Answer the question
In order to leave comments, you need to log in
An algorithm for a reliable voting system that excludes cheating?
Greetings to the creators of the future of our planet, readers and activists of Habr!
Our project is based on voting. The result of the voting is the main indicator of the project, which should inspire confidence in us among our users. The result of studying popular schemes for excluding "cheating" votes:
Scheme No. 1:
One ip-address - One vote.
"Pros":
- Does not require registration;
"Cons":
- Not very reliable in the exclusion of "cheat".
Scheme No. 2:
Registration on the site through confirmation of the user's email address.
"Pros":
-Does not raise suspicions that the site is fraudulent;
"Cons":
- "Cheat" is possible when registering multiple accounts on the site through the creation of multiple emails.
Scheme No. 3:
Getting the opportunity to vote after any Positive activity approved by members of the site community (Used on Habré).
"Pros":
— Efficiency of an exception of "cheating" maximum;
"Cons":
- The impossibility of voting for ordinary registered readers of the site for Publications (For us, this is important).
Scheme No. 4 (used by us):
Registration on the site through mobile phone confirmation by sending a confirmation code via SMS.
"Pros":
— Efficiency of exclusion of "cheating" is close to the maximum;
- Honesty to users for the result of voting is close to the maximum;
"Minuses":
- 90% of users are suspicious of new sites that ask for their mobile phone number when registering.
Actually the question itself:
Advise the most convenient for users and the most reliable option to exclude the possibility of "cheating" the vote. We will also consider commercial solutions to this issue (Please send to PM).
Answer the question
In order to leave comments, you need to log in
There are no votes that exclude cheating (a good example is the elections in our country).
The only thing that needs to be done is to put up protection against cheating, bypassing which is not cost-effective in case of a win.
No matter how hard you try, you most likely won’t get a trust for SMS ... I have several projects with protection specifically for SMS authorization.
Example 1:
We have an application that asks for a phone number for authorization.
Only 30% enter their phone number at all. Of these 30%, many leave reviews like “I was afraid to enter the number. I did not believe that the money will not be withdrawn! But I was afraid in vain!
After hundreds of positive reviews, we get one review from a competitor: “Scammers! After entering the number, xxx rubles were taken from me!
Despite the fact that we have hundreds of positives and only 1% of negatives, people are panicking and asking the support service to urgently remove their number from the project!
Example 2:
Trust project. 7 years on the market. After entering SMS, the number of registrations fell 3 times.
After that, services appeared that would “accept” SMS for activation on the site. There are dozens of such services. It will not be difficult to wind up even thousands of votes if it is profitable.
To choose a method, you need to start from the possibilities. And don't focus on one. Combine 2-3 and it will be a more or less secure option. Take oAuth+ip+karma for example. Don't tell users how votes are counted at all. The weight of the voice depends on karma. ip for tracking cheating ...
If SMS is free and the site inspires respect (for example, remember voting for the metro scheme), no one will have suspicions. IMHO if the project is kosher, then it is most convenient. And yes, no registration is needed: I went in - confirmed - voted. Well, or registration as usual, and voting by SMS.
The problem is in user registration, which is either easy but unreliable, or reliable but difficult.
Cooler than already proposed, only registration 'by passport'.
You can use the databases of those who are already involved in this, for example, webmoney (certificates are higher than formal), but it is clear that not everyone has webmoney registration, especially informal.
Also, if I understand everything correctly, you can make a direct acceptance of visa / mastercard cards, the amount of the initial investment is decent, but the identification will be good, there may be intermediaries who will provide such identification.
You can use the same mechanism as webmoney - require the user to send a minimum payment in the contact system (from 50r but they have the best coverage with offices in the country), it will be possible to get information about who sent it - passport data.
At one time, a similar issue was resolved. Unfortunately, the only working option that was found is SMS.
If the site inspires confidence, then this should not be a problem.
The price is 10-20 kopecks apiece with a large wholesale, which is not ruinous for a serious site (you will give more to the programmer for creating a poll).
If competitors start “ddosing”, then yes, this is problematic, this problem was solved more simply - if the phone number fell under suspicion - they said that free registration was unrealistic for it and offered a paid one, at the expense of the user at a price of a couple of rubles ...
After the first vote - send SMS immediately with a permanent access code for voting, so as not to send SMS to the same number 10 times and / or offer full registration.
1. Use HASH-CRAM to get a vote when you click "Vote".
2. Register all votes.
3. Show cheat on the vote counter.
4. With the resulting calculation, discard the twisted ones and block the IP (and hidden!): I do not disclose the scheme here.
THANK YOU to Google for the tips!
Why not vote through the State Services? One account, one vote. Do not re-register.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question