[malgorithms]

I'd be curious if people on HN would want a zero knowledge survey and voting system inside Keybase, and if so, what would it look like?

The background: we talk about it sometimes as a solution to a real problem: in certain teams and workplaces, people can be afraid to give honest feedback (who dares to submit an "anonymous" survey to HR?), but Keybase may be in a unique position to let people in a group give written feedback, vote on something important, or rate an experience. Without any risk of exposing identity, short of writing something identifiable in a text field.

I'd be curious, personally, to see management get a yearly vote of [no] confidence, for example. Is that crazy?

Keep in mind we are mostly focused right now on user experience and performance improvements. But we allocate a certain amount of time to cryptographic features that just aren't possible in other software, such as this coin flip thing. We've been talking about voting and surveys, too.

[betterunix2]

OT: One of the things I find interesting is that "zero knowledge" has become a buzzword. On the one hand it is frustrating, because when cryptographers say "zero knowledge" we mean something very specific and rigorously defined (a survey protocol cannot be zero knowledge because the results of a survey do reveal something about the respondents' inputs). On the other hand, the fact that non-experts are comfortable with the idea of using an interactive protocol to securely compute functions means there is one less mental hurdle to deal with when trying to deploy these technologies.

[maxtaco]

From the anonize paper [1]: “Our system is constructed in two steps. We first provide an abstract implementation of secure ad-hoc surveys from generic primitives, such as commitment schemes, signatures schemes, pseudo-random functions (PRF) and generic non-interactive zero-knowledge (NIZK) arguments for NP.”

[1] https://eprint.iacr.org/2015/681.pdf

[splintercell]

Thank you, I had a client say that they are providing zero knowledge authentication system which didn't mean that you can prove that you're logged in, but without revealing your username (or something like that), but simply that you can login using public/private key.

[i2shar]

This is absolutely very useful. Definitely within a specific team or company, but generally anywhere, especially when combined with Keybase's proven identities feature. I can imagine a "Vote with Keybase" button ubiquitous on the internet wherever they want to conduct surveys.

[dougk16]

I made something that sounds similar to the kinds of ideas you're throwing out: https://aytwit.com/thoughter

You can read the basic protocol here: https://aytwit.com/about#technical_details__thoughter_gist

It would be cool to see something like that in Keybase. Feel free to steal the idea. :)

[tosh]

I think this is a great idea.

Further: it will remove the friction of doing anonymous surveys. I would do them way more often for various things (similar to the coin flips) if they were easy to do.

[dmitriid]

Hiw do you make sure that anonymous votes are coming from employees and from some third-party?

[jstanley]

A ring signature would do. You can be sure that the signature came from one of a set of public keys, without knowing which particular private key was used.

[maxtaco]

We are still very early stages here, but we really like the Anonize system (https://eprint.iacr.org/2015/681.pdf)

[opnitro]

I worry this ends up being a technical solution to what is ultimately a social problem. If the problem is that people feel threatened submitted feedback at their workplace, the issue is the structure of the workplace.

[darawk]

Yes, but it's possible for these structural problems to be invisible to the people who could change them, precisely because of the structure that's setup. There are definitely cases where the structure is there on purpose to create this sort of environment...and this won't do anything to fix those. But there are also cases where people are afraid to give honest feedback, but if they were able to do so in an anonymous way, management would either be pressured to, or would want to make a change.

[pshc]

That’s a fair point, but even if workplace norms are sane, the technical solution additionally protects against (say) a rogue IT admin gathering info in secret, or against future policy changes.

[exolymph]

Eh, not if it's cryptographically impossible (barring a zero-day vuln) for the higher-ups to trace back who submitted what.

[chrisdone]

What a coincidence, slightly!

I recently registered keybase.vote for a related web app idea. Rather than anonymous voting, rather, I wanted the opposite: authenticity in voting, polls, surveys, etc. A common problem in surveys is verifying that the respondents are real and from people you trust. Within small communities, you would have a large enough web of trust that you could rely on who you are following to determine who you individually pay attention to from the result set.

So my idea was simply to have the survey/poll generate a text field of all the Q/A in a JSON body, kinda like the proofs of keybase, and then have the user copy/paste it and sign it on keybase and then submit their response.

I would have the whole result set downloadable in raw format that anyone could easily verify with keybase commandline tools. But I’d also employ the web of trust created by following on keybase.

I thought I’d try it out and see if works. I like the idea of Keybase being a general way to authenticate without needing any elaborate login process or email acccount.

[patcon]

imho the more interesting cryptopgraphic proof would be proof of address or bounding box. I feel that if you allowed third-parties to pay you for supporting a validation of locality via cryptographic features sent in postcard, then the rails would come off what was possible with digital systems. Knowing location will be increasingly powerful imho. Our opinions count most in a local spaces, at least with city-building. And I feel that third parties would be willing to fund the main cost of postage, if it allowed them to be assured of certain geographic bounds of users.

In order to cheat that system, people would need to engage in mail fraud or buy a PO box.

Related: https://github.com/patcon/can-ereg-api#unofficial-national-d...

Happy to discuss, chris. Sidewalk Labs is setting up camp in Toronto, and I was speaking about the above at a local event, and they were really interested in the concept. I had a call with their head of identity, but was disappointed that he couldn't say anything of substance on _why_ it was relevant to SL efforts, at least not without my signing an NDA. As a community organizer in the civic tech scene, I had no interest in that. More secrecy in the smart city / open gov sector :/ blech

[616c]

I would love this idea. Do you want me to get feedback from my team? Can I ping you ... On Keybase?