Extension:SecurePoll

MediaWiki extensions manual
SecurePoll
Release status: stable
Implementation Special page
Description Allows for elections, polls and surveys
Author(s) Tim Starlingtalk
Latest version 3.0.0 (continuous updates)
Compatibility policy Snapshots releases along with MediaWiki. Master is not backward compatible.
MediaWiki 1.25+
Database changes Yes
Tables securepoll_entity
securepoll_msgs
securepoll_properties
securepoll_elections
securepoll_questions
securepoll_options
securepoll_voters
securepoll_votes
securepoll_strike
securepoll_lists
securepoll_cookie_match
License GNU General Public License 2.0 or later
Download
  • $wgSecurePollTempDir
  • $wgSecurePollMostActiveWikisThreshold
  • $wgSecurePollUseLogging
  • $wgSecurePollKeepPrivateInfoDays
  • $wgSecurePollUseNamespace
  • $wgSecurePollSingleTransferableVoteEnabled
  • $wgSecurePollGPGCommand
  • $wgSecurePollCreateWikiGroups
  • $wgSecurePollGpgSignKey
  • $wgSecurePollTranslationImportSourceUrl
  • $wgSecurePollCreateRemoteScriptPath
  • $wgSecurePollExcludedWikis
  • $wgSecurePollCreateWikiGroupDir
  • $wgSecurePollShowErrorDetail
  • securepoll-create-poll
  • securepoll-edit-poll
  • securepoll-view-voter-pii
Quarterly downloads 22 (Ranked 114th)
Public wikis using 889 (Ranked 269th)
Translate the SecurePoll extension if it is available at translatewiki.net
Issues Open tasks · Report a bug

The SecurePoll extension is a special page extension for elections, polls and surveys. It is used for Wikimedia Foundation Board elections and arbitration committee elections, and was used for the Wikimedia license transition vote among other things.

Screenshots

Installation

  • Download and move the extracted SecurePoll folder to your extensions/ directory.
    Developers and code contributors should install the extension from Git instead, using:cd extensions/
    git clone https://gerrit.wikimedia.org/r/mediawiki/extensions/SecurePoll
  • Add the following code at the bottom of your LocalSettings.php file:
    wfLoadExtension( 'SecurePoll' );
    
  • Run the update script which will automatically create the necessary database tables that this extension needs.
  •   Done – Navigate to Special:Version on your wiki to verify that the extension is successfully installed.

In addition, you will need to add some user groups and user rights to your LocalSettings.php file. Here is one way to do it, which gives a new group called electionadmin the power to do everything in SecurePoll (create polls, edit polls, see voter IP addresses):

$wgGroupPermissions['electionadmin']['securepoll-create-poll'] = true;
$wgGroupPermissions['electionadmin']['securepoll-edit-poll'] = true;
$wgGroupPermissions['electionadmin']['securepoll-view-voter-pii'] = true;

Once this group is created, a bureaucrat can add someone to the group using Special:UserRights. Then that person can visit Special:SecurePoll to view polls, create polls, edit polls, tally polls, etc.

Each poll's data is compartmentalized. You can have 100 electionadmins, but if you only add one electionadmin to a particular poll, only that one electionadmin will be able to edit that particular poll or see user IPs. If an electionadmin is removed from a poll, they will lose access to it.

securepoll-view-voter-pii is used for "scrutineering" a poll, which involves looking at a list of voter IPs, user agents, and X-Forwarded-For headers to look for cheating (secret duplicate votes by sockpuppets). Because this involves looking at voter IP addresses and other sensitive, personal, de-anonymizing data, it is a sensitive user right, so only trusted users should be assigned to the electionadmin group.

It is possible to split securepoll-view-voter-pii into a separate group. You can use a config such as the one below to create a group called scrutineer that contains the securepoll-view-voter-pii right, separating it from the electionadmin group:

$wgGroupPermissions['electionadmin']['securepoll-create-poll'] = true;
$wgGroupPermissions['electionadmin']['securepoll-edit-poll'] = true;

$wgGroupPermissions['scrutineer']['securepoll-create-poll'] = true;
$wgGroupPermissions['scrutineer']['securepoll-edit-poll'] = true;
$wgGroupPermissions['scrutineer']['securepoll-view-voter-pii'] = true;

A user also needs to be added to the poll (and hence have the securepoll-edit-poll right) in order to view PII - securepoll-view-voter-pii by itself has no effect.

Usage

Create a new poll

There are two ways to create a new poll: manually create an XML file and import it, or use the poll creation interface at Special:SecurePoll.

Manually

To create a poll manually, it is required to:

  1. write an XML file
  2. import it using the import.php command-line interface command

In the test folder you can find four example files:

  • 3way-test.xml
  • approval-test.xml
  • radio-range.xml
  • schulze-test.xml info

To import a poll, run the following from the cli folder:

extensions/SecurePoll/cli$ php import.php ../test/3way-test.xml

To import a poll using docker, run the following from the cli folder:

docker-compose exec mediawiki php extensions/SecurePoll/cli/import.php extensions/SecurePoll/test/radio-range.xml

Via the web interface

A user with the securepoll-create-poll right can create a new poll via the link at the bottom of Special:SecurePoll.

