>Where I live we vote by mail by filling in little bubbles with a pen.

>It is very economical and hard to compromise at a scale that has any effect.

Vote-by-mail creates unnecessary opportunities for cheating, irregularities, and all sorts of foolishness. If you can fill in the bubbles, you could theoretically fill them in for other people. People living with parents suffering from dementia could fill out their ballots without them knowing and vote multiple times. You don't even need a valid signature; states allow witnesses to vouch. Ballot boxes get vandalized. Ballot harvesting is rampant. There's so many problems. It's for the same reason universities don't allow take-home exams.

Vote-by-mail states are open targets for mockery (and rightfully so) as it routinely takes days or weeks to count all the ballots and declare a winner. Third-world backwaters can do it in the same night. This is a solved problem.

Whenever vote-by-mail is criticized, people get really upset. How do you think the other states do it? The argument about not being able to take off on election day doesn't hold water. Most states allow early voting for weeks. If you can find time to visit a post office or ballot box, you can certainly go to the library or a church basement for the 5 minutes it takes to fill in the bubbles, stick it in the machine and you absolutely know it's counted. And results will be available election night.

> Where I live we vote by mail

The problem with this, like internet voting, is that you can be coerced.

e.g. a family member or your boss can tell you who to vote for and force you to submit that vote.

Whereas a polling both is utterly private; you are alone and free from coercion. Nobody else knows who you voted for and they have no way of telling.

In the UK, our voting is also done by paper and pencil. The votes are counted overnight by humans (with plenty of checks, independent oversight and rights of recounting) with the result typically declared the next day.

Its secure, and it just works.

There are some really clever systems that let you prove that you voted without leaking how you voted.

Unfortunately, explaining them to Joe Q. Public in such a way that he's going to trust your election is a very tough sell, whereas counting paper is a much easier process to explain.

And that's before you begin worrying that the developer of your whizz-bang mathematically-provable voting system is a) going to win the bid to build it for the government, b) implements it correctly, and c) isn't subverted while doing so.

Proving that you voted is different than proving you voted for a specific candidate.

In fact, the one isn't nearly as big of a privacy concern (if any at all). I wouldn't be surprised if someone told me the former could be done with some XOR scheme, but proving that both you voted and your vote counted for a specific candidate while keeping that a secret is a much more difficult task

As soon as a system gives you a receipt, a cryptographic proof, or even a reliable way to re-verify later, you've created something that can usually be repurposed as evidence for a third party

Australia has very strict laws about who can be near a polling place, and certainly nobody can be inside other than the few certified officials running the show.

Guy with sledgehammer is at least a block waylay, and everyone knows that everyone votes, by law.

By that logic we have to get rid of mail-in voting as well because there could always be a sledgehammer guy standing next to someone in their own home.

Such a weird argument. I've never met anybody with a sledgehammer threatening votes. Feels like a willfully absurd excuse to avoid having an audit trail in elections.

And yet the people keep voting for some of the strictest internet surveillance laws in the world.

"The laws of mathematics are very commendable, but the only law that applies in Australia is the law of Australia" said a politician asked about his policy of making encryption illegal.

Very. Every voter is guaranteed a booth nearby (<2km away from registered address). Including a monk who gets his own polling booth because he lives so far from everyone and everything else. https://www.aljazeera.com/gallery/2024/5/8/an-election-booth...

Also https://www.reuters.com/world/india/family-remote-himalayas-...

> It sounds like their Election Commission takes their job very seriously.

A key part of India's system is the Elector's Photo Identity Card (EPIC), required to cast ballots. Similar obligations are present wherever election integrity is taken seriously.

Maybe, but the election ink stuff feels a bit overboard.

Yes, and the reasons are outlined by the Australian Electoral Commission, the independent body that runs Australian elections (see the first FAQ)[0].

There are scrutineers that watch counting happen at the booth once polls close, and who also see and hear the numbers get phoned into HQ. HQ has more scrutineers from all parties checking both postal votes and recounts.

If anything doesn't match up it gets flagged. I think that the ability of every party to watch votes themselves means that trust is increased, and they have skin in the game (if they didn't object at the booth why not!?).

