• Forum has been upgraded, all links, images, etc are as they were. Please see Official Announcements for more information

Proof of voting?

GrandMasterDash

GrandMasterDash

Well-known member
Masternode Owner/Operator
Is there a way for me to verify my votes? After voting it says, "Voted successfully" but there's no hash / signature I can look up.
 
Just a quick thought on this, I think its been brought up before but open ballots are seriously vulnerable to corruption, a provable vote allows bribes or publicly visible allows threats for ex.
 
Don't go around telling people you just voted... That's is the only way to trace MNs vins to individuals.
Also with moocowmoo's dashman vote script the date/hour is randomized which makes tracing by looking at forum posts impossible.
The votes need to be public, the owner of the masternodes is not unless (un)willingly telling the others about it.
 
elbereth said:
Don't go around telling people you just voted... That's is the only way to trace MNs vins to individuals.
Also with moocowmoo's dashman vote script the date/hour is randomized which makes tracing by looking at forum posts impossible.
The votes need to be public, the owner of the masternodes is not unless (un)willingly telling the others about it.
Click to expand...


That covers the extortion angle but not vote buying, its easy to prove which way you voted. The early 1900s where rife with that and there's a few interesting and well researched pieces on open ballots in the US congress and its effects, hidden ballots sound like a bad thing on the surface but they've caused a great deal of trouble over the years. I'm not saying it's something that should be addressed asap but imo anything that makes blind ballots impossible in the voting system could be dangerous later on.
 
Vote buying was a problem in it's time, before TV. The most effective way to influence an election today would be advertising. And with today's tech you can verify you vote was counted and still have it be anon.
 
IMHO there is not a good idea and it was discussed in dashwhale budget proposal comments (https://www.dashwhale.org/p/dashwhale-basic). Anybody can decide by itself what service to use for masternode monitoring. I just want to tell about another alternative at dashninja.pl. You can see all voting statistic at "budget monitoring" -> "proposal name" page.
 
GrandMasterDash
It is a good idea! During registration, you only need to enter a nickname. In the unlikely case of a hack, the only thing that could be revealed is a link between your added masternodes and your anonymous Dashwhale nickname. Evan himself is using Dashwhale. He has approved trustless voting and choose the Dashwhale platform to deliver proposal pages for his recent core team proposals.

I can assure you, the platform is quite hardened with regards to security.

Best,
Rango

Edit: typo
 
Last edited by a moderator:
elbereth said:
Don't go around telling people you just voted... That's is the only way to trace MNs vins to individuals.
Also with moocowmoo's dashman vote script the date/hour is randomized which makes tracing by looking at forum posts impossible.
The votes need to be public, the owner of the masternodes is not unless (un)willingly telling the others about it.
Click to expand...

Thanks for the mention! I hope more people find out about/use my voting script. It addresses an important information leak. ( https://github.com/moocowmoo/dashman if you don't already know.)

Unfortunately, even with the most recent voting, many mn owners are still using vote-many.
 
moocowmoo said:
Don't take this the wrong way, but I don't know how you can use the word hardened when your site is php. It's a security nightmare.
https://www.cvedetails.com/vulnerability-list/vendor_id-74/product_id-128/year-2015/PHP-PHP.html
Click to expand...

Moocowmoo, the backend we used to build Dashwhale has been taken from annother crypto project. This project was running for >= 2 years. People were able to withdraw funds using this backend. Bounties were put up to encourage people to find security issues. Since there were funds to withdraw, there was high pressure to hack the backend. Nobody succeeded so far.

No illusions, almost every website can be hacked if you put enough money on it, including DW. Given the above selection pressure, i say the Dashwhale backend is "hardened" by real world bad guys drumming at the door for quite some time.

Best,
Rango
 
rango said:
the Dashwhale backend is "hardened" by real world bad guys drumming at the door for quite some time.
Click to expand...

I only ever mentioned your frontend.

As far as the backend goes, if it doesn't encrypt data at rest, all it takes is one subpoena.
 
You must log in or register to reply here.
Back
Top