Prevent double voting
Asked Answered
C

4

7

I'm creating a web application where users will vote for some candidates by clicking thumbs up or thumbs down, and these users won't have any account on the site.

What is the best technique to use? Is it necessary to use captcha for more protection from spam?

Vote counts are expected to be millions, and the subject is not very critical as long as I get 95% accuracy that would be fine. Thanks.

Clutch answered 22/1, 2012 at 16:23 Comment(7)
Not very critical? 95% accuracy is already huge.Handiness
add a cookie. or store ip addresses if you're really afraid.Ilysa
Your best option here would be to set a long-lasting cookie indicating that the user has previously voted. There will always be a way to cheat the system though - especially if you are not saving/tracking user accounts.Earnestineearnings
Careful with ip addresses, because houses with roomates on one router will get errors. Cookies would be better than IP addresses, however those can still be deleted and then you poll can be gamed.Gibbsite
my question is, "for voting, do I have to login?" If NO, cookie won't help... what info are you going to store?? From one machine, many people can vote... so IP address won't make HUGE difference...Harveyharvie
possible duplicate of Hunting cheaters in a voting competition - there are certainly other duplicates, but your question isn't too specific eitherHennery
here you can also have some more variables that make a computer unique: panopticlick.eff.orgFine
A
6

You can combine these two methods:

  • Add a cookie to prevent multiple votes from the same machine
  • Log IP addresses and prevent voting more than a set number of times from the same address (for example, 5 times the same hour).

This will make it possible for multiple persons to vote from the same network but still prevent excessive cheating.

You may also make it harder to build a voting bot by adding some hidden form field with a token that must be included in the vote, and/or use Ajax for the voting. I know it's relatively easy to build a bot anyway but most cheaters aren't that smart.

Amphiarthrosis answered 22/1, 2012 at 16:32 Comment(0)
N
1

Cookies and Session Ids will help, although both can be lost when the browser is closed (if the user has it enabled to delete them). Still, they will give you some degree of accuracy (ex. the lazy voters won't bother to close and reopen their browsers).

Using IP Addresses would also work, but as @Michael Dillon said people on the same IP address (same router) will not be able to vote.

Nike answered 22/1, 2012 at 16:31 Comment(0)
I
1

You have several options, some or all of which you can use.

You can record IP and then check against IP, but then this isn't indicative of a specific person just a computer and sometimes not just a single computer.

You can also write a cookie to a user's browser but a user can use a different browser, machine etc.

Within a user's session you could create a session variable, although if you are expecting very high traffic this may not be the best option, and also only prevents re-voting within the same session.

If you are contemplating a captcha, you may as well ask the user to supply an email address and then you are assured of at least one vote per email address. However, even then you cannot be guaranteed valid email addresses.

Interventionist answered 22/1, 2012 at 16:31 Comment(0)
R
1

You can ask their phone numbers when they want to vote and send to them one time password and use that as verification. Some my also vote from another numbers but i think this is the most accurate way.

Rosalba answered 9/6, 2020 at 12:3 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.