Pen markings are perfectly valid however, so you can bring a pen to the booth to vote with if you'd like to do so.

It's also true of course that erasers don't quite erase pencil. It would be fairly obvious that the paper was tampered with.

[0]: https://www.aec.gov.au/faqs/polling-place.htm

If you're worried about someone taking away your vote by erasing your pencil marking, then you should be equally/more worried about someone spoiling your ballot by voting twice on the same ballot, thereby invalidating it. You just need to trust that the people handling your ballot won't do that.

It's pencil in Canada too. Pencil works. Ink pens stop working, and are far more expensive than pencil in bulk. Voting is old. Using fountain pens, and quills to vote, is far more annoying than pencil when it just works.

The mark of vote being indelible or not is irrelevant. The monitoring and protection of the ballots is far more important. For example, representatives of all political parties are involved in the count, oversight by an agency, etc. If you had time to erase and re-mark ballots, you could swap out paper ballets too.

The problem is that disappearing ink is a thing, and someone could swap out the source of ink (pen, stamp pad) in the voting booth.

Erasing is indeed a possibility with pencil markings, but this can only happen during the counting process - which should be open to anyone to audit, and anyone messing around with an eraser during the counting process would stand out like a sore thumb.

Someone needs to gain physical access to the ballot after voting in order to erase it. If they can do that they can just as well make it invalid using a pen, or they can just tear it up.

On the other hand, disappearing ink has been around for a long time.

>All these positions are presented without evidence.

What evidence do you need that making it more difficult to vote will result in fewer people voting? Isn't it common sense?

There's plenty of evidence of voter suppression in the US.

https://en.wikipedia.org/wiki/Voter_suppression_in_the_Unite...

Which country doesn't count spoiled or blank votes? And the whole "cancel the election and find new candidates" is pretty pointless when anyone can start a political party of their own and participate in the election.

> Then my refusal to vote should be counted.

Then spoil your paper.

Spoiling your paper shows that you got off your arse and voted to say "I don't want any of these people". (See the number of spoilt votes in the UK Police and Crime Commissioner elections for a prime example of this; many in the UK disagreed with politicising the police and spoilt their papers in protest)

By simply not voting, the assumption is you are either lazy or simply don't care...... And as a result, the politicians will not care either.

You can pay the fine or spoil your paper. If significant numbers do this, it will be reported publicly.

As it is though, people tend to vote for one of the parties on offer, of which there are many. And as it's also preference voting, Australia is not stuck in the trap of "better vote for A or B will get in" either. You can vote for C, with a fallback to D, E and F before putting in A as a back-stop.

There's a town in Alabama that skipped elections for 60 years; they'd just hand it off to a buddy. Someone finally registered to run and won by default, so ten days later they had a secret do-over to avoid a Black mayor.

https://en.wikipedia.org/wiki/Newbern,_Alabama#Mayoral_dispu...

From the second paragraph of the Wikipedia article: "Six days after polls had closed, 202 additional votes were added to the totals for Precinct 13 of Jim Wells County, 200 for Johnson and two for Stevenson."

Those numbers alone should make anyone suspicious. If you have an urn containing about 20,000 balls in two colors, red and green (this election happened in 1948 and the 1950 census listed that county's population as 27,991; let's assume that roughly 20,000 people would have been old enough to vote in 1948) and you randomly draw out 202 balls (about 1% of the total number in the urn), you would expect the number of balls you draw out to be roughly proportional to the red-blue mix in the urn. (1% of the total is big enough to expect a roughly-unbiased sample). So if you draw out 99% red balls and 1% green balls, then either you have a very very skewed proportion of colors in the urn, or else someone is cheating. Given the TINY margin of victory in that race (87 votes out of nearly a million, 988,295 to be precise), it's very very unlikely that precinct 13 happened to be skewed 99% towards LBJ when the state as a whole was so closely balanced.

> I would prefer a system where even in 20 years I can go online and check how my vote was counted in older elections - this way stealing my vote would be impossible.

