Website precautions against vote cheating

A place to discuss the science of computers and programs, from algorithms to computability.

Formal proofs preferred.

Moderators: phlip, Moderators General, Prelates

User avatar
Chromana
Posts: 77
Joined: Wed Aug 29, 2007 10:45 pm UTC

Website precautions against vote cheating

Postby Chromana » Mon Jul 23, 2012 8:00 pm UTC

Hi all.
I want to make a website where anyone can vote on a certain topic (I won't go into what it actually is). I don't want users to have to create accounts as that is always so annoying.
What precautions could/should I take to ensure the least amount of hacking/cheating on the results? I would be making it in PHP and JavaScript (as opposed to Flash).
Thing I've come up with:
  • Set up cookies and HTML5 web storage on user's computer
  • Store IPs in MySQL
  • CAPTCHA
  • Require email addresses and then they need to click a link which is emailed to them
  • Randomising the position of elements on the page and randomising the IDs and classes of elements

Anyone have any other ideas?

Obviously it's impossible to completely stop cheating in these sorts of things but I'd like to try my best!
Thanks!

Carnildo
Posts: 2023
Joined: Fri Jul 18, 2008 8:43 am UTC

Re: Website precautions against vote cheating

Postby Carnildo » Tue Jul 24, 2012 5:05 am UTC

Chromana wrote:Hi all.
I want to make a website where anyone can vote on a certain topic (I won't go into what it actually is). I don't want users to have to create accounts as that is always so annoying.
What precautions could/should I take to ensure the least amount of hacking/cheating on the results?

What sort of cheating are you worried about? Casual double-voting (the guy who votes, then clicks "back" and votes again), or organized ballot-stuffing efforts (people who use computer programs, open proxies, and other tools to automate the ballot-stuffing process)? What tradeoff between preventing attacks and discouraging honest voters are you willing to make?


Set up cookies and HTML5 web storage on user's computer

This will greatly reduce casual attacks (you need a separate browser/computer to vote again), but will do nothing to stop dedicated attacks. It will have no effect on honest voters.

Store IPs in MySQL

This will slow dedicated attacks and almost totally stop casual attacks, but will also prevent honest voters behind proxies/NAT from voting.

CAPTCHA

This will slow dedicated attacks, while having less of an impact on casual attacks (answering a CAPTCHA twice is no big deal, answering it a thousand times is). It will also annoy honest voters and prevent some of them from voting.

Require email addresses and then they need to click a link which is emailed to them

This will do nothing to stop dedicated attacks, but will greatly discourage casual attacks. It will also greatly discourage honest voters.

Randomising the position of elements on the page and randomising the IDs and classes of elements

This will slow dedicated attacks until they figure out where you're storing the ID mappings. It will do nothing to stop casual attacks. It may cause problems for honest voters using screen-readers or other assistive devices if implemented poorly.


Return to “Computer Science”

Who is online

Users browsing this forum: No registered users and 5 guests