Conversation

@Moon@shitposter.club @clacke@libranet.de There is one big problem that is kinda unavoidable in the current design of voting machines - secrecy of the vote.

With paper voting, you can reasonably well prevent an attacker from knowing you vote and your identity together by covering your hand while voting and using your own pen. Breaking secrecy then requires both a camera (to know who is voting) and a pressure sensitive table to detect where you laid out the paper and what you actually checked with the pen. Highly unusual, and if this were to be built, the next countermeasure would be putting the paper on your leg while voting, and not on the table (or to put a book or similar between ballot and table). Plus, a pressure sensitive table would likely look and feel very different from a normal one, so this won't be very covert.

With computer voting, however, the trust problem is much worse. Nobody can distinguish a good voting machine from one that simply streams screen content and touch positions to a remote machine, breaking any and all secrecy - and software attestation won't help in any form either as of course one could do all this on a glass plate between screen and machine to intercept.