Page MenuHomePhabricator
Create Task
Maniphest T267482

Add a "release votes" feature for SecurePoll vote dumps
Closed, ResolvedPublic
Actions

Description

For many elections, there is a grace period between the end of voting period and the official tally of the results. In this period, election admins/executives will review votes and strike those there were cast in a disallowed way (for example, using a sock, or someone who lost their eligibility, or in the case of fawiki elections, when the vote is case through a proxy or VPN).

The problem is SecurePoll's dump feature is immediately available upon the completion of the voting period. This means people can download the votes (before striking of invalid votes happens) and run a tally on their own. This can be misused to publish unofficial results, challenge the real results and ... I guess today we especially understand how harmful it can be to have mixed messages about the outcome of an election.

There is a second issue with this too: if dumps are publicly available, and then a vote is struck, downloading the dump again and comparing it with the last dump will show the exact contents of that vote (currently, this issue only applies to elections that are not encrypted, but once we implement T145695 this will apply to every election).

Therefore, we should add a feature to SecurePoll that allows controlling when dumps are available. This could be date-based (a prespecified "release date") or a toggle that can be flipped by election admins (but for a toggle solution, T133369 needs to be fixed first).

Details

Related Changes in Gerrit:
SubjectRepoBranchLines +/-
Disallow access to vote dumps until after results are talliedmediawiki/extensions/SecurePollmaster+486 -11
Customize query in gerrit

Related Objects
Search...

Event Timeline

Huji created this task.Nov 7 2020, 6:51 PM
Restricted Application added a project: Platform Engineering. · View Herald TranscriptNov 7 2020, 6:51 PM
Restricted Application added a subscriber: Aklapper. · View Herald Transcript
Huji added a parent task: T145653: Overhaul the poll creation page.Nov 7 2020, 6:51 PM
Huji updated the task description. (Show Details)
DannyS712 subscribed.Nov 7 2020, 7:27 PM
Peachey88 renamed this task from Add a "release votes" feature for SecurePoll to Add a "release votes" feature for SecurePoll vote dumps.Nov 8 2020, 6:57 AM
AMooney triaged this task as Medium priority.Nov 10 2020, 9:10 PM
AMooney moved this task from Inbox to Feature Requests to Review on the Platform Engineering board.
jrbs raised the priority of this task from Medium to High.Sep 23 2022, 10:34 PM
jrbs moved this task from Backlog to Evaluated on the MediaWiki-extensions-SecurePoll board.
jrbs subscribed.Jan 10 2023, 3:36 PM

Evaluation:

Medium dificulty. Could be solved by a dedicated DB field and an admin exclusive UI to "enable dumping". Or just be bound to the "tally state". So only if tally is completed dumps are available

jrbs moved this task from Evaluated to Ready for development on the MediaWiki-extensions-SecurePoll board.Feb 5 2023, 12:48 AM
Harej subscribed.Feb 1 2024, 4:16 AM
Amdrel changed the task status from Open to In Progress.Feb 3 2025, 11:53 PM
Amdrel claimed this task.
Restricted Application added a project: Trust and Safety Product Team. · View Herald TranscriptFeb 3 2025, 11:53 PM
Amdrel added a comment.EditedFeb 4 2025, 12:44 AM

Implementing a toggle for public access to the dump on the edit page would not work because elections cannot be edited once they are finished. I do think a release date field makes sense, and so does doing it based on the tally date. Either of those solutions would not require us to change the current edit page locking behavior.

gerritbot added a comment.Feb 4 2025, 7:09 PM

Change #1117239 had a related patch set uploaded (by Amdrel; author: Amdrel):

[mediawiki/extensions/SecurePoll@master] Disallow access to vote dumps until after results are tallied

https://gerrit.wikimedia.org/r/1117239

gerritbot added a project: Patch-For-Review.Feb 4 2025, 7:09 PM
Amdrel moved this task from Ready for development to Actively working on the MediaWiki-extensions-SecurePoll board.Feb 4 2025, 7:14 PM
gerritbot added a comment.Feb 7 2025, 7:33 PM

Change #1117239 merged by jenkins-bot:

[mediawiki/extensions/SecurePoll@master] Disallow access to vote dumps until after results are tallied

https://gerrit.wikimedia.org/r/1117239

ReleaseTaggerBot added a project: MW-1.44-notes (1.44.0-wmf.16; 2025-02-11).Feb 7 2025, 8:00 PM
Maintenance_bot removed a project: Patch-For-Review.Feb 7 2025, 8:30 PM
Pppery subscribed.Apr 30 2025, 5:45 PM

Anything left to do here

mszabo closed this task as Resolved.May 1 2025, 9:27 PM
mszabo moved this task from Actively working to Done on the MediaWiki-extensions-SecurePoll board.
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits