Category: Other Projects

I created an educational animated video that talks about the Tor Browser. The Tor Browser is the ultimate privacy tool for browsing the internet anonymously. It also is designed to get around internet censorship of all kinds to allow anyone to exercise their freedom to access information.

I animated the video using Adobe After Effects, and edited in audio and some other enhancements using Final Cut Pro. I also created over half of the assets using Affinity Photo and Affinity Designer (Photoshop and Illustrator alternatives). 

To learn more about the Tor Browser please visit The Tor Project’s website at https://www.torproject.org

In 2024, after reading Edward Snowden’s book Permanent Record and utilizing Tor extensively for Project GreenWisp (due to Tor’s ability to allow me to configure local devices behind Firewalls) I found myself doing tons of research on censorship, surveillance, and the privacy tools used to circumvent both. I learned so much that I felt passionate enough to create a workshop around it and present it to students in the Blow Things Up Lab (BTU) at CU Boulder.

Presentation Link:

A simple way to get accurate votes for CU Athletic’s award show

In 2024, as a president of the Student Athletic Advisory Committee (SAAC) I was in charge with organizing many aspects of the CU Sports Person of the Year Awards (CUSPYS). One of those aspects was voting for moment of the year. Moment of the year is unique in that unlike the other awards, the winner is decided by popular vote at the CUSPYS event itself rather than ahead of time. I decided I would take up creating the voting system for Moment of the year using HTML/CSS and JavaScript with a Node.js backend.

Previous Voter Fraud

Previously, there were issues where athletes would vote multiple times for the winner. At other times, the voting system was set up in a way that made it difficult for athletes to vote due to a login.

My solution: Security through feigning obliviousness

While designing the system I needed a way to ensure that athletes could not vote twice while at the same time keeping it easy to vote. I did not want to make a login as it would have taken up too much time for athletes to login and they may not know credentials. Instead, I tracked voting records through using browser cookies on the user’s device. When a user would vote a cookie would be saved on their device that they had already voted. This would make it so that the server would know if a user submitting the form had already voted.

However, the cookie technique has a problem. A user can simply open up a private browser tab or clear their cookies to vote again. So I came up with an idea: What if I gave no indication that I was keeping track of who voted? To do this, I intentionally made it so that the submission success page gave no indication as to whether or not a person was voting their first time or their 15th time. From an individual wishing to vote multiple time’s perspective, it would look like voting multiple times would be as simple as resubmitting the form over and over again despite only their first vote being recorded on the server. In a sense, I was feigning not being aware of a potential security design flaw to encourage attackers to attack in a way that I did indeed secure as opposed to using other methods.

Wrap up

In the end, the method I picked to secure the voting system worked seemingly flawlessly. We were able to see the winner of the Moment of the Year being the Ski Team winning the National Championships!