Secure election does not mandate that the only voting option should be in-person voting the day of. Almost all states allow early voting in person. All states allow some form of mail-in voting with a dozen only requiring a specific excuse. More than half of the states allow a non-photo ID for verification (quite a few of which deep red states). And demonstrated fraud is extremely rare in these states so clearly in-person voting on Tuesday is not the only secure way.
The main reason the GOP is pushing harder for strict photo-ID voting (and conversely why Dems resist it) has a lot less to do with how frequent election fraud is and a lot more to do with how many voters of each party lack easy access to up-to-date photo IDs (GOP < Dems < Independents) (Statistics study on which US voters lack photo ID).
Anyway, that issue is a bit different from the lack of privacy on voting participation and voter affiliation.
That was the vibe that I got. It seemed directed at black people, considering the stations that I heard it on. Maybe that’s why President Trump got such a high percentage of the black vote.
It is not easy to prove that fraud exists in a court of law and the people who have the evidence benefit from fraud and are not going to stop it. Republicans have been able to fight fraud by forcing Democrat states to clean up their voter rolls so they are not mailing ballots to vacant buildings or to the wrong voter. But to do this, they’ve had to take the Democrat Secretaries of state to court. And this of course is not a complete remedy.
The potential for fraud is so self evident that the United States is almost unique among developed countries in using mail-in ballots or voting without Identification.
Eight states and Washington, D.C., allow all elections to be conducted entirely by mail: California, Colorado, Hawaii, Nevada, Oregon, Utah, Vermont and Washington state.
Two states permit counties to opt into conducting elections by mail: Nebraska and North Dakota.
Nine states allow specific small elections to be conducted by mail: Alaska, Arizona, Florida, Kansas, Maryland, Missouri, Montana, New Mexico and Wyoming.
Four states permit mostly mail elections for certain small jurisdictions: Idaho, Minnesota, New Jersey and New Mexico.
I’m not familiar with post-covid rules, but I lived in a state that required that you know only cast your absentte ballot in person, but that you give a written reason for why you could not vote on election day.
The FBI warned of the following examples of AI being used in cyber attacks, mostly phishing-related.
The use of generative AI to produce photos to share with victims so as to convince them they are speaking to a real person.
The use of generative AI to create images of celebrities or social media personas promoting fraudulent activity.
AI-generated short audio clips containing the voice of a loved one or close relative in a crisis situation to ask for financial assistance.
AI-generated real-time video chats with alleged company executives, law enforcement, or other authority figures.
AI-created videos to “prove” the online contact is a “real person.”
To mitigate the risk of these smartphone-based AI cyber attacks, the FBI has warned that the public should do the following:
Hang up the phone to verify the identity of the person calling you by researching the contact details online and calling the n umber found directly.
Create a secret word or phrase that is known to your family and contacts so that this can be used for identification purposes in the case of a true emergency call.
Never share sensitive information with people you have met only online or over the phone.
If you believe you have been a victim of a financial fraud scheme, please file a report with the FBI Internet Crime Complaint Center.
If you’re not a public person, keep your personal and biometric (face, voice, DNA) information private. Don’t paint a target on your back (or piss people off ).
One update to my quote above is that it’s not yet cheap enough to do any of this, so the criminals are stealing the necessary accounts or API keys, so other victims are paying for the criminal use of AI.
I never understand in all these stories why the victim never checks whether their account is actually hacked or not. My first reaction would be to independently go to a browser and try to log into my google account, and assuming I can, review my account activity, then if anything looks off, change the password. If I cannot log into the account, then I’ll initiate the account recovery without “google’s” help. But why click Yes on account recovery if you have not lost control of your account? People just click shit without thinking it seems to me.
One important take home for me though was likely to use another authenticator app than google’s so no code get synced. I’ve been using MS authenticator but the decision to use it instead of google was entirely fortuitous.
I reached the opposite conclusion and moved my Microsoft codes to Google. It is not required to sync the codes in Google Authenticator, it’s a setting that can be turned off. If the codes are synced, then yes, they can be accessed from your Google account (not on desktop, yes on Android or, I believe, in Chrome using their plugin). So it’s important to make sure nobody else can access your Google account. I do think that having them sync is better, because sometimes restoring access without the codes (as would happen if you lost or broke your phone) is between difficult and impossible.
I realized there are two big problems with using these apps. The first is that both MS and Google app have a design flaw – the list of codes displays the service/website AND the login/account (such as email address) for each code, the only missing piece is the password. I was not able to edit this information in Microsoft Authenticator, but in Google Authenticator the account can be changed (it can’t be blank, but it should not contain the actual login). The account field is only there so you can differentiate between multiple accounts for the same service. The second problem is that if someone obtains full access to your Google account and therefore your Authenticator codes, AND you use your google account / gmail address with the services listed in Authenticator – you’re hosed. The solution is to not use your google / gmail account for login (or password recovery) for any of the services in Authenticator. The codes are useless without the login info.
I still feel that in all cases, hackers would need to get your password and access to your authenticator to take over your account. If you use long randomly generated passwords for all your accounts, it’d take a breach or you giving them your password for them to take over.
Plus for MS authenticator, how would they get in to see my email address linked to the various services? I need to enter my phone PIN to get in the authenticator on my phone (even if they steal the phone while unlocked). And the email account used for the MS authenticator is not used for any services (I use about 10 gmail accounts split between shopping, subscriptions, utilities, banks, businesses, etc… none of which are the email account the authenticator syncs). Wouldn’t they need to physically make me enter my PIN into the app in order to see the email addresses for the various services?
In this article the “hackers” started with the victim’s phone number and gmail address. They went through the Google account recovery process to change the password. They were successful because the account owner positively answered the “is it you trying to recover your account” prompt on their phone.
The next step is to get into the accounts in Authenticator. If you use the same hacked gmail address as the login for any of those accounts, they will be able to reset the password by simply clicking “forgot password”, providing the gmail address, and following instructions in the email they receive.
Yes, good point, assuming that this security setting is enabled (it is optional and in my experience quite annoying). Google Authenticator has the same security setting, but I guess it’s ineffective if sync is enabled and they try to get the codes using another device. MS Authenticator also has a sync/backup feature, though I don’t know how it works.
The Supreme Court is taking up the forced sale of TikTok from Chicom ownership. As usual, the left is trying to control the language. The law is not a ban
I have the yahoo email client on my iPad. The location information is not very interesting. It is always at my house. But what other information are they pulling out?