Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
Ask HN: Can you make a voting/rating system without logins?
19 points by barmstrong on Oct 31, 2009 | hide | past | favorite | 38 comments
Posterous has done well eliminating the login hurdle.

Has anyone been able to do this for a voting/rating site?

I've been thinking about this for my site BuyersVote.com. I let