To create a new poll, fill in the mandatory fields in the create form. Special care may be needed with the following fields:

  • When adding poll admins, only members of the electionadmin group are allowed. If $wgSecurePollUseLogging is set to true, it will be logged whenever an admin is added to or removed from a poll. The logs can be viewed at Special:SecurePollLog.
  • To create an encrypted poll, select the radio for the encryption method. If you choose GnuPG, generate a (public) encryption key and a (private) decryption key. Enter the encryption key into the create form, and keep the private key safe somewhere offline (you will need it for tallying, once the election has finished). A detailed example can be seen.

Now visit Special:SecurePoll and you will see your poll.

Edit an existing poll

To edit a poll, you must be an admin of the particular poll. From Special:SecurePoll, click on the Edit link for the poll you want to edit.

Before an election has begun, anything about the election can be edited. After an election has begun, some fields can no longer be edited.

Edit who can vote in a poll

To edit who can vote in a poll, you must be an admin of the particular poll. From Special:SecurePoll, click on the Voter Eligibility link for the poll.

Translate a poll

To translate a poll, you must be an admin of the particular poll. From Special:SecurePoll, click on the Translate link for the poll you want to translate.

See a list of voters

Anyone can see a list of voters, unless transparency features were disabled when the poll was created.

Admins of a particular poll can see a list of voters, along with private information that may help to identify duplicate voters (e.g. IP addresses, user agent information, shared cookies). If $wgSecurePollUseLogging is set to true, it will be logged whenever an admin views private data. The logs can be viewed at Special:SecurePollLog.

Admins may strike any votes that they believe to be duplicates.

Tally a poll

To tally a poll, you must be an admin of the particular poll. From Special:SecurePoll, click on the Tally link for the poll you want to tally.

If the poll has been tallied before, the results will be shown on the page. If not, or if you want to re-tally, there is a form for starting a new tally.

  • If the poll is unencrypted, click on the tally button.
  • If the poll is encrypted, you may need to enter more information. For example, if you used GnuPG, enter the (private) decryption key and click on the tally button. If an encrypted poll has many votes, it may take a long time to tally. You may need to check back later for the results.

Now visit Special:SecurePoll and you will see your poll.

(STV) Tallying

To enable STV tallying please add the below configuration value to LocalSettings.php

$wgSecurePollSingleTransferableVoteEnabled = true;

More information on w:Counting single transferable votes (STV) can be found at Wikipedia.

General algorithm implementation (source).

Quota is + .000001. Quota is the minimum value of votes to secure a seat.

1. Compute the quota.
2. Assign votes to candidates by first preferences.
3. Declare as winners all candidates who received at least the quota.
4. Transfer the excess votes from winners to hopefuls.
5. Repeat steps 3 and 4 until no new candidates are elected. (Under some systems, votes could initially be transferred in this step to prior winners or losers. This might affect the outcome.)
If all seats have winners, the process is complete. Otherwise:
6. Eliminate one or more candidates, typically either the lowest candidate or all candidates whose combined votes are less than the vote of the lowest remaining candidate.
7. Transfer the votes of the losers to remaining hopeful candidates.
8. Repeat 3–7 until all seats are full.

The quota we will use (step 1) is the Droop quota (source):

floor( no. votes / (no. seats + 1) ) + 1

The method for transferring votes from elected or eliminated candidates will be the Meek method:

Tallying (JobRunner)

  • Tallies can be processed via a scheduled job Manual:Job queue . Make sure to create a scheduled job for this task or execute the task manually.
  • Tallies can also be processed by executing the tallying script manually:

To execute a tally, run the following from the cli folder located at extensions/SecurePoll/cli:

extensions/SecurePoll/cli/tally.php

To execute a tally using MediaWiki-Docker, run the following from the cli folder located at extensions/SecurePoll/cli:

docker-compose exec mediawiki php extensions/SecurePoll/cli/tally.php

Generating (STV) Test Elections

  • Test (STV) elections can be generated from the cli folder located at extensions/SecurePoll/cli:
  • To generate a test election, run the following from the cli folder located at extensions/SecurePoll/cli:
extensions/SecurePoll/cli/generateTestElection.php
  • Test (STV) elections provide scaffolding from which to tally on

Redirect polls

If you are using SecurePoll in a wikifarm, it is possible to configure it to create a main election on a vote wiki, and then it will also create a redirect poll on a different wiki, with a vote link that points back to the vote wiki.

Documentation

SecurePoll

SecurePoll general documentation can be found at wikitech:SecurePoll.

SecurePoll Improvements

A summary of improvements to SecurePoll can be found at Anti-Harassment Tools/SecurePoll Improvements.

Understanding the STV result

Documentation on STV results can be found at Anti-Harassment Tools/SecurePoll Improvements/Understanding the STV result.