Quarks, a new, decentralized messaging network based on blockchain technology. Their proposed system could overcome the limitations of most commonly used messaging platforms, allowing users to retain control over their personal data and other information they share online.

    • interolivary@beehaw.org
      link
      fedilink
      arrow-up
      13
      ·
      edit-2
      1 year ago

      Well, not a regular blockchain: you don’t want individual votes to be public and easily linked to the person making the vote.

      Blockchains are possibly the worst way to implement voting at least in a “public” / governmental setting. You need to be able to do zero-knowledge votes, meaning that you want it to be impossible to look at a “vote transaction” and say who did the voting and who they voted for, but also know with (practically) absolute certainty that the vote was done by a valid voter and isn’t a duplicate, and then finally you want to be able to tally the votes per candidate even though you can’t look at an individual vote and say who it was for. So any sort of “classic” blockchain is almost the literal opposite of all that, with public transactions that are tied to public identities and where everyone can tell what happened. What you need is something that either allows or is based on zero knowledge proofs, but I honestly dunno if any current project can do this out of the box, haven’t kept up to date that much lately

        • interolivary@beehaw.org
          link
          fedilink
          arrow-up
          2
          ·
          edit-2
          1 year ago

          Without some sort of zk mechanism, the machines “bundling” local votes still know the votes. If you have a small district, then it may be possible to figure out who voted for who.

          Trust me, there’s been a lot of research into doing electronic voting and generally the consensus is that a “regular” blockchain would be a terrible choice.

          Personally I don’t trust electronic voting at all and think paper ballots are the way to go

            • interolivary@beehaw.org
              link
              fedilink
              arrow-up
              2
              ·
              edit-2
              1 year ago

              Yeah it seems like people are generally inclined to trust electronic voting more than paper ballots, when the reality is that the vast, vast majority of electronic voting systems are so utterly borked that it’s possible to pretty trivially change election results, often without leaving any trace of the tampering.

              The Hursti Hack is the classic example, and by no means the only one. Incidentally the person that hack’s named after, Harri Hursti, is a family friend. He caught me trying to crack passwords on his UN*X shell box (with a dictionary cracking tool, probably Crack) in the early 90’s when I was a teenage nerdlet with too much free time and not enough brains 😅

        • tombuben@beehaw.org
          link
          fedilink
          arrow-up
          1
          ·
          1 year ago

          If you need the person to walk somewhere, physically show a voter ID to someone to be let into a private area where they receive their private key in a machine for them to then vote remotely, wouldn’t it be easier just to remove the entire technology part of the equation and just make them put a piece of paper inside an envelope in that private area, so that they can then put that piece of paper into a public ballot box right after?

          Electronic voting is a bad idea in general, blockchain isn’t going to fix that.

            • tombuben@beehaw.org
              link
              fedilink
              arrow-up
              1
              ·
              1 year ago

              But you don’t want that either. This opens up a way for people to demand others to prove they voted a certain way - I.e. abusive family could force all family members to vote the same. Paper ballots shouldn’t ever be identifiable back to anyone.

    • Veraticus@lib.lgbt
      link
      fedilink
      English
      arrow-up
      9
      ·
      1 year ago

      That’s entirely what you would want a centralized database for; so you can put an authority you trust in charge of it, to ensure it’s fair and auditable.

      Using a blockchain would give a bunch of people very strong incentives to perform a 51% attack, find a flaw in the protocol and exploit it, or just bribe, threaten, or cajole the programmers who created the chain to patch it to do what they want.

      • interolivary@beehaw.org
        link
        fedilink
        arrow-up
        2
        ·
        1 year ago

        … you don’t want to use a centralized database for votes exactly for the same reasons you don’t want to use a blockchain for votes, unless you’re doing some sort of zero-knowledge stuff in the background and what gets written to the DB doesn’t allow the system operators to tell who exactly voted for who while still being able to tally the votes correctly. Even having a request increment a counter in the DB would mean it’d be possible to look at logs or traffic between the db, backend and frontend, and tell that when request X came in, candidate Y’s counter was incremented. This is why most if not all electronic vote systems right now are completely fucked and a terrible security risk, there’s way too many possible options for manipulating them. Centralizing the vote db wouldn’t fix the problem, it’d just, well, centralize it.

