开发者

Best method to prevent gaming with anonymous voting

I am about to write a voting method for my site. I want a method to stop people voting for the same thing twice. So far my thoughts have been:

  • Drop a cookie once the 开发者_运维问答vote is complete (susceptible to multi browser gaming)
  • Log IP address per vote (this will fail in proxy / corporate environments)
  • Force logins

My site is not account based as such, although it aggregates Twitter data, so there is scope for using Twitter OAuth as a means of identification.

What existing systems exist and how do they do this?


The best thing would be to disallow anonymous voting. If the user is forced to log in you can save the userid with each vote and make sure that he/she only votes once.

The cookie approach is very fragile since cookies can be deleted easily. The IP address approach has the shortcoming you yourself describe.


One step towards a user auth system but not all of the complications:

Get the user to enter their email address and confirm their vote, you would not eradicate gaming but you would make it harder for gamers to register another email address and then vote etc.

Might be worth the extra step.

Let us know what you end up going for.


If you want to go with cookies after all, use an evercookie.

evercookie is a javascript API available that produces extremely persistent cookies in a browser. Its goal is to identify a client even after they've removed standard cookies, Flash cookies (Local Shared Objects or LSOs), and others.

evercookie accomplishes this by storing the cookie data in several types of storage mechanisms that are available on the local browser. Additionally, if evercookie has found the user has removed any of the types of cookies in question, it recreates them using each mechanism available.

Multi-browser cheating won't be affected, of course.


What type of gaming do you want to protect yourself against? Someone creating a couple of bots and bombing you with thousands (millions) of requests? Or someone with no better things to do and try to make 10-20 votes?

Yes, I know: both - but which one is your main concern in here?

Using CAPTCHA together with email based voting (send a link to the email to validate the vote) might work well against bots. But a human can more or less easily exploit the email system (as I comment in one answer and post here again)

I own a custom domain and I can have any email I want within it.

Another example: if your email is myuser*@gmail.com*, you could use "myuser+1@gmail.com" myuser+2@gmail.com, etc (the plus sign and the text after it are ignored and it is delivered to your account). You can also include dots in your username (my.user@gmail.com). (This only works on gmail addresses!)

To protect against humans, I don't know ever-cookie but it might be a good choice. Using OAuth integrated with twitter, FB and other networks might also work well.

Also, remember: requiring emails for someone to vote will scare many people off! You will get many less votes!

Another option is to limit the number of votes your system accepts from each ip per minute (or hour or anything else). To protect against distributed attacks, limit the total number of votes your system accepts within a timeframe.


Different approach, just to provide an alternative:

Assuming most people know how to behave or just can't be bothered to misbehave, just retroactively clean the votes. This would also keep voting unobtrusive for the voters.

So, set cookies, log every vote and afterwards (or on a time interval?) go through the results and remove duplicates based on the cookie values, IP/UserAgent combinations etc.

I'd assume that not actively blocking multiple votes from same person keeps the usage of highly technical circumvention methods to a minimum and the results are easy to clean.

As a down side, you can't probably show the actual vote counts live on the user interface, or eyebrows will be raised when bunch of votes just happen to go missing.


Although I probably wouldn't do this myself, but look at these cookies, they are pretty hard to get rid of:

http://samy.pl/evercookie/

A different way that I had to approach this problem and fight voting fraud, was to require an email address, then a person could still vote, but the votes wouldn't count until they clicked on a link in the email. This was easier than full on registration, but was still very effective in eliminating most of the fraudulent votes.


If you don't want force users to log, consider this evercookie, but force java script to enable logging!

This evercookie is trivial to block because it is java script based. The attacker would not likely use browser, with curl he could generate tousends of requests. Hovewer such tools have usually poor javascript support.

Mail is even easier to cheat. When you run your own server, you can accept all email addresses, so you will have practically unlimited pool of addresses to use.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