Understandable, but then vote-buying becomes possible. The reason vote-buying is impossible in a secret ballot is because you can't prove how you voted to anyone else. If you can look up your own ballot even five minutes after it's dropped into the box, then you can show your screen to someone else who then hands you $100 for voting the right way, and elections change from being "who has persuaded the most voters?" into "who has the most money to buy votes with?"

> If the system is transparent enough and provides mechanisms for verification and control

That "if" is doing an awful lot of work here!

You can literally explain paper voting to children - it was part of my mandatory Civics classes. On the other hand, I'm pretty sure you need a cryptography PhD to even begin understanding why the various digital protocols are supposed to be secure. Even worse, as a software developer I am aware that things like "how do I know the compiler is trustworthy" and "how do I know the computer is in fact running the right binary" are very much open problems in the industry, so I know that any computer is untrustworthy.

Sure, if it's transparent and verifiable there's no reason to distrust it, but we don't live in a world where a transparent and verifiable digital voting system has been invented yet, so there are plenty of reasons not to trust them.

Yep, I believe Louisiana is the only US state that does electronic voting without a paper trail. [1]

And not all paper systems are good either. I'm sure everyone remembers the disaster that was the punch card system used by Florida in the 2000 election...

[1] https://ballotpedia.org/Voting_equipment_by_state

>Electronic tabulation introduces little risk when the ballots are paper.

Do European and other first world countries favor electronic tabulation?

Is it possible that introduction of all electronic factors reduce trust?

As we learned from Dominion... depends who manufactures the machine.

>We can't "move back", it's where we are.

vote by mail (and similar ballot harvesting, bulk ballot dropoffs with hazy chain-of-custody as from a nursing homes and immigrant communities) are new, based on paper, and open to abuse.

It's not where we were.

traditional absentee balloting was a small scale thing used by college students, military personnel, etc. and if it was messed up, it was not likely to change outcomes or a threat to counting accurately (no election is perfect)

They did start a recount! IIRC SCOTUS, at that time already taken over by partisans, illegally ruled to force the original results on us instead of correctly ruling for all FL districts to use the same methodology when performing the tallies.

[flagged]

The issue is that the paper ballots are counted electronically. There may be a paper version for double-checking the vote, but it's rarely used. The vote relies almost entirely on electronic technology.

Minnesota has a better system. You fill in a paper ballot using a pen, and the paper ballot gets optically scanned.

Besides avoiding any issues (real or imagined) with touchscreens, it makes it extremely cheap to stand up more polling places with more booths, since only one tabulator is needed; the booths themselves can just be little standing tables with privacy protectors.

The New York mechanical machines by the 2000s were all worn out, there was a statistically higher occurrence of certain numbers (I believe 9) because the gearing was worn down.

These "ads" are hilarious:

https://rcareaga.com/dieboldvar/adworks.htm

Do you not have in-person early voting?

In Australia you can postal vote if necessary, but "prepoll" voting is much more popular (I believe 37.5% of registered voters, 90% of which actually voted, in 2025). It's just so convenient, with the same crowd of volunteers and officials as actual polling day.

I wonder how correlated is this to how (un)contested California results are (?). I think the main test will be whenever a case like Bush vs Gore happens.

I volunteered at Fairview development center in Costa Mesa CA, which is a place where dozens of disabled residents lived. These people could not talk, move, etc. They were essentially quadriplegics; mentally completely not there; etc. I was a high school student helping move residents to Sunday service and back and doing activities with them (volunteer hours). I clearly remember seeing nurses and others mark ballots of residents that were in no fit state to vote (unable to communicate at all; those who could were often not mentally competent enough to make their own medical decisions, let alone decide who to vote for). I don't think anyone cares to be totally honest. I was shocked the residents even got absentee ballots. Of course, competent adults should be able to vote, but at the point where you're essentially a child mentally? I mean ... how can anyone possibly figure it out. I did lodge a complaint, but nothing came of it.

Many countries with far higher participation rates do not allow mail-in voting, which definitely should be banned to prevent voter manipulation.

