Preventing multiple daily votes in a contest
https://stackoverflow.com/questions/1117590
-
12-09-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
Voting contests seem to gain a lot of attention from people who want to game a system for fun. I know I spend a good amount of time fooling around with their forms and URLs, deleting cookies and writing the occasional crappy script.
Is there a way to create a foolproof voting system that only allows one vote a day? Is Captcha the only effective way of deterring automated voting? How have you gone about solving this problem? Some of my thoughts on solutions are to track IPs or require an email, but even these seem like they're easily circumvented.
Solution
A: Associate each vote with an ip. Automated proxy-based voting is non-trivial. Getting 10-20 votes per day this way is easy, though. And getting 1000s of independent ip addresses for voting is harder (though doable through commercial anonymizer services).
B: Use ReCaptcha.
C: Do not display up to date results. It should not be easy for people to determine if their vote did anything.
OTHER TIPS
Making a just for fun voting system foolproof would most likely necessarily spoil it. My advice is simply not to provide an accurate feedback channel! If you provide feedback on the acceptance of a vote - show intermediate totals WITH duplicates so that people think their extra votes are counting.
With this method people don't think they need to resort to additional creativity to submit additional votes.
There is no simple way that will completely stop people from voting multiple times a day if they really want to.
Captcha are only useful for stopping bots. A human at a computer will simply go through (as it should).
Cookies can be easily deleted by people with a minimum of knowledge.
Tracking IPs is probably the most efficient way to slow people down, but possibly the hardest to implement. It too can be circumvented by someone who knows how to change his IP address.
In the end, all you can really do is make the task of messing with your poll result as difficult as possible.
I'm not sure Captchas are good enough anymore. Didn't 4chan circumvent Recaptcha and other spam prevention methods for the NYT Top People pole?
