[jawiggins]

> Latency-based geolocation can help protect poll integrity by:

> Detecting when poll responses originate from outside the intended geographic region > Identifying attempts to manipulate polls through elevated VPN/proxy usage

Unless the user also needs to complete a reaction-time test, couldn't this be defeated by using a remote desktop connection to a machine that is physically located in the other geography?

It just shifts which functions need to run on the proxy, from network routing to the browser itself.

[polon]

I think this is covered on the page

"Successfully manipulating a poll which employs this method would require following efforts and resources:

Gaining control over a large number of devices in the target geographic region for submitting votes through those devices"

So yes, it seems like it can be defeated via a remote desktop (or any proxy in the allowed area)

[comex]

You don’t even need to gain control over a large number of devices in the region.

You just need _one_ device in the region, which can connect to the VPN or proxy service you were already using (the assumption seems to be that the attacker has a large number of IPs they can access through such a service). That device will get some added latency from going through the VPN/proxy, but because it’s physically close, the added latency will be small, probably not enough to reliably detect.

[85392_school]

If you're using a proxy, I don't think whether or not the source device is in the region changes anything. The only variance is in the time from where traffic exits the proxy to servers.

[banana_giraffe]

> Gaining control over a large number of devices in the target geographic region for submitting votes through those devices

Does AWS Lambda count as a machine for these purposes? If so, you can get a nearly infinite number of them just by cycling a config param and casting another vote.

[gavinsyancey]

I assume they'd just ban the entire AWS IP block. And similarly for other cloud providers.

[ghayes]

Couldn't the "test" add some variety of math challenge, thus making a simple proxy insufficient. Obviously, this method would add more noise to the final calculation, but if the proxy would need to forward its data to the end-user machine to perform the math, then a simple proxy in this case wouldn't be sufficient.

[dheera]

Yes, and also, I'd argue that anonymizing your location is a sacred feature of the internet that anytime someone builds a better mousetrap we WILL build a better mouse. The internet is not a place where requiring proof of location is welcome.

For online polls, it should never be necessary, either: My rights to vote somewhere should depend only on my membership status to that somewhere, and not my current physical location.

[Larrikin]

This is similar to the argument the failed experiment 4Chan showed the internet. Being fully anonymous, the best arguments don't rise to the top, bad actors lie and lie and when confronted with their lies, they just pretend to be someone else and lie some more. All completely anonymous online polls are effectively useless. It's nice to have some research in helping them be a little less useless.

[dheera]

Anonymity should still be a choice. Especially location anonymity.

While I don't mind 7 billion people knowing what I intentionally said publicly, I don't want 7 billion people knowing where I sleep or where I am at this exact moment.

[frotty]

I'd love to see your documentation on where it was ever claimed that 4chan was an experiment in anonymity creating a usable filter for quality?

Completely anonymous online polls are impossible, I'm thinking the goal is to have effectively non-publicly identifiable polling with the ability to disallow double voting. Seems absolutely trivial if Every Relevant Citizen was set up with their own API / digi-thumbprint.

[Larrikin]

It was one of the main selling points of 2chan and 4chan 20 years ago. I'm sure Moot is on record somewhere discussing it.

[TrainedMonkey]

Only a small subset of the IPs has proxies on them, so it would be detectable if a disproportionate amount of traffic is coming from them.

[jagged-chisel]

My state lottery app doesn’t let you play outside the state. It detects screen sharing and VPN configuration and refuses to run if it sees these things.

Depending on the importance of the poll, one could definitely apply these other requirements.

[frotty]

well yeah, that's against the point of "anonymity" ... you are feeding the app all the data it needs to fence you in.

By this logic every government gives a uniquely IDable device to its citizenry for engaging polls.

Besides ... if it was "important enough" to break, getting around geofencing etc. is a trivial/already solved part of this.

[c-riq]

That is true, the location proof is only for the hardware whose IP is used for submitting the vote request. However if remote desktop provider / cloud provider / VPN / Tor IPs are already blocked by the voting platform. Then it would require significant effort to acquire hardware in the target geographic region and equip it with a residential IP. Generally the whole setup only makes sense if IP's (or IP ranges) can only vote once per poll. Then large scale manipulations should become impractical.

[nine_k]

You are describing an ideal use case for a botnet of compromised home computers. Should command a much higher premium than sending spam.

[DeepYogurt]

For a motivated attacker its not that hard to add a few thousand raspberry pis to a residential internet network in most countries. Its really a quite practical attack when the stakes are governmental control.

[myself248]

Or just compromise an entire ISP full of routers...

[j16sdiz]

or just sell ISP the routers you made.

[kvdveer]

No need for lots compromised devices. Just a single device (probably doesn't need to be compromised) in IPv4 behind carrier grade NAT is typically enough to vary your IP, or plausibly reuse an IP.