[marcosdumay]

> but I think Brazil solved this by making sure to control the machine

It's bullshit, we don't control anything. Our voting machines are Linux computers that never survived a public auditing, so the government stopped let the public audit them.

If either China or the US decided to seriously invest into corrupting the hardware, it would be a several years long process but would actually cost less than our presidential campaigns. There are probably several ways to corrupt the machines software without anybody noticing (it a Linux PC, full of opaque firmware), that we won't know about because the details aren't public.

Without a paper confirmation that we could audit, nobody can't claim it's working. What would expect the results to be if it was compromised?

[fmobus]

As the other reply noted, there were audits by multiple entities and parties, although I agree that it would be preferable for the code to be open sourced.

I do disagree with your other points. Paper confirmation is not necessarily the only way to audit, and may in fact introduce risks of voter reidentification and coercion (voto de cabresto). The other way of auditing the machines is the parallel voting procedure, which already takes place at every election and is honestly a brilliant piece of security engineering.

For those not aware, the parallel voting procedure works as follows:

1) the day before the election (when the software has already been loaded and locked into the machines for several days), a random sample of machines is selected for the procedure

2) those machines are then removed from the polling place they would ordinarily be assigned to, and replaced with a backup machine

3) the removed machine is then installed in a different room, and booted up normally on electionday. Since it is fully offline, the machine doesn't "know" it is being used in this mode

4) this room is setup so that there are cameras pointed to the machine, and people from all observing parties (and common citizens as well) are invited to "mock vote" in this room.

5) at the end of the day, the machine is closes, its report printed, and the result is checked against the known mock votes

Pretty solid method if you ask me, and much cheaper than upgrading the entire fleet to enable printing.

[quilombodigital]

It is false your affirmation that they are not audited by public organizations.

Entities can register to see the source code in a controlled room. In 2024 for example the party União Brasil checked the code.

In 2025 during the official audit 149 entities registered to check the code and attack the machine. Universities, ONGs, political parties, etc.

Please check you facts before posting what you think

Reference: https://www.tse.jus.br/comunicacao/noticias/2025/Dezembro/te...

Some of the attacks performed: https://www.tse.jus.br/eleicoes/arquivos/relatorio-parcial-d...

One thing I agree with you. It would require another big country effort to break it.

[fmobus]

Letting "entities" audit the code in a closed room is not enough for me. The entire codebase should be open sourced publicly.

[quilombodigital]

yes, I dont see why it should not be open sourced publicly. maybe send someone with an eidetic memory to audit it. :)

[crote]

... and how do you, the voter, prove that the machine you are using to vote is indeed running the audited source code?

[quilombodigital]

thats why I said I only miss the option to verify my vote history. I dont need to know how my vote got there, I just need to verify it at the place that sums all votes.