Voting Security Discussion

Author: David ,

Topic's posts

Read-only
Posts in total: 122
  • David
    David avatar
    Debates: 78
    Forum posts: 1,173
    4
    7
    10
    David avatar
    David
    Greetings!

    This past week there was a nasty breach in voting integrity. The debate in question is here. At the last second, four votes came in. Two votes were voted bombs for Pro and two were counter-bombs for con. Needless to say, the moderator team is doing the best they can to get to the bottom of what happened and who is responsible. Here's what we definitely know so far:

    (1) Entropy/Neg Entrop are the same people
    (2) vave/veze are the same people

    There is no IP match between the two so we are certain that there are two people at play. If you have any information on what happened, please let the administrative team know immediately. 

    That being said, Mike and I have had a long conversation today. What we are thinking of is adding a few measures to ensure that new accounts can't be made to simply vote and leave. Here's what we are considering:

    (1) Require 3 debates that have at least 3 rounds, are not forfeited, and are not troll debates; OR
    (2) Require at least 500 quality forum posts; OR
    (3) Prove to the moderator team that you understand the voting process by giving us three quality RFDs plus 200 forum posts 

    I would also love to hear your thoughts on how to ensure the integrity of the voting process. 

    Another point to make, we are considering adding the following:
    (1) The ability for the moderator team to view full email addresses (currently the moderator team is not able to view email addresses); and 
    (2) The ability to view the entire IP address for accounts

    Any other feedback and suggestions would be appreciated.  

  • RationalMadman
    RationalMadman avatar
    Debates: 289
    Forum posts: 8,833
    10
    10
    11
    RationalMadman avatar
    RationalMadman
    Seeing emails won't help you. You already can see all of that and lie to us but if you are honest with yourself, you'd know it wouldn't help you at all.

    MagicAintReal has a paid VPN service, the clue is in the ISP, not the formatting of the IP numbers themselves. The ISP will be something unlike Sky, Virgin or Comcast, that when you Google the company it appears normal people can't hire it, only corporations can. Then if this is the case, he/she is either using a public library, their workplace internal internet service (some places have that if it's a highly secure company) or they are basically screwing around with you and have a VPN.

    The issue will come that users who wish to remain anonymous end up associated with wrongdoers if they share the same VPN service with a malignant troll. That is the price you pay for anonymity. In short, if they share VPN but willingly reveal the 'real' IP from time to time and communicate with you, THAT is how you split people up.

    If siblings or such want to use the site and convince you they're different people, that should be the only time this system can fail, but that's a given.
  • RationalMadman
    RationalMadman avatar
    Debates: 289
    Forum posts: 8,833
    10
    10
    11
    RationalMadman avatar
    RationalMadman
    The clue is also in the devices being the same, but it appears his is so good it even blocks that out. Is he 'using Firefox'? This may mean he's not actually using Firefox, but Tor with Firefox-skin.
  • RationalMadman
    RationalMadman avatar
    Debates: 289
    Forum posts: 8,833
    10
    10
    11
    RationalMadman avatar
    RationalMadman
    PM me for more info, I know how Anonymous was caught among alot of other things, these scum are culpable to slip-ups, they overestimate themselves frequently.
  • oromagi
    oromagi avatar
    Debates: 92
    Forum posts: 3,678
    7
    9
    11
    oromagi avatar
    oromagi
    The blatancy of votes is odd- not likely somebody who hoped to alter the outcome so much as testing the fences.

    The most obvious con is that we get few enough voters already without new restrictions.  I sort of enjoyed voting on a debate before debating.

    On the other hand, building a membership of voters improves the value and accountability of invested voters. 

    On the other stuff, I'm generally opposed to any decrease in privacy.