This is the system used in the majority of the United States. Direct-recording electronic voting systems were never that common, briefly peaked after the Help America Vote Act as the least expensive option to meet accessibility requirements, and have become less common since then as many election administrators have switched to either prectinct tabulators or direct-recording with voter-verified paper audit trail.

In the 2026 election, only 1.3% of voters were registered in jurisdictions that use direct-recording electronic machines without a voter verifiable paper audit trail (https://verifiedvoting.org/verifier/#mode/navigate/map/voteE...). 67.8% of voters are registered in precincts that primarily use hand-marked ballots, and the balance mostly use BMDs to generate premarked ballots.

You don't necessarily need any sort of electronic counting for quick results. Federal elections in Australia are usually called late on the voting day and I imagine the same is true for other countries that are paper-only.

That's how it works in Cook County and a lot of other places: it's touchscreen voting, using "ballot marking devices", which produce a paper ballot you hand to an EJ to submit.

Some paper jurisdictions have this, essentially. E.g., where I live: the ballot is a paper ballot. You vote by filling in a circle/bubble. (If you're familiar with a "scantron" … it's that.)

It looks like a paper document intended for a human, and it certainly can be. A machine can also read it. (And does, prior to it being cast: the ballot is deposited into what honestly looks like a trashcan whose lid is a machine. It could presumably keep a tally, though IDK if it does. It does seem to validate the ballot, as it has false-negative rejected me before.)

But now the "paper trail" is exactly what I submit; it's not a copy that I need to verify is actually a copy, what is submitted it my vote, directly.

> I would like a paper audit trail. Print my ballot-as-cast for on a paper roll that scrolls by under a window. I can verify it before leaving the voting booth.

Why should you be forced to trust that what you're shown is also what was being counted? The paper record should be the actual ballot itself, with your actual vote on it.

People of limited technical ability can understand the checks and balances of a paper voting system, which legitimizes outcomes. No digital voting system I'm aware of has this characteristic.

You're not securing your banking details from the bank. The people running the elections are a probable adversary during elections, though.

That makes software really unsuitable.

Elections in most countries involve tens of thousands of volunteers for running ballot stations and counting votes.

That is a feature, not a problem to be solved. It means that there are tens of thousands of eyes that can spot things going wrong at every level.

Any effort to make voting simpler and more efficient reduces the number of people directly involved in the system. Efficiency is a problem even if the system is perfectly secure in a technological sense.

How do you solve the issue of manipulated voting? That's solved by in-person ID-authenticated voting, but can never be solved by online voting.

Money are stolen electronically every day - we do not know how to build secure systems. Considering the stakes for national elections (civil war or government instability) good enough is not good enough.

I agree with you on local elections - electronic voting is good enough for town or even state level elections. The stakes are dramatically lower.

It's of course possible. In fact electronic voting could be safer. The issue is that voting has nothing to do with technical details of safety and everything to do with trust. If your electorate doesn't understand modular arithmetic, then there's no point to electronic voting.

Banks have KYC - in the USA it's racist to ask someone to prove their identity before voting.

We have ID.gov and we have blockchain. If we can ensure that the person submitting the vote is indeed that person, would it matter whether it was online, in a booth, or by mail?

At least in the US, I think there are a number of suggestions that are made repeatedly each cycle here. Like "it should be a paid federal holiday", and not putting onerous requirements on voters. Automatic registration. The list goes on.

But I what is written over and over is more on the lines of "I don't trust the process". I cannot blame anyone for not trusting Internet voting: I am a professional SWE, and it would be impossible for me to establish that any such system isn't pwned. Too much code to audit, hardware that's impossible to audit. But it's pretty trivial to demonstrate to the layperson how paper voting works, and how poll observers can prevent that process from being subverted.

There are non-internet ways to do that. States are really the "laboratories of democracy" on that front, with different states having affordances like long early-voting periods and mail-in voting.

However, those are in the context of whatever political system they're in. No level of efficient election design is going to put a dent in the fact that California loves direct-elected downballot offices (e.g., treasurer, controller, insurance commissioner, state judges, local judges, etc.) and referenda, which all result in super long and complicated ballots with 50+ questions each.

