Recent comments in /f/technology

MotheroftheworldII t1_j82w05z wrote

Reply to Larry Magid: Utah bill threatens internet security for everyone - Once again, legislation masquerading under the guise of safety could erode freedom and privacy by speckz

Welcome to the Utah state legislature. My dear MIL who was born and raised in Utah always said the state legislature was composed of farmers, hicks, and rubes. Clearly we have way too many idiots in the legislature in this state. During every legislative session I am always amazed and how truly stupid so many of the bills presented are. These people have maybe the collective brain power of a box of rocks.

1

ElectricGears t1_j82u5vx wrote

Reply to comment by Vulcan_MasterRace in Texas Taxpayers Face a $100M Bill to Update Voting Machines with Equipment That Doesn’t Exist Yet by Sorin61

From a fundamental information theory standpoint, it's can't exist*. For secure voting you need to identify the voter and ensure the voter's ballot is included in the final count. The real problem is that you have to do it in a way that not even the voter can identify their ballot in the list of counted ballots. This is necessary to prevent coerced voting. The only way we can do this is by putting ultimate trust in some part of the system. The primary goal when designing voting system is to make that trusted part as small and as simple as possible. All the things you would need to do to make this is work over the internet is diametrically opposed to both those criteria.

That said, you can absolutely design a very inexpensive, easy to use, secure, computerized voting system if you wanted to. It consists of terminals powered by an Arduino, a basic LCD screen and cheap thermal printer. You can have whatever ballot layout (along with any assistive technologies) and the voter makes their selections electronically. The printer prints a voter-verifiable ballot using the same ballot that is mailed to absentee voters. It's put in the same box as the other votes. A scan and counting machine power by another Arduino counts the ballots and displays the number of votes for each candidate/measure.

Ultimate trust is placed in the code and hardware of the counting machine. While that is fairly complex, it is entirely possible to verify it's operation to a reasonable degree of certainly. If you really wanted to be sure, I could design a counting circuit out of fully viable mechanical relays. Plus you can always just hand recount or run them through machines from a different manufacture.

* Theoretically something called homomorphic encryption might be able to solve this, but we have no working implementation and it massively violates criteria number 2.

2

ADroopyMango t1_j82r8m1 wrote

Reply to comment by HanaBothWays in Millions of passwords stolen from LastPass earlier than company disclosed: Report by BasedSweet

you could also just write some down, can't hack paper

edit: seriously, think about it. why would you want to put ALL of your passwords into the hands of ONE vendor or company? it makes no sense. those services are so worthwhile to hack, it's almost certain they will be targeted. the company may even get hacked and not disclose anything about it to cover their own ass.

just think twice before trusting a random company with the keys to your life. anything you can say about how "secure" 1Password or BitWarden is was probably said about LastPass.

Hacking 1Password

Bitwarden password vaults targeted in Google ads phishing attack

−5