        • Veraticus@lib.lgbt
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          Why would you want a zero-knowledge database? You want the exact opposite: you want to be able to tie the vote to a person, which is why ballots are associated strongly to your identity and why counting physical ballots remains so important.

          • interolivary@beehaw.org
            link
            fedilink
            arrow-up
            3
            ·
            1 year ago

            The whole point with voting at least in a civic context is that your vote isn’t tied to you, ie. nobody can actually tell who you voted for; they need to know that each vote is valid but not who cast each vote. You do need to have ID (or whatever the process is in your specific country) to be able to vote, but at least here the foldable piece of paper you actually put your candidate’s number in has absolutely no identifying information on it, it just gets stamped by an election official when you go to put it in the ballot box.

      • doylio
        link
        fedilink
        arrow-up
        2
        ·
        1 year ago

        A well financed actor would find it much easier to hack a centralized database than to hack a modern blockchain

        • Veraticus@lib.lgbt
          link
          fedilink
          English
          arrow-up
          5
          ·
          1 year ago

          In what sense? There have been numerous hacks of existing blockchains even within the past few months. Also of smart contracts on those blockchains. Certainly way more than, say, bank databases.

          • doylio
            link
            fedilink
            arrow-up
            3
            ·
            1 year ago

            Not a fair comparison. Bank databases have been running since the 70s on code that has barely changed in that time. They’ve been battle tested for decades, so it’s unlikely a new exploit is going to be easy to find.

            On the other hand, if you wanted to run an election on a centralized database, think about what that means. All the votes need to go to 1 server somewhere, which will tell us all who won the election. A server that is run by an IT team who will have root access and could be phished, or bribed, or threatened. A server that only gets a real-world test once every few years.

            Users have no idea if their vote is in the database, if it’s correct, if it got counted in the final vote or not.

            Don’t get me wrong, I don’t trust the current crop of DLT tech more than the pen and paper method, but at least it’s more transparent than a centralized system

            • Veraticus@lib.lgbt
              link
              fedilink
              English
              arrow-up
              5
              ·
              1 year ago

              I don’t think running an election on a centralized database is a great idea. I do think it’s a way better idea than doing it on a blockchain, which has all the problems a centralized database and several more besides.

              • doylio
                link
                fedilink
                arrow-up
                2
                ·
                1 year ago

                I don’t think running an election on a centralized database is a great idea

                We agree something! :)

                I think you should re-evaluate your thinking on the second part. I know it’s popular to bash on blockchains here, but blockchain isn’t all ponzi schemes and libertatians, just like the internet isn’t all phishing emails and troll farms

                The research wing of the blockchain world is very interesting, at least from a nerdy, theoretical perspective

                • Veraticus@lib.lgbt
                  link
                  fedilink
                  English
                  arrow-up
                  4
                  ·
                  1 year ago

                  I dunno, I’m pretty technically versed on blockchains and I simply don’t see the use. As I said they’re vulnerable to basically everything a centralized database is, with the addition of 51% attacks, and suffer from poor usability and being monstrously inefficient on top of it. Maybe there is a mythical use for the tech out there, but if there is I haven’t heard an argument for anything that wouldn’t be better served by an actual database.

                  • doylio
                    link
                    fedilink
                    arrow-up
                    2
                    ·
                    1 year ago

                    AFAIK if you don’t trust the server and want to know exactly what code was run by it, there are only two options: a smart contract blockchain, or ZK Proofs (which came out of blockchain research)

                    It’s a social technology. It allows outsiders to validate that the election tally code was run correctly. Elections are run every day on the Ethereum blockchain often that has financial implications for the voters. It doesn’t mean they never get hacked, but it certainly gives the users more visibility and trust in their vote than a centralized black box