We have mail voting as a default in Colorado. When you get your license you are registered to vote and opted in automatically. The one piece that might improve it further is if it came with a stamp to mail back. Otherwise you just drop it off at a drive-up ballot box. You can also vote in person if you want. Hardly anybody does it so there’s never a line.

You get text messages each step of the process too. “Your ballot has been mailed”/“your ballot has been delivered”/“your ballot has been received”/“your ballot has been counted - thanks for voting”.

Improved turnout and participation is a good thing in itself, but not necessarily if it puts a weapon in the hands of those who do not like the outcome and are seeking to invalidate it without regard to whether it represents the electorate’s legitimate choice.

Efficiency for the voter and efficiency for the vote counting process are totally different things.

A question we all have to ask ourselves. What would I trade for efficiency?

It depends on what "Voters can check their votes" means since you have to make sure that nobody can take a receipt to see which way someone (including themselves) voted. You're also still stuck trusting that what your receipt said matches what actually got counted.

The best paper record is the actual ballot you yourself marked and turned in. It shows exactly what the ballot said and it shows what your selection was. Counting of those ballots can take place in public, on camera to make sure that each vote gets counted correctly. No internet or computers needed.

Yes

Isn't it effectively computers everywhere? Sure, you may write on a piece of paper but there is a computer scanning and reporting it. I dont see a practical difference between that and submitting a form directly on a computer.

> Want paper vote? That's racism. Want counting in a day? That's xenophobia. Want to limit certain time window for counting? That's definitely racism.

This characterization is reductive and basically a straw-man.

The principle underlying opposition to "counting in one day" is basically that every vote that is correctly placed in time should be counted, and as many people as possible should have access to voting. Mail-in voting, for example, has been shown to increase voter turnout by making voting more convenient, but you have the question of what to do with ballots that are received late. There are pretty good arguments for counting all mail-in ballots that are postmarked before the election, and I don't think "xenophobia" is among them.

In America specifically, all decisions relating to access to voting are considered against a backdrop of our widespread and systematic attempt to restrict voting. A modern example of this is related to wide disparity in the number of polling places, and therefore the amount of time required to vote, in "urban" regions of some southern states as compared to rural regions.

I have never heard of a racism-based opposition to paper ballots. I think you just made that up.

I think these claims are badly miscontrued at best, and match one party's outlook. The Republican Party has tried inhibiting voting in ways that benefit them, often by making it more difficult for minorities to vote.

Many of those tactics existed on a large scale in the South before the Voting Rights Act, and when the Supreme Court recently invalidated the Act, many have returned. For example, reducing voting locations in minority areas so people have to travel far and wait longer. Texas and possibly other states have criminalized errors in voter registration (iirc), making it dangerous to register voters. Georgia, and others, conducted a large-scale purge of voting rolls, requiring people to re-register. Requiring government-issued ID prevents many people from voting, often poor people and immigrants who lack what wealthier people are accustomed to. Florida's voters passed a ballot measure enabling ex-felons to vote; the Republicans added a law requiring full restitution to be paid (iirc) before they could vote, effectively canceling the ballot measure vote. And these days almost any Democratic victory is called fraud; remember the 2000 election, the lawsuits, riots, threats against ordinary citizens working on local election boards and on elections, etc.

Directly addressing the parent's claims: I've never heard of paper votes being called racism - could you share something with us? Calls to limit counting are often accompanied by calls to limit the voting period, invalidate votes received later (e.g., due to US mail delays), and calls to greatly restrict mail-in voting - all things that make it more difficult for people working two-three jobs.

The Democrats have their flaws; I've never seen them try to limit voting. That should be something everyone in the US - and in the world - agrees on: Do all we can to enable everyone to vote.

Are you American? Are you white?

There are historical factors that contribute to those things you brought up. American minorities are disproportionately affected by things like limited hours, for example. You'd know that if you were an American POC.

I don't understand the critique. Nobody has ever made these claims.

I don't mean this as an ad hominem, but was this comment generated with AI or something?

Politicians just use those accusations as cover for conducting fraud or enabling the conditions that they inherently benefit from. There's no reason to not use paper, ID checks, and same-day accounting.

