Security Testing

Every system for collective decision-making can be gamed. Manipulated. Captured. This isn't cynicism—it's the starting point for building systems that actually work.

Most platforms hide their vulnerabilities, hoping obscurity provides protection. We believe the opposite: informed communities are resilient communities. If you understand how democratic systems break, you can help protect them. You can spot manipulation. You can contribute to defense. You can calibrate your trust appropriately.

CanuckDUCK exists because we believe Canadian communities deserve civic infrastructure built for contemporary challenges. Infrastructure that acknowledges the attacks we've discussed. That implements layered defenses appropriate to different contexts. That prioritizes resilience over false promises of invulnerability. That treats transparency as strength. That centers human community rather than replacing it with mechanisms.

We don't claim to have solved these problems. We claim to be working on them honestly—publishing our thinking, inviting scrutiny, learning from failure.

Even if perfect security were theoretically possible, pursuing it would be practically destructive.

Friction excludes - Every verification step, every commitment requirement, every identity check filters out some legitimate participants. The person without government ID. The person who can't wait three weeks for conviction to accumulate. The person who doesn't have tokens to stake. Maximizing security minimizes accessibility.

Security professionals have a saying: there is no secure system, only systems that haven't been compromised yet. The goal isn't invulnerability, it doesn't exist. The goal is making attacks expensive enough that rational adversaries choose other targets, and resilient enough that successful attacks don't cause catastrophic damage.

This article assembles the defensive toolkit. Not as a checklist to implement blindly, but as a palette to draw from based on your specific context, threats, and values.

The Layered Defense Principle

Democracy has a math problem.

One person, one vote sounds fair until you realize it ignores intensity. The person mildly in favor counts the same as the person whose life depends on the outcome. This seems wrong, but the obvious fix—letting people cast more votes if they care more—immediately advantages those with more votes to cast. Weight votes by resources and you've built plutocracy with extra steps.

Conviction voting asks a different question: what if commitment over time mattered?

The premise is intuitive. Someone willing to stake their vote on a proposal for weeks probably cares more than someone who clicks and forgets. Long-term community members should perhaps carry more weight than drive-by participants. Patience might be a reasonable proxy for genuine investment in outcomes.

This intuition has real merit. It also creates vulnerabilities that naive implementations miss entirely.

How Conviction Voting Works

Coordination is the lifeblood of democracy. People finding common cause, building coalitions, amplifying shared interests—this is how collective action happens. Without it, we're just isolated individuals shouting into the void.

Coordination is also how democracy gets captured. People finding common cause against the public interest, building coalitions to extract value, amplifying shared interests at everyone else's expense—this is how oligarchy happens. With enough of it, collective decisions become private deals wearing democratic costumes.

In 1999, eBay had a problem. Auctions were supposed to find the highest bidder through open competition. Instead, sophisticated users discovered that bidding early was for suckers. The winning strategy was simple: wait until the final seconds, then strike. Opponents couldn't respond. The highest genuine valuation didn't win—the best timing did.

eBay called it "sniping." It's been a known vulnerability for twenty-five years. They never fixed it, because fixing it requires tradeoffs they weren't willing to make.

Every democracy eventually faces the same question: what do you do when someone tries to buy it?

The crude version is straightforward. Cash for votes. Brown envelopes in parking lots. This still happens—and still works—more often than comfortable citizens like to admit. But focusing on bribery misses the larger picture. Money corrupts collective decision-making through mechanisms far more sophisticated than stuffing bills into pockets.

Why People Sell

Before discussing defenses, we need honesty about offense.

In 1973, Flora Rheta Schreiber published a book about a woman with sixteen distinct personalities. The pseudonym she used—Sybil—would later lend its name to one of the most fundamental challenges in online systems: how do you know you're talking to sixteen different people, or one person pretending to be sixteen?

The Attack Is Simple

Create multiple accounts. Vote multiple times. Drown out legitimate voices with manufactured consensus. It requires no technical sophistication, just time and motivation.