00 Votes

Cheat Secure Voting

Question by Compi | 2012-08-05 at 22:40

I just realized a voting for a website and I am making some thoughts about it. Of course, in the first place, I would like to make sure, that the voting is secure against cheaters and fraudsters, namely: nobody should be able to vote twice, three times or even more!

Are there ways to implement that relatively easy?

ReplyPositiveNegativeDateVotes
1Best Answer1 Vote

To put it short: This possibility does not exist! At the very least not to 100 percent! What is there, are certain approaches making it difficult to vote multiply, but not preventing it.

If you implement a simple vote without any protection mechanism, you can easily click several times in succession on the voting and influence the outcome completely.

The simplest way to protect the voting, stores the IP address of the click. So, you can not just click consecutively. Inexperienced users will probably fail at this hurdle. But experienced users may re-connect to the Internet, use a different computer or a smartphone or vote through a proxy server, and already, they have a different IP address and can cast another vote. With this, the concept with the IP address is being exhausted.

Another concept stores a cookie on the computer of the voters. Thus, the requesting IP address does not matter any more. Even after a new dial, the computer is recognized. However, that does not protect against that someone could come up with the idea to delete the cookies. Because then he is free to vote again.

These are the two simplest concepts. Other approaches use a protected area in which users can vote only if they are also logged in and registered. So, you can for save for each registered user, if this user has already voted or not. Similarly, it works with mail addresses, which must be lodged (but who does that only for a simple poll?).

Yet there is also the same problem: Someone could log in multiple times or use multiple email addresses, even if the hurdle is much higher than the IP address hurdle here. Last, one could even go so far, to allow only users to vote, which have written in a forum a certain number of posts. Of course, again, it is possible, that some users register more than for one time, posting multiple posts per user to vote more than once - but the hurdle is very high and no one is signing up 100 times and writing 1000 posts to fake 100 votes.

As I said, these are some of the approaches and all of them can be faked somehow. Therefore, you never get a wholly safety.
2012-08-07 at 08:44

ReplyPositive Negative
00 Votes

Another problem with the IP-bases solution is, that under circumstances, several people are coming with the same IP (proxy server) and therefore, it may hapen, that those users are rejected, althought they should be able to vote.

Indeed, this should happen rarely, but it would be conceivable, and therefore should be considered.
2012-08-09 at 09:16

ReplyPositive Negative
00 Votes

Another idea: Session variables in which it is stored, whether the current user has already voted. Again, also here you can restart the browser or you can work with multiple browsers, but at least you prevent scripts and bots, which then should get always the same session.
2012-08-10 at 10:34

ReplyPositive Negative
Reply

Related Topics

The Secure Password

Info | 0 Comments

What is the best Operating System?

Open Voting | 7 Comments

Important Note

Please note: The contributions published on askingbox.com are contributions of users and should not substitute professional advice. They are not verified by independents and do not necessarily reflect the opinion of askingbox.com. Learn more.

Participate

Ask your own question or write your own article on askingbox.com. That’s how it’s done.