Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Anonymous votes can be re-submitted by the same user #4693

Closed
plourenco opened this issue Nov 6, 2020 · 1 comment · Fixed by #4970
Closed

Anonymous votes can be re-submitted by the same user #4693

plourenco opened this issue Nov 6, 2020 · 1 comment · Fixed by #4970
Assignees
Projects
Milestone

Comments

@plourenco
Copy link
Member

Anonymous votes are implemented as truly anonymous, in the sense that not only the event managers can't see who has voted, but also no information related to the participants is stored.

For that reason, when a survey is created as anonymous and restricted to logged-in users, if one decides to refresh his session, he will be able to vote again. This is a complicated trade-off as the definition of anonymous means no information that can trace back to the original author.

A few alternatives

A balanced solution would be to store a list of participants that voted but without any means to match each vote to a specific author. Keeping the surveys anonymous up to a certain extent, where these risks should be acknowledged by the event managers.

Another solution would be to store them but exclude the database from the secrecy of survey answers.

A third solution would be to hash a unique participant attribute, moving the coefficient of secrecy to our secret key.

@ThiefMaster
Copy link
Member

I'd just get rid of anonymity on the database level... this feature is not meant for elections etc. anyway, and someone with server access can already correlate logs (or edit the code) to break anonymity...

@plourenco plourenco added this to the v3 milestone Nov 23, 2020
@ThiefMaster ThiefMaster added this to To do in Release 3.0 via automation Jun 24, 2021
@javfg javfg self-assigned this Jun 24, 2021
@ThiefMaster ThiefMaster moved this from To do to In progress in Release 3.0 Jun 24, 2021
@javfg javfg moved this from In progress to Awaiting review/merge in Release 3.0 Jun 30, 2021
Release 3.0 automation moved this from Awaiting review/merge to Done Jun 30, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
No open projects
Release 3.0
  
Done
Development

Successfully merging a pull request may close this issue.

4 participants