They don't have to be strictly unique per user. You can send out different sets of URLs to different cohorts of users, then correlate new URL blockings with client IDs to detect rogue app installations and excommunicate them. Telegram did that when Russia tried (unsuccessfully) block it.
Given this is an app for tacical voting over a 2 day period (which has now passed) all the adversary needs to do is block it for a couple of days. Dns blocking cloudflare for 2 days would pretty much stop this in it's tracks.
(You are right about not requiring completely unique urls per user by the way).
No, it (again) doesn't work like this at all. 1) DNS blocking of cloudflare is useless, you can receive IPs, or names in non-cloudflare zones, 2) IP blocking of the whole cloudflare will bring so much collateral damage (unrelated services going down) that it's a non-starter, politically speaking, 3) cloudflare is far from the only mass frontend / cdn available, there are hundreds high-collateral services out there.
Sorry I misunderstood the fact that you were talking about sending IPs and not randomly generated dns name from cloudflare. My question was does this app use use a custom protocal, and I'd define a pseudo random IP provider over push notifications to be a cudtom prptovol.
This is a nation state suppressing information, I don't see why wholesale blocking services like cloudflare or any of the other possible options would be a non-starter, given it only needs to last for a weekend. There also doesn't appear to be any evidence that this app uses any of these techniques either as far as ive sedn.
