How can you prove that it is decentralized?
I'm not sure how to interpret your question, so I will describe how it works in the big picture.
Let's take a Stellar Community Funding voting as an example.
Galactictalk or Keybase would become Authentication Server(AS) so you can "Login with GalacticTalk/Keybase" account. CENTRALIZED
The Stellar organization would run the Token Distribution Server (TDS), which will be responsible for both: signing transactions, and authorization (keeping track of who has already voted, and who is eligible for issuing ballot). CENTRALIZED.
Client Webapp is just a user interface that is responsible to interact with AS, TDS, and Stellar Horizon API. DECENTRALIZED
Stellar Horizon API is considered DECENTRALIZED since it is just API to stellar network, it can be hosted by anyone.
Stellar Network is DECENTRALIZED.
So yes, the government layer is centralized. I addressed this issue in section
8 Fully Decentralized Blockchain Application.
But it's important to realize how limited the power of government is in this system. Since he (the government) manages the authorization, he can block a certain users from casting vote. But he can not perform votes on other user behalf since there is only the limited publicly known number of created tokens (e.g. the number of galactictalk active users). Yes, he can assume that only 20% of users will take part in the election, and use the 80% of unspent tokens to perform vote on his behalf. But it still could be mitigated by limiting the number of tokens to the number of users who are incentivized to cast a vote, so the frequency would be high, therefore limiting the number of unspent tokens.
Decentralized auth is a completely different topic, but It is something I would love to continue my research on. Zero-knowledge proofs might be the clue.
And how is this app different from centralized apps?
Besides auth, everything is recorded on the blockchain. Each user can count the voting results on its behalf, without the trust to government. The user is responsible for publishing the vote transaction to the stellar voting, so he can be sure that his vote was taken into account. But the biggest advantage is the fact that the votes are completely anonymous since no one (besides the voter) knows who cast the particular transaction to the network. But everyone can be sure that this transaction was authorized by TDS (because he blindly signed the transaction).
Why can someone vote infinitely?
Right now the authorization is skipped. I assumed that it's an implementation detail, that I'm currently working on.
04.2020 - Add basic authN & authZ methods (cookie, IP address, one-time link, one-time code, email, etc.).
It's just a matter of time, not lack of concept.
I think you have to change your structure and use the public key to validate the voters and every user has to sign their own vote.
It would require the user to already posses the Stellar account which is highly unpractical and limiting. I can't imagine a scenario, other than stellar community voting, where you would require each voter to possess the Stellar account. Additionally, it would allow connecting the user with his vote. Right now the user does not even know that he is using blockchain, which is one of the most important features of this system.
I hope it answers your questions, let me know if there is something more I could clarify.
I receive many questions, so I assume that a lot of things are unclear, I will create a FAQ page and some illustrations 🙂