Over the past week, I have been contemplating a new system for the OSMF board election process. Today, I am publishing the Specification for OSMF Electronic Voting System 1.0, and I am seeking your feedback.
The new system is designed to address privacy, security, and various other issues I have identified with the current OpaVote system. The specification is somewhat technical, as it aims to encompass all aspects of the voting procedure and core implementation decisions.
For the less technical audience, I have created a table that highlights the benefits of the proposed solution over OpaVote.
|free and open source
|“trust us”, google-analytics tracking on the voting page, email delivery via sendgrid, external dependencies
|no external dependencies, no tracking
|verifiable, mathematically proven
|“Artificial Members” Attack
|trust OpaVote and OSMF
|One Vote Per Member
|Ballots Confidentiality (knowing the results before the deadline)
|no independent audits
Note: The “trust OSMF” is marked in yellow and not green because in the perfect electronic voting system, one wouldn’t have to trust anybody. While I have deep trust in the Foundation, when designing a resilient voting system, one must always consider the worst-case scenario.
Do you now understand why AdBlock needs to be disabled when voting on OpaVote?
I contacted OpaVote with some of my findings but received no further response.
Creating a well-designed and secure electronic voting system is a challenging task. Whenever someone claims “trust us” in the context of security, I am naturally skeptical. Unfortunately, OpaVote appears to rely solely on the “trust us” security model.
Allow me to quote the “Indisputable Results” section:
We’re an independent third-party with no stakes in your election, and we’ve built OpaVote so it can only operate like a non-biaised and uninterested referee that you and your voters can trust.
This statement provides no guarantees beyond the “trust us” model. They do not seem to address obvious risks such as bribery or the “5$ wrench attack”.
Disclaimer: Please note that this project is not affiliated with the OpenStreetMap Foundation. It’s the result of my voluntary work and personal choices.
30 posts - 13 participants
Ce sujet de discussion accompagne la publication sur https://community.openstreetmap.org/t/proposing-a-new-osmf-board-election-system/107228