[i_cannot_hack]

I've read both https://docs.voteism.org/ and the Github README, and found no mention of this algorithm that prevents multiple votes from malicious actors. Except a brief mention of collecting "device id, location, ip address, etc". Could you point me to the specific section where it is explained?

Edit: After rereading your comment, I felt there might have been a miscommunication. I'm sure your server discards multiple votes from the same registered user. With "voting multiple times" I instead refer to a malicious actor masquerading as multiple distinct users by registering multiple accounts.

[votes]

When we process the data and aggregate the results on the air-gapped system we do make sure that the user vote is not counted twice. Like you pointed out this is one of the fundamental things that is super important and we were very careful when we designed the app to address this issue. We did make sure that a single individual's votes are not counted twice. It is a custom algorithm. Also, we have taken precautions during registration too.

[i_cannot_hack]

And are those precautions during counting and registration open source as well, or are they secret by necessity? I've had not had time to read the source code, if they are in there. If they are open source, could you still briefly explain the gist of the precautions here? If they are secret, can you offer any guarantees to the public that they cannot be circumvented in a way that makes any collected statistics inherently faulty?

I'm sure you've made impressive work with this app, and it surely is beyond my capabilities. But if you have created an app that presents itself as a reliable and secure system but in reality is easily gamed by malicious actors, it might actually hurt democracy instead of helping it. If the app gains any form of notoriety or popularity, it could be fed malicious votes and then be used to sow distrust towards the (real and valid) election results. In such a scenario it would just harm the democratic process. I have yet to see any indications that this is not a real possibility.

Being sure my vote is counted is only half the battle. I also need to be sure that my vote was not drowned out by countless of fake votes. One thing is not worth much without the other.

I would be more forgiving it was more clearly presented as only a prototype or proof-of-concept, but with a mission statement as grand as "VOTEism seeks to fix opinion polls" I feel it deserves more in-depth questions.

[votes]

Thanks for all the questions raised here. Really appreciate it. To answer your concerns/questions -

1. Registration part is open-source and we have taken precautions such that same user doesn't register twice from the same device using different SIMs, change of devices. 2. We have made sure that the registered device is a mobile number 3. Restriction and verification of the user registration to where the poll is being held. For example, currently VOTEism app cannot be downloaded outside of US. 4. Counting part is not open-source by design, because it is processed offline and it is a proprietary algorithm out of necessity for secrecy. 5. We want to make sure the counting of the votes happens offline to eliminate the scope for manipulation 6. Vote data is encrypted and validated with it's signature to make sure it is not tampered with. 7. We are also making sure that the keys are rotated periodically. 8. We can guarantee that the collected information statistics are accurate.

I hope we have answered your questions. Please feel free to raise your concerns. If you want to take the conversation further you can email us at hi@voteism.org

[splintercell]

The term you're looking for is 'sybil attack'.