I already mentioned that online voting is dangerous, hence this is apropos. The best way to deal with compromisability long-term is to issue paying, voting ZS members a smartcard (and probably a matching reader, probably USB). The user then generates a secret onboard, and submits the fingerprint out of band (i.e. not via his computer) so that it can be validated. This can be combined with the CAcert way of doing things. While smartcard secrets are extractable/cloneable in principle, this attack is very expensive for decent hardware designs, and doesn't scale. Before, things like surveymonkey and liquid feedback can be only used to gauge public sentiment, not being tools trusted enough to result in actual vote-taking, or even reflect accurate sentiments. All voting for persons should not be electronic, until a useful system is established. Distributed P2P data structures, very similiar to the BitCoin blockchain can act as tamper-proof public ledgers. There are ways to upgrade these to anonymous, traceable and recept-free votes. Such doesn't work for the general public, but should work for ZS, given we have the talent to get it implemented and reviewed. ----- Forwarded message from Rich Kulawiec <rsk@gsp.org> -----