[polon]

I think this is covered on the page

"Successfully manipulating a poll which employs this method would require following efforts and resources:

Gaining control over a large number of devices in the target geographic region for submitting votes through those devices"

So yes, it seems like it can be defeated via a remote desktop (or any proxy in the allowed area)

[comex]

You don’t even need to gain control over a large number of devices in the region.

You just need _one_ device in the region, which can connect to the VPN or proxy service you were already using (the assumption seems to be that the attacker has a large number of IPs they can access through such a service). That device will get some added latency from going through the VPN/proxy, but because it’s physically close, the added latency will be small, probably not enough to reliably detect.

[85392_school]

If you're using a proxy, I don't think whether or not the source device is in the region changes anything. The only variance is in the time from where traffic exits the proxy to servers.

[banana_giraffe]

> Gaining control over a large number of devices in the target geographic region for submitting votes through those devices

Does AWS Lambda count as a machine for these purposes? If so, you can get a nearly infinite number of them just by cycling a config param and casting another vote.

[gavinsyancey]

I assume they'd just ban the entire AWS IP block. And similarly for other cloud providers.

[ghayes]

Couldn't the "test" add some variety of math challenge, thus making a simple proxy insufficient. Obviously, this method would add more noise to the final calculation, but if the proxy would need to forward its data to the end-user machine to perform the math, then a simple proxy in this case wouldn't be sufficient.