tags:

views:

81

answers:

3
+1  Q: 

Counting anonymous votes accurately

I'm building a small application that highly depends on anonymous user voting on some sort of items. It's so small that requiring registration would be tedious and could not be justified.

Anyway, I did some research on this, including a search here on stackoverflow (http://stackoverflow.com/search?q=anonymous+votes), and doesn't seem that there's a satisfying answer.

My question is: are there any security measures that I can apply to prevent gaming anonymous votes?

One thing comes to mind is CAPTCHA, but I'd like to avoid that since users will vote on multiple items in a very short period of time, and CAPTCHAs will just annoy them.

Another thing I thought of is limiting the number of votes per minutes from a single IP (in addition to a cookie), but not sure how this is going to work.

Any thoughts?

A: 

You can use the CAPTCHA once to both confirm the vote and create a session with the IP and cookie.

CookieOfFortune  2010-02-12 03:36:17
I might just do that, and verify again every time the cookie is deleted or expired. Thanks. :D
KeyStroke  2010-02-13 11:07:39
+1  A: 

There are a few ways I've seen work:

  • Email registration : you get their email, they need to confirm their vote. The combination of their IP + email makes a unique record that they can't then use to vote again (for the same poll).
  • Captcha : without having additional checks (IP, etc), it's easy enough for a team of monkeys to successfully enter a lot of captchas.
  • Site Registration : without account creation level limits (e.g. a non-free email account required for signing up) people can just create multiple accounts.

Depending on how you weigh up the cost of getting users to vote vs making sure their votes are for them and them alone, you can use a different level of vote-spam-protection.

glasnt  2010-02-12 03:37:58
A: 

Any time you are dealing with anonymous voting you are going to have an imperfect solution but you can shoot for "pretty good". Consider dropping a cookie on the client computer to prevent multiple/frequent voting and back this up by performing server side IP tracking to do the same. Do not allow anyone to vote that has cookies blocked.

Of course, if you require complete accuracy or if the voting involves awarding of something of monetary value, registration is really the way to go.

James Conigliaro  2010-02-12 03:42:49
The cookies solution is imperfect because, rather than blocking cookies entirely, people could just delete the cookie, right?
MatrixFrog  2010-02-12 03:57:00

related questions

1 vs 1 vote: calculate ratings (Flickchart.com)
Voting Functionality Ruby on Rails - Easy Question
Programmatically using Outlook "voting" functionality
Help with jQuery voting system. Trouble updating html vote count.
Django Vote Up/Down method
Best way to implement voting in a Rails application?
Products Ranking
A Ranking algorithm
Secure voting
Practical applications of homomorphic encryption algorithms?
Simplest possible voting/synchronization algorithm
Framework or library for creating user based rating systems such as in Digg, Reddit etc?
selecting and displaying ranked items and a user's votes, a la reddit, digg, et al
How to implement ajax voting application using the Grails Framework?
Best practice for comment voting database structure
Voting system/engine for customers?
e-democracy: web based voting software
When creating a social voting system, should you keep track of downvotes and upvotes separately in the DB?
Stopping users voting multiple times on a website
How to ban or remove unruly or abusive SO cit.
Stack Overflow / reddit voting system in php
Is there a free web service for up/down voting ideas?
Why aren't voting machines open source?
How can I apply mathematical function to MySQL query?
SQL: Counting unique votes with a rolling votes-per-hour limit