I would cast my drop-in-the-ocean vote if it didnāt require needlessly reckless disclosures. The question is- which states offer more privacy than others? These are some of the issues:
publication of residential address
Itās obviously fair enough that you must disclose your residential address to the election authority so you get the correct ballot. But then the address is public. WTF? Iām baffled that the voter turnout isnāt lower.
Exceptionally, Alaska enables voters to also supply a mailing address along with their residential address. In those cases, the residential address is not made public. But still an injustice as PO Boxes are not gratis so privacy has a needless cost.
Some states give the mailing address option exclusively to battered spouses. So if you are a victim of domestic abuse, you can go through a process by which you receive an address for the public voting records that differs from your residential address. Only victims of domestic abuse get privacy that should be given to everyone.
publication of political party affiliation
You are blocked from voting in primary elections unless you register a party affiliation, in which case you can only vote in the primary election of that party. A green party voter cannot vote in the democrat primary despite the parties being similar. The party you register in is public. So e.g. your neighbors, your boss, and your prospective future boss can snoop into your political leanings.
AFAIK, this is the same for all states.
publication of your voting activity (which is used for shaming)
Whether you voted or not is public. If you register to vote but do not vote, itās noticed. There is a shaming tactic whereby postcards are sent saying āyour neighbors the Johnsons at 123 Main St. voted early ā will you do your civic duty too? Note that the McKinneys at 125 Main St. have not voted; perhaps you can remind them?ā They of course do this in an automated way, so non-voters know their neighbors are receiving postcards that say they did not partake in their civic duty.
forced disclosure to Cloudflare
These states force all voter registrations through Cloudflare:
- Arizona
- Florida
- Georgia
- Hawaii
- Idaho
- New York
- Ohio
- Rhode Island
- Washington
Thatās not just public info, but everything you submit with your registration including sensitive info like DL# and/or SSN goes to Cloudflare Inc. Cloudflare is not only a privacy offender but they also operate a walled garden that excludes some demographics of people from access. Voters can always register on paper, but whoever the state hires to do the data entry will likely use the Cloudflare website anyway. So the only way to escape Cloudflare getting your sensitive info in the above-mentioned states is to not register to vote.
To add to the embarrassment, the āUS Election Assistance Commissionā (#USEAC) has jailed their website in Cloudflareās walled garden. Access is exclusive and yet they proudly advertise: āAdvancing Safe, Secure, Accessible Electionsā.
solutions
What can a self-respecting privacy seeker do? When I read @BirdyBoogleBop@lemmy.dbzer0.comās mentionĀ¹ of casting a āspoiledā vote which gets counted, I thought Iāll do thatā¦ but then realized I probably canāt even get my hands on a ballot if I am not registered to vote. So I guess the penis drawing spoiled vote option only makes a statement about the ballot options. Itās useless for those who want to register their protest against the voter registration disclosures.
Are there any states besides Alaska that at least give voters a way to keep their residential address out of publicly accessible records?
- it was mentioned in this thread: https://lemmy.dbzer0.com/post/8502419
Your residential address is not private. Even if you do not vote.
Your political party is self reported. I donāt believe the primaries have anything to do with actual government protection and are run by each party. Therefore they can make the rules on who can and cannot vote. As itās self reported, you can always lie.
Voting activity is a strange one. I have never gotten those postcards.
Cloudflare, is well, cloudflare. Because of how they do their ddos protection they do have the ability to decrypt traffic, but itās highly unlikely that they do. Anything done along the wire would destroy their reputation. It is a big issue regarding consolidation of Internet resources into the hands of a few large companies, but just because traffic goes through them doesnāt mean that privacy is violated. Iām curious, can you expand on what demographics they block?
Of course your residential address is private. Itās sensitive information because it can be used against you in countless ways. Do you mean to say that you personally donāt care if your residential address is published? Anyone who is street-wise treats it as private. Note that this is different from mailing address. Residential address is where you can physically be foundā¦ where you sleep at night.
By āself-reportedā, do you mean that registrants are entering it on the voter reg. form themselves? Yes they have a choice whether or not to provide that, but it depends on the state whether itās a precondition to participation in primaries. (see the earlier discussion below).
I havenāt either. Just heard about it going on. The bigger issue is that the information to do that is /available publicly/. The postcards arenāt coming from the gov. The fact that people are exploiting the info is expected. The non-voter shaming is a bit eye opening but then again so are so many abusive tactics we encounter in the election run-up you could fill a book with all the ways voters are manipulated and exploited. AI of course supercharges it. Cambridge Analytica is merely the beginning.
Thatās not true. The ability is used inherently in how they operate. Of course they decrypt the traffic; thatās a precondition to the DDoS protection. How do you think CF offloads the userās server workload without directly processing payloads? Any packets they donāt decrypt cannot be treated and must be passed through to the customer who cannot afford the bandwidth to handle all the traffic which is why they use CF to begin with.
To give you a concrete example, you use #lemmyWorld, a Cloudflare instance. Your username and password is revealed to Cloudflare every time you login, along with all your actions including actions that do not manifest in a public way. Cloudflare inherently sees that all in the clear (to them). Whether they abuse it is guesswork. But itās obviously not a wise move to choose a centralized CFād instance when there are non-CF instances to choose from. You compromise privacy and support an anti-netneutrality tech giant for nothing.
The option to allow the customer to have their own key is a premium option (non-gratis), which makes it rare, not to mention it defeats the DDoS protection. The use of that is obviously quite niche.
If they are caught abusing that data, it may or may not matter considering what theyāve gotten away with so far. One would be a fool to not assume CF is feeding 3 letter orgs just like the other tech giants. Of course they are. There just hasnāt been a specific leak in that regard yet.
CFās reputation should be in the shitter because they doxxed a CSAM whistle blower to a CSAM host they were protecting, who then published the identity of the whistle blower so users could retaliate. If thatās not startling enough evidence of Cloudflareās untrustworthyness, consider as well that the (manchild) CEO said the whistle blower āshould have used a fake nameā when reporting the CSAM to CF. Effectively, the CEO admitted that CF cannot be trusted with peopleās real identities. That should have been a PR nightmare for them but most people donāt give a shit or donāt even know enough to understand it, which enables CF to grow. Theyāve taken ~25-30% of all the worldās websites so far and itās rapidly increasing. Cloudbleed should have been an alarming disaster for them but people shrugged it off and a couple weeks later it was back to business as usual.
Find me a PRISM corp whose reputation was destroyed by the Snowden leaks. Microsoftā¦ Googleā¦ Facebookā¦ Appleā¦ They are all doing well.
Thatās not how wise infosec works. You do not wait until your data gets exploited before deciding not to do a reckless disclosure. That would be like leaving the keys in your car on the basis that your car has never been stolen. Not to mention Cloudflare has proven to be untrustworthy anyway. Just like Facebook. It doesnāt stop people using them. And the nature of the beast is the admin is putting other unwitting people at risk. Mallory solves her problems by transferring risk onto Alice.
By default, Cloudflare blocks access to the following groups of people:
ā¦ and thatās just what has been noticed and complained about. Itās likely a bigger list but they are non-transparent. Cloudflare does not publicize who they marginalize. They just say they block the baddies, and then proceed to assume all those they block are baddies in a circular logic fashion. Marketing works wonders on people.