  • SupaDudz
    SupaDudz avatar
    Debates: 29
    Forum posts: 10,727
    5
    8
    11
    SupaDudz avatar
    SupaDudz
    --> @David
    (1) Require 3 debates that have at least 3 rounds, are not forfeited, and are not troll debates; OR
    I don't like this one. A debate takes countless hours and days to do something, and people do not have the ability to continuosly debate for that long. Some people have lives. A vote would require at most 1 hour, but a debate drags on for 10 days at least with lengthy arguments. I believe comparing debates to votes is a bad analogy
    (2) Require at least 500 quality forum posts; OR
    Define quality
    (3) Prove to the moderator team that you understand the voting process by giving us three quality RFDs plus 200 forum posts 
    This is the best option here. It shows a clear understanding of a debate and a full comprehension of what is going on in the debate. This definetly is the best option. It is an actual vote and it must have some time experience in order to level a vote. This should be instated.
    (1) The ability for the moderator team to view full email addresses (currently the moderator team is not able to view email addresses); and 
    (2) The ability to view the entire IP address for accounts
    No offense to any of y'all, but I don't trust random internet people, even if they are moderators of some sort. Especially if the site isn't "verified". This means if a mod is hacked or info of the site is breached, (which could be common due to foreignness of bsh and Mike) all my info is out there for the world to see. And what if the mod is some sort of pedo trying to get into my account(not saying you would be). I just am not comfy with that idea, especially for teens on the site

    I'd prefer email if it had to come down to that. A new email address could be made
  • RationalMadman
    RationalMadman avatar
    Debates: 289
    Forum posts: 8,833
    10
    10
    11
    RationalMadman avatar
    RationalMadman
    --> @David
    I think the 3+1 method I suggested in pm is the best to go for. yes all three must qualify as non-troll if the 3 in your 4 is 'debate'.
  • RationalMadman
    RationalMadman avatar
    Debates: 289
    Forum posts: 8,833
    10
    10
    11
    RationalMadman avatar
    RationalMadman
    there should always remain exceptions such as castin and outplayz who get to vote with being forum-mains. Exceptions being greenlighted should be a side-avenue to get voting rights.
  • RationalMadman
    RationalMadman avatar
    Debates: 289
    Forum posts: 8,833
    10
    10
    11
    RationalMadman avatar
    RationalMadman
    --> @David
    Don't enact this retroactively though. Users who've proven themselves shouldn't have to 'pass'. It's not unfair, it's rewarding loyalty.
  • Ragnar
    Ragnar avatar
    Debates: 33
    Forum posts: 1,641
    5
    8
    10
    Ragnar avatar
    Ragnar
    I suggest a multiple choice test to enable voting privileges. This could use an extremely short fake debate, to highlight certain rules...

    While more complex, the types of voting could be separated. Such as argument point only debates (or even just argument point only votes), requiring lower standard than categorical voting.
  • Castin
    Castin avatar
    Debates: 0
    Forum posts: 1,960
    2
    2
    6
    Castin avatar
    Castin
    --> @David
    (1) Require 3 debates that have at least 3 rounds, are not forfeited, and are not troll debates
    So users who like to vote but not debate would effectively be purged from the voting pool with this option?

  • David
    David avatar
    Debates: 78
    Forum posts: 1,173
    4
    7
    10
    David avatar
    David
    --> @Castin
    It's possible, which is why we might be able to do a combination of what I propose 
  • SupaDudz
    SupaDudz avatar
    Debates: 29
    Forum posts: 10,727
    5
    8
    11
    SupaDudz avatar
    SupaDudz
    i dont like the idea of a random stranger on an un official website looking @ my ip
  • bsh1
    bsh1 avatar
    Debates: 14
    Forum posts: 2,589
    5
    5
    8
    bsh1 avatar
    bsh1
    I think a simpler solution would be to do what DDO does with cell phones and manual confirmations.
  • David
    David avatar
    Debates: 78
    Forum posts: 1,173
    4
    7
    10
    David avatar
    David
    --> @bsh1
    cell phones are a bit tricky because they're expensive and easy to get around 
  • bsh1
    bsh1 avatar
    Debates: 14
    Forum posts: 2,589
    5
    5
    8
    bsh1 avatar
    bsh1
    --> @David
    See, I am just not technical, but what about 2 factor confirmation?
  • David
    David avatar
    Debates: 78
    Forum posts: 1,173
    4
    7
    10
    David avatar
    David
    --> @bsh1
    2 factor confirmation is more of a extra security for logging in. I think it's super helpful for the admins to require 2FA, but I dont think it'll solve the problem. 