> Want to limit certain time window for counting?

Why would you want that?

Surely what you want is to enable everyone to vote, and then to count all the votes?

In the UK where I have most experience of this stuff, there are many, many small polling stations, and usually you just walk right in and vote without queueing. The longest I ever had to wait to vote was about 30 minutes. Votes are counted locally and results usually declared within a handful of hours. Some take longer due to recounts etc if the tally is very close in a certain area, but the whole thing is pretty uncontroversial and pretty low-effort.

Here in Australia, voting is compulsory, it's always on a Saturday, and there's usually a charity sausage-sizzle at the polling place, it's sorta fun. And again, AFAICT (I'm not a citizen yet) the infrastructure is over-provisioned so people aren't waiting around forever.

From what I hear about the US, in some places voting can take hours, it seems like the number of polling places is deliberately limited to make it hard for people to vote, and you have those weird/horrible rules cropping up like it being illegal to hand out water to people in line, which seems purely designed to discourage electoral participation. And then you have all these calls to stop the count after a certain time etc.

It's deeply weird from an outside perspective. If counts are taking too long, if people are having trouble voting, provision more... but of course it seems clear that there are motives for underprovisioning, because one or other group thinks it will benefit them.

> Want counting in a day? That's xenophobia. Want to limit certain time window for counting?

Why do either of these matter? If you assume paper voting in-person is secure, then there is zero reason to also limit the time spent counting or the time window for counting. Anything past that point is clearly trying to fill some sort of agenda for the sake of disenfranchising people who cannot adhere to the times you're trying to set.

These objections to secure voting always smell the same as “privacy and encryption bad, must protect children!”

> If you’re willing to do away with the secret ballot

We're not willing to do that. No modern democracy has public ballots. The reason is simple: secret ballots make it effectively impossible to buy votes, as there's no way to prove how any person actually voted.

The key word is coereced (as in, forced, not convinced).

Are you suggesting that voting is pointless because some people can be convinced to vote for stupid things?

Yeah. The weakness in any democracy are “populist” Robin Hood politicians.

> If that's gaming the system, what even is the point of voting?

Good point. Let's just get rid of voting and go back to "divine right of kings", at least until they develop a cure for human gullibility.

People can be taught to recognize when they're being duped.

This may be a bit tinfoil hatty of me, but I think the whole anti-woke thing is a ploy to interfere with that kind of education.

Yes - thank you for reminding me a voting machine system was also bought recently (too long a process to get in? Just pay more)

https://abcnews.go.com/amp/US/dominion-voting-systems-sold-c...

It’s a great idea , though the counting machine becomes a threat vector .

Counting votes isn’t really that expensive . Certainly not compared to purchasing , maintaining and securing counting machine hardware

I get that we all get paid to digitize things , so paper seems antiquated , but for many applications it’s the best solution

I have not personally, but there's some fantastic work on the subject: https://ieeexplore.ieee.org/abstract/document/9152765?signou...

They find a few really bad issues. IIRC, the Swiss Post is looking into improving it, with the consultation of real cryptographers, so we'll see how that goes!

Looks like. More recent papers still find vulnerabilities too.

Steelmanning: They're putting the effort in so we don't have to. Either they find a way and it'll be awesome, or at some point they become an object lesson.

edit: Or third path: They muddle along just well enough with a system that can't work in theory, but ends up nearly working in practice, stochastically? (see also: email, wikipedia, or a hundred other broken things that can't possibly work but are still hanging on. )

Then that is a confusing definition since the voter literally had a receipt of their vote that they can verify.

If the receipt you get says you voted for someone you didn't, then that is a clear sign something went wrong.

You don't forge a ballot. You are forging the proof of your vote.

You would know which would be the real one and which you forged. Obviously when checking that your vote was properly counted you wouldn't use a forged one.

The property you are talking about is generally called "deniability" in the literature, whereas the GP is talking "verifiability" ie. being able to verify your own vote is cast correctly. They are both valuable, sometimes mutually exclusive, but not necessarily, see eg. https://petsymposium.org/popets/2024/popets-2024-0021.pdf

Verifiable in this context means I can verify my vote was tallied correctly.

