Dinu Gherman wrote: > "M.-A. Lemburg" <[email protected]>: > >> The PSF had a look at this system and consensus was that it has >> too many problems to be of good use. > > I'm not related to Helios Voting in any way, but sorry - the > above statement is too short and mysterious to be of any real > help in this process to me, unless you elaborate on it.
It's just a very short summary of a rather extensive test done by various PSF members when the same question came up some weeks ago. There were issues with the browser requirements (Java and JavaScript), people got errors, could vote multiple times (at least it appeared that way), etc. I can't copy the other responses from the PSF list, but here's my summary: """ ..., the system doesn't really come with the warm fluffy feeling factor: * It doesn't use HTTPS - which I'd expect as basic security feature of such a voting system. * It sends out passwords in clear and by email - so anyone with access to those emails can vote on behalf of the intended recipient. These two misfeatures make the whole thing as secure as standard email, so we might as well use that for voting. I haven't done much research on the system, but it's not really obvious what gets encrypted, how that works, where the encryption happens, where the keys are stored, where the votes are stored. Also, at least in my browser, the verification process doesn't appear to work, so the advertised auditing process is not available. Peeking at their FAQ (http://v1.heliosvoting.org/faq) tells me that they are using Google AppEngine for managing the votes. I don't think that cloud computing is particularly well suited for privacy sensitive tasks. Fortunately, they are working on a stand-alone version. OTOH, with email I can at least search the mailing list archives for votes and use GPG to check whether I signed the message (should I ever wonder why some message made it to the archives). I also know where the keys are stored, how encryption works and can even check whether voting emails of others are valid or not (based on their signatures). """ -- Marc-Andre Lemburg eGenix.com Professional Python Services directly from the Source (#1, Oct 22 2009) >>> Python/Zope Consulting and Support ... http://www.egenix.com/ >>> mxODBC.Zope.Database.Adapter ... http://zope.egenix.com/ >>> mxODBC, mxDateTime, mxTextTools ... http://python.egenix.com/ ________________________________________________________________________ ::: Try our new mxODBC.Connect Python Database Interface for free ! :::: eGenix.com Software, Skills and Services GmbH Pastor-Loeh-Str.48 D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg Registered at Amtsgericht Duesseldorf: HRB 46611 http://www.egenix.com/company/contact/ _______________________________________________ Europython-improve mailing list [email protected] http://mail.python.org/mailman/listinfo/europython-improve
