Alexander

Being an adult sometimes sucks

@VancePoitier @omoteurax @somemore_b Or that American cars record your driving data and sends it to insurance companies or the feds. Or that America never stopped bulk collecting all electronic communications coming insane out of the Bahamas.

@omoteurax @Alecxace @somemore_b Wait until you find out about vault 7 and what certain governments were doing with TVs or has the capability to do.

I scraped some of the Bahamas voter roll in 14 minutes. Then I mapped every single one of them as best as possible. 6,452 names. Voter IDs. Dates of birth. Home constituencies. 676 API calls. Zero rate limiting. Zero authentication beyond a public key sitting in the page source. This isn't a hack. There's no exploit. No credentials were stolen. No systems were compromised. The Bahamas government voter lookup tool has a 2-character minimum search, no rate limiting, and a CORS wildcard (*), meaning anyone, from any website on earth, can query it programmatically and pull data cross-origin without restriction. I wrote a script that iterated every 2-letter prefix from "aa" to "zz." That's it. 14 minutes later I had the full roll. What came back per voter: full legal name, voter registration number (used as government-issued ID), year of birth, constituency, polling division, and advance poll status. 8 PII fields per person, served up to anyone with a browser console and basic fetch knowledge. So I built something to make the implications impossible to ignore. Using constituency and polling division data alone, no addresses, no GPS, no phone records, I triangulated each voter's approximate physical location to within ~1-4km using a GEOSINT (Geographic Open Source Intelligence) visualization. Every dot on the map is a real person, placed within a polygon near their real neighborhood, derived entirely from "public" civic data. Here's what an adversary would see when they connect the dots: - Voter IDs are used for identity verification purposes, that's an identity fraud vector. - Constituency + polling division = neighborhood-level geolocation without ever needing an address. - Full name + year of birth + location = a social engineering playbook that practically writes itself. - Advance poll registration = a confirmed physical location on a specific, known date This isn't about The Bahamas specifically. Treating voter data as "public record" without considering what happens when public + structured + queryable + unprotected = weaponizable at scale. The fix is embarrassingly simple: • Increase the search minimum to 4+ characters • Add rate limiting (even 10 requests/minute would have stopped this) • Remove the CORS wildcard • Require authentication for bulk-capable queries None of this is hard. None of this is expensive. It just has to actually be done. ⚠️ This project is strictly for educational and awareness purposes. No data was used maliciously. The tool was built to demonstrate the real-world intelligence implications of exposed PII in civic systems so that the people responsible for protecting it understand the urgency. If you work in election security, government IT, or data protection policy, this can be used with information like info stealers or malware that works together with information from the darknet for even further purposes like social engineering, this is just a very small example of what could evolve into something like a threat before it becomes a headline. @ValaLegz @SansNevis @phreakydev @secmxx #CyberSecurity #OSINT #GEOSINT #ElectionSecurity #DataPrivacy #InfoSec

Whoa

What an odd time for this story to drop. This is not the 1st, 2nd or 3rd time something like this dropped in the final days of an election. The Fox podcast comes to mind. I’m not taking a position, just pointing out that Something is odd. miamiherald.com/news/nation-wo…

We say this only to then obediently follow the Washington consensus and pretend it’s a novel idea our leaders came up with. A country that prostitutes itself for FDI in USD is bound by the rules set by Washington. To argue otherwise is pure fantasy.

@Jayceofspades_ Unfortunately I have to work. I only get 2 hours for this.

@Alecxace Camp out from 6am

What’s the best time to go on May 12th?

A lot of people listen to Lincoln Bain’s livestreams. The amount of random people playing his videos out loud… This will be a fascinating election.

@nlu_nation Idk if I’m THAT committed.

3-4hrs minimum according to the reports of people

Is it reasonable to assume I will be waiting for Atleast an hour on the 12th to cast a vote?

@RemedyLovegood @imastrc242 Not taking sides but let’s not forget when Loretta Butler-Turner burst off Andre Rollins head IN the HOA after he made a remark.

@NyaWinter_ The jurors list is now partially censored. So it’s fine. It used to be published with home addresses of the entire list.

Just an FYI.. once you register to vote your name and date of birth is immediately on the juror’s list every year. Which is published in both the papers and on the courts database online (accessible by anyone) The only difference with this app is your polling station is included

Maybe it doesn’t matter 🤷🏽‍♂️

@nlu_nation Our cyber security

Can we expect anything else when our Government has been held at ransom by cyber hackers 😭 and almost extorted for $300,000, I believe? No preparation, no thinking about cyber security, but VOTE for progress. Abysmally poor oversight. This is our standard, shoddy work.

@VancePoitier @somemore_b @omoteurax I’m going to say it. A fucking moron.

@Alecxace @somemore_b @omoteurax As soon as I saw lovable I was mad as hell because who authorized this

@VancePoitier @somemore_b @omoteurax This is exactly what I found out too. I didn’t map anything though

@somemore_b @omoteurax @Alecxace

Ok bad news. You really can scrape the entire database and download the entire thing. Everything is stored in plain text. No idea who’s responsible for this, but they didn’t give a single fk.

@MeyerHaruko Reminds me of when they would publish the name, phone number and address of the jury list

@Alecxace Yeah I said the same thing earlier Exact dob general location and full government name is info scammers would kill for

So apparently there is a publicly searchable database with all registered voters. Idk man. bahamas-vote-finder.lovable.app

The alarms and the ringtone work when they feel like it.