HackerTrans
TopNewTrendsCommentsPastAskShowJobs

c-riq

no profile record

Submissions

Proof of location for online polls

ip-vote.com
111 points·by c-riq·2 tahun yang lalu·86 comments

[untitled]

9 points·by c-riq·2 tahun yang lalu·0 comments

comments

c-riq
·tahun lalu·discuss
I just released a demo here https://ip-vote.com/ui/geolocation
c-riq
·tahun lalu·discuss
For slow connections you can still make use Geo IP data (such as maxmind.com) to infer location, which should be quite reliable in most cases. You just cannot meet the stricter hardware location proof criteria based on latency. You may still submit a poll answer but it may not be included in the analyses, which require a higher degree of confidence for the location. For the objective of obtaining a hard-to-manipulate sample of popular opinion, this would only be an issue if people with slow connections give systematically different responses for a given poll. But this should then also become apparent when analysing the data and can be considered for any decisions derived from the poll.
c-riq
·tahun lalu·discuss
To get a hard to manipulate, representative sample of popular opinion it's not necessary to include everyone in the results. Only if the sub-population sharing IP's is large enough and has systematically different opinions than the people who don't share an IP, then this method would skew the results in a certain direction and may not be useful for certain polls in those regions. But it may also be possible to adjust the results, if it is known which IP's are shared and which are not.
c-riq
·tahun lalu·discuss
The idea is to make things like petitions or demonstrations easier on a global scale and to also make voting data accessible for independent analysis, where further manipulation attempts can be identified and excluded. My guess is that it's much cheaper to create 10000 fake accounts on facebook etc than to send 10000 requests from unique residential IPv4 addresses in a target country, which are also evenly distributed across Internet Service Providers and IP blocks to evade detection.
c-riq
·tahun lalu·discuss
> Is it possible to ensure that the data is not manipulated? I don't think one can place much trust in phones not being tampered with as they are frequently jailbroken. So you could supply fake GPS antenna data to the software or I believe you could in principle also put your phone in a metal box and spoof actual GPS signals into the box. Civilian GPS signals aren't encrypted, I think..
c-riq
·tahun lalu·discuss
> Why is clock skew being used here at all? You're right, it's not actually necessary to use the client clock at all. It was easier to implement it that way initially and I kept it in the description and didn't think about it again.. Thanks for pointing that out. Since all timestamps are measured, the calculations can actually also be made afterwards without using the client clock timestamps at all. However this may add a bit more noise. > not the actual nonce The nonce can only be used once so it's ok to share it afterwards.
c-riq
·2 tahun yang lalu·discuss
I tested it from my home and got a radius of about 200 km. But would be nice to get some additional validation. In any case it's not super precise but it adds more friction to manipulation and in conjunction with IP based geolocation and other things it may turn out to be useful for some parts of an online democracy.
c-riq
·2 tahun yang lalu·discuss
The goal is to easily get a representative and un-manipulated sample of popular opinion. To achieve that, it might be ok to discriminate against certain users who use connections which cannot prove their location, as long as it's not heavily skewing the results.
c-riq
·2 tahun yang lalu·discuss
That is true, the location proof is only for the hardware whose IP is used for submitting the vote request. However if remote desktop provider / cloud provider / VPN / Tor IPs are already blocked by the voting platform. Then it would require significant effort to acquire hardware in the target geographic region and equip it with a residential IP. Generally the whole setup only makes sense if IP's (or IP ranges) can only vote once per poll. Then large scale manipulations should become impractical.
c-riq
·4 tahun yang lalu·discuss