[badsock]

People in this thread are assuming we can just solve the security issue if we try hard enough. We can't. It would mean securing every single voter's computer, and that's preposterous.

There is no consensus algorithm or blockchain that will work if the voter's computer or phone is compromised. To name just one avenue of attack: if you have control of the video output then you can swap the name of two candidates. That's all it takes. You figure out which candidate is most likely to win in several key ridings/districts, and then on all of the computers that you've infected with your virus you swap their name with the the candidate you'd like to win. The voting software would never know, the voter would never know. Any confirmation step, like printing out a receipt, can be similarly be trivially defeated.

Whoever is in control of that virus - be it a fanatic, foreign government, or corporation - can now decide an election.

The only way around this is to have a 100% secure device dedicated to noting but voting that you mail out to each voter. Even if you could build such a thing (which is likely impossible considering that the efforts of hundreds of thousands of people across many countries go into making a device - hardware and software), that's far more expensive and awkward than a mail-in ballot.

I'm not exaggerating when I say that online voting would be the end of democracy. For any definition of practical, it cannot be secured. If it cannot be secured, it is not democracy.

[alexandercrohde]

Those statements are too strong for the evidence you provide.

A trivial solution would be when you vote online you get texted a confirmation. If you don't respond to the confirmation you get a call. The confirmation gives you a candidate you voted for and a blockchain signature and an opportunity to report error.

[badsock]

Voting is secret, so your solution as described wouldn't work, but say you used a one-way hash to verify the vote.

It still wouldn't work in the case of someone voting from a compromised phone, because the confirmation can easily be altered.

So now you've got a system where you need to be in front of two separate devices in order to vote, which I find unlikely to be accepted as a solution because of the inconvenience. And even then, it just means that you need two different viruses. Or find an exploitable flaw in the confirmation system. If you've got control over the machinery (including people) that's running the algorithm, the game is over.

My evidence is that there's never been a widely used system that hasn't been compromised: military installations, nuclear power stations, ATMs, gambling machines.

How could you possibly expect voting to be more secure than all of that, considering that in the above examples they had complete control over the network and the devices, and were hugely motivated and well funded in their security efforts.

Voting is too important to be handed over to a group of people who say "trust us, this time we figured it out". And to take that huge risk for what, just to avoid paper ballots?