Hackers online & in-person were invited to attempt to:
- Vote multiple times: Not accomplished
- Change someone else's vote, without detection: Not accomplished
(Although no one successfully accomplished this, one submission got partway by identifying a weakness in one of the anti-malware defensive layers. 2 solutions now identified.)
- Destroy a vote already confirmed submitted: Not accomplished
- Learn how someone voted, without their help: One person showed impressive ways to directly install spyware on-device.
(The SIV Protocol defends against vote tampering by on-device malware, but it does not protect vote secrecy from compromised devices themselves. If an attacker controls the device, they can see everything a person does with it, including using SIV. While this was previously known and documented, the Voter Interface failed to clearly warn users.)
- Learn other personal info about voters: Not accomplished
We also tested a new mechanism to prevent vote-selling.
SIV's core philosophy: even if Darth Vader is running the election infrastructure, anyone — especially voters, but also independent observers — can verify for themselves whether an election was run fairly and correctly, or not.
The protocol is designed to achieve software independence (meaning we don't need to rely on computers to check for correct results) and allows checks against server-side fraud or malware-on-device changing votes.
boscornea · 9h ago
I am interesting in making voting easier as long as it is safe
Hackers online & in-person were invited to attempt to:
- Vote multiple times: Not accomplished
- Change someone else's vote, without detection: Not accomplished (Although no one successfully accomplished this, one submission got partway by identifying a weakness in one of the anti-malware defensive layers. 2 solutions now identified.)
- Destroy a vote already confirmed submitted: Not accomplished
- Learn how someone voted, without their help: One person showed impressive ways to directly install spyware on-device.
(The SIV Protocol defends against vote tampering by on-device malware, but it does not protect vote secrecy from compromised devices themselves. If an attacker controls the device, they can see everything a person does with it, including using SIV. While this was previously known and documented, the Voter Interface failed to clearly warn users.)
- Learn other personal info about voters: Not accomplished
We also tested a new mechanism to prevent vote-selling.
SIV's core philosophy: even if Darth Vader is running the election infrastructure, anyone — especially voters, but also independent observers — can verify for themselves whether an election was run fairly and correctly, or not.
The protocol is designed to achieve software independence (meaning we don't need to rely on computers to check for correct results) and allows checks against server-side fraud or malware-on-device changing votes.
No comments yet