I believe we are mostly on the same page. Voting should be in person, on paper, on a weekend day. It can be done, even in covid times.
One more thought: Simple >>> Complex.
Small variations in a technically correct process may break some of its properties. The more complex the process, the easier is to inject variations, some of them adversarial. If gerrymandering is to be taken as an example, this can be taken to quite some extremes by two sides driven to win the zero-sum game at all costs. But even in absence of that, bugs happen.
To nitpick one detail, I'm not persuaded by the secrecy violation prevention argument. You either prevent secrecy violation by anonymization, or you prevent vote fraud by keeping a link between the voter and the ballot. You can't have both at the same time. In person voting minimizes the bounding box of anonymization: in space, at the ballot box, and in time, the election day. Hopefully both parties afford to have observers during this space-time interval. As you spread out the voting process, both spatially and temporally, it becomes increasingly impractical / too expensive to maintain observers of the entire process.
Fair enough. If I understand correctly, the server only uses the user's identity to generate a random serial number, then only remembers the serial number and the fact that user X has generated a serial number.
With that, we are left with the following attack vectors: the server and its software, either via hacking or via subtle rule tweaks, targeted ballot invalidation, voter pressure. As a technopesimist, I'm especially uncomfortable that a key piece of the process is an opaque blob of silicon that can't meaningfully be inspected by a human observer. Echoes of Diebold voting machines, plus billions of dollars poured into elections. But I can see why HN audience is prone to be persuaded this is a good idea.
I generally think that paper and pencil are far superior to electronic machines for voting. Algorithms and computing can enable methods to support paper voting.
Clarification: serial number is mailed with the ballot, contains a signature (like two part keys for API f.ex.). You submit the serial for signing through authentication mechanism (verifying the voter). The signature can be either PKI or hash. This way you can validate serials, signatures and have them independent from the ballot after separation. If you have designated drop-off locations you insure the ballots are tamper-proof after being filled out (barring massive system-wide fraud).
In practice, vote secrecy does not appear to be a priority concern of the authorities. More so when you have to educate more than 3000 local authorities [number of counties in US] to pay attention to the issue. I did a quick duckduckgo for images of US mail-in ballots, and found many instances of mail that have the sender information on, as is customary for US postage. Found even a couple pictures of ballot envelopes from Portland, Oregon, where they explicitly ask the voter to provide a return address, that is to tie their identity to the ballot:
One more thought: Simple >>> Complex.
Small variations in a technically correct process may break some of its properties. The more complex the process, the easier is to inject variations, some of them adversarial. If gerrymandering is to be taken as an example, this can be taken to quite some extremes by two sides driven to win the zero-sum game at all costs. But even in absence of that, bugs happen.
To nitpick one detail, I'm not persuaded by the secrecy violation prevention argument. You either prevent secrecy violation by anonymization, or you prevent vote fraud by keeping a link between the voter and the ballot. You can't have both at the same time. In person voting minimizes the bounding box of anonymization: in space, at the ballot box, and in time, the election day. Hopefully both parties afford to have observers during this space-time interval. As you spread out the voting process, both spatially and temporally, it becomes increasingly impractical / too expensive to maintain observers of the entire process.