  • bsh1
    bsh1 avatar
    Debates: 14
    Forum posts: 2,589
    5
    5
    8
    bsh1 avatar
    bsh1
    --> @David
    Fair enough. This will need to be MEEP'd at some point. Let's discuss it more, and we can MEEP it next week.
  • David
    David avatar
    Debates: 78
    Forum posts: 1,173
    4
    7
    10
    David avatar
    David
    --> @bsh1
    Yeah - this is just a discussion of what it should look like. We should take what we gleen from this and put it up for a MEEPs

  • Ramshutu
    Ramshutu avatar
    Debates: 42
    Forum posts: 1,725
    6
    8
    10
    Ramshutu avatar
    Ramshutu
    The main issue is here, is anyone can start up an account today, and immediately post a vote on their own debate, and it’s near impossible to definitively prove that you’re doing it.

    In addition, there are at least two accounts has that are almost certainly sock puppets that have posted multiple votes and affected the outcome of at least one debate - a conclusion based on highly suspicious activity profiles, voting patterns, and specific give aways that I don’t want mention at this time.

    I don’t think you can really stop anyone hell bent on creating a voting account, but in my view, an individual user needs to have sufficient activity on the forum, debates, or in general in order to vote. The requirements should be set to a high enough level that few people would be willing go to such lengths to pretend to be an active user in order to vote.

    I think all the limits virt mentioned are valid as a “any one of 3” case: IE, if you have any one of the three criteria you can vote.

    I do also think there is an additional minimum of at least 2 weeks before someone can vote on a debate.


  • SupaDudz
    SupaDudz avatar
    Debates: 29
    Forum posts: 10,727
    5
    8
    11
    SupaDudz avatar
    SupaDudz
    --> @Ramshutu
    A combo of 350+ forum posts and a test RFD would be very idle
  • Ramshutu
    Ramshutu avatar
    Debates: 42
    Forum posts: 1,725
    6
    8
    10
    Ramshutu avatar
    Ramshutu
    --> @SupaDudz
    Did you mean ideal?

    I don’t think a test RFD is necessary, we have mods to remove bad votes, and hopefully when enough votes are bad enough, people will have their voting rights taken away (this is already in the CoC)

    The main examples of suspicious behaviour patterns, are new sign ups not participating in the debates or forums, logging in, voting then disappearing for long stretches of time, then appearing again with minimal other activity, voting, then disappearing.

    There’s no legit voters I’m aware of that would be obviously prevented from voting imo with these.
  • SupaDudz
    SupaDudz avatar
    Debates: 29
    Forum posts: 10,727
    5
    8
    11
    SupaDudz avatar
    SupaDudz
    --> @Ramshutu
    Yea I meant that
  • SupaDudz
    SupaDudz avatar
    Debates: 29
    Forum posts: 10,727
    5
    8
    11
    SupaDudz avatar
    SupaDudz

    I don’t think a test RFD is necessary, we have mods to remove bad votes, and hopefully when enough votes are bad enough, people will have their voting rights taken away (this is already in the CoC)
    This clearly isn't sufficient enough when you look at the scenario. There needs to be a way to fully prevent something like this again. A test RFD can solve for this. Plus it will have a legit effect when you add forum. It will boost site activity
    The main examples of suspicious behaviour patterns, are new sign ups not participating in the debates or forums, logging in, voting then disappearing for long stretches of time, then appearing again with minimal other activity, voting, then disappearing.
    That isn't always obvious
    There’s no legit voters I’m aware of that would be obviously prevented from voting imo with these.
    It depends
  • DebateArt.com
    DebateArt.com avatar
    Debates: 0
    Forum posts: 1,219
    3
    3
    7
    DebateArt.com avatar
    DebateArt.com
    --> @bsh1
    I think a simpler solution would be to do what DDO does with cell phones and manual confirmations.
    I am afraid that's just beyond expensive, the prices are insane.