Elections are reversible too. A recount can reverse an election.

I think it is very difficult to secure internet voting, someone can stand behind you and twist your arm or otherwise coerce you to vote for their candidate. Much harder to do when there are observers and witnesses at the polling booth.

>Internet voting needs to be anonymous and non demonstrable

Why? Honestly Internet voting would improve overall turnout, which seems more important. And we probably could accomplish anonymity with some clever cryptography.

It can't be anonymous. There has to be some form of IDV to ensure it is a registered voter.

[dead]

Well it isn't primarily the technicality aspect but rather the same risks that apply to end users are also applied to the people working at the polling station and their equipment, bringing it up when you are talking about one side only is just a tactic to discredit it. That being said, modern phone OSes are also unlike before, app isolation among others prevent such attacks, I don't think I came across a new attack that just altered another app on the fly, otherwise, we would have hundreds of cases of people getting their bank accounts compromised. In fact, I think from a technical standpoint, the risks of having such malware on end users' devices are harder to implement compared to infecting say the Android OS running on the voting screen at the polling station, or anywhere else in the process. Because in the end users' ones you can restrict the app to run under certain criteria similar to banking ones, and independent security researchers can check it for potential vulnerabilities, meanwhile an internal app used in the polling station won't have these measures, and you can even assume the OS/packages are outdated and vulnerable, making it far less secure, something like how flock cameras Android OS is a security nightmare for example.

These sources still presume SECRET blockchain voting as the goal.

We are a society of adults and complex individuals that don't need to be moralized to or nanny'ed.

You can easily bring up bribing and retaliation as excuses why we shouldn't have jury trials either. These were never really fundamental problems with open democracy, like Andrew Jackson didn't bribe everyone in the country to become president.

TBH if a politician offered me $100 to listen to his pitch, I would take it but I would still vote based on the thousands of dollars of lifetime impact of their policies on my income and assets.

As the other reply noted, there were audits by multiple entities and parties, although I agree that it would be preferable for the code to be open sourced.

I do disagree with your other points. Paper confirmation is not necessarily the only way to audit, and may in fact introduce risks of voter reidentification and coercion (voto de cabresto). The other way of auditing the machines is the parallel voting procedure, which already takes place at every election and is honestly a brilliant piece of security engineering.

For those not aware, the parallel voting procedure works as follows:

1) the day before the election (when the software has already been loaded and locked into the machines for several days), a random sample of machines is selected for the procedure

2) those machines are then removed from the polling place they would ordinarily be assigned to, and replaced with a backup machine

3) the removed machine is then installed in a different room, and booted up normally on electionday. Since it is fully offline, the machine doesn't "know" it is being used in this mode

4) this room is setup so that there are cameras pointed to the machine, and people from all observing parties (and common citizens as well) are invited to "mock vote" in this room.

5) at the end of the day, the machine is closes, its report printed, and the result is checked against the known mock votes

Pretty solid method if you ask me, and much cheaper than upgrading the entire fleet to enable printing.

It is false your affirmation that they are not audited by public organizations.

Entities can register to see the source code in a controlled room. In 2024 for example the party União Brasil checked the code.

In 2025 during the official audit 149 entities registered to check the code and attack the machine. Universities, ONGs, political parties, etc.

Please check you facts before posting what you think

Reference: https://www.tse.jus.br/comunicacao/noticias/2025/Dezembro/te...

Some of the attacks performed: https://www.tse.jus.br/eleicoes/arquivos/relatorio-parcial-d...

One thing I agree with you. It would require another big country effort to break it.

It's as close to on-topic as most of the other comments.

"The internet isn't secure enough to trust for voting" could be generalized to

"The internet isn't secure enough to trust for _____" just a reasonably as it could be to

"______ isn't secure enough to trust for voting" as most of the other commenters have chosen to do.

The fact that one of the generalizations is more popular doesn't make the other wrong, and addressing both (as, say, the GP or people talking about internet banking do) adds both depth and breadth to the discussion.

A paper that gets scanned by a computer