14

What techniques are there to prevent ballot stuffing in online polls while allowing anonymous users to vote?

14

First of all, make sure that your voting application is immune to cross-site request forgery.

Next, mark in each vote the information you know about the user (IP, user agent string, time of vote, permanent cookie, optional email address, email confirmation link clicked, etc: a signature) and then compute several vote totals. Use statistical analysis to figure out if a user is stuffing the ballot box. Show those people who appear to be stuffing the ballot box the total that they would expect if their actions are successful.

It's probably worth it to use permanent and session cookies to block users from voting more than once. If, for example, you detect a single signature (or partial signature) voting more than once (and clearing it's cookies each time), let that signature (or partial) think that its votes are counting. This may prevent the attacker from attempting to create a more sophisticated attack.

Obviously, this doesn't stop attackers, but if you have diverted the attacks to those you can anticipate and you can show something close to one-user-one-vote results to anyone who is not an attacker, you're doing pretty well.

7

Not many good ones. You could filter out duplicate voters by IP address, but then you limit multiple voters from within one organization who appear to be coming from the same IP address to the outside world.

You could also try cookies, but anyone who's determined enough can still cheat.

5

First, you have cookies. If all you're doing is checking for their presence, that can be circumvented by someone deleting them and appearing like a new user.

Here's a thought. All visitors get a cookie. Whether they vote or no. If they have a cookie, they've been here before, THEN they get to vote. After they vote, you change their cookie.

If they don't have a cookie, this is their first visit. Make them go to some form and fill in a field or click a checkbox or something before you give them a cookie so they can vote.

If there's always a cookie, simply deleting it won't let you post a new vote. If the cookie has IP address and timestamp stuff, they can't easily copy it, either.

Be sure that your initial "I accept" form (or whatever you use) has button and field names generated randomly, so that someone can't simply save the HTML and use it in a loop that repeats a POST request. They have to get your silly form, parse it, and respond sensibly to get their cookie so they can vote.

Also, include a timestamp as one of the field names in the form. If they can't respond in a few minutes report a "we're having difficulties". A person can do a "back" and try again. A piece of software will be slowed down until someone writes that exception handler.

Second, you have Captchas. Annoying, but, they allow you to detect human beings most of the time. They can be circumvented, too, but how important is your poll, really?

You don't have to captcha everyone. Use the IP address, the screen resolution, the time zone -- any of that HTTP header stuff that comes back with a request. Use one or two elements in addition to the cookie. Any changes in screen size or time zone or whatever, and you may be dealing with a robot and want to insert a captcha into the workflow.

4

The most obvious methods are cookies, which can be defeated, and IP tracking, which requires tracking on the server side who has voted and disallowing duplicates. Unfortunately, IP tracking is not perfect either, since some ISPs force all web traffic through proxies.

2

Echoing the IP address answer, maybe add in a limit of one vote per hour per IP address.

It depends on how popular your poll is going to be in terms of number of people and where they're coming from.

1

Cookies is another method, but also not fail proof as people can use multiple computers. If it's really important, require registration and limit each user to one vote (which again isn't foolproof since emails are a dime a thousand).

1

You could limit the responses to one per IP, but then you'll be blocking people behind NAT. Really there is no good way. Cookies could be cleared and just about anything else that would work would require a browser extension of some sort that would be browser-specific.

1

Here's a starting point for browser finger printing.

http://www.tgdaily.com/security-features/49802-browsers-leave-fingerprints-that-identify-users

0

Logging IP addresses or setting a cookie. But that won't stop people with the will/means to get other IP address or delete cookies.

0

There is no way to prevent ballot stuffing in a fully-online poll. There are ways to make it harder, though. Cookies will be cleared by most anyone smart enough to try ballot stuffing to begin with, but they may still stop a few people, so they're worth using. Also, requiring a valid email address and sending a confirmation link to it. Someone can still register hundreds of addresses on free email sites, though, and so in order to help combat that, you can set a random time delay of several hours before the confirmation email is sent. This may stop some people, as it makes it somewhat more difficult to keep track of all the fake email accounts they registered and have to log back into in order to complete the voting process.

0

Log IP addresses and require a CAPTCHA for multiple votes at any single IP. Limit one vote every five minutes. This makes ballot stuffing possible, but very time consuming.

0

Related question I asked: Implementing a voting system without requiring registration

0

I am running an anonymous voting contest. We are using cookies as the sole deterrant from multiple voting, but tracking IP addresses and looking for suspiciously high #s of votes from the same IP. Is there any way to PROVE that someone is cheating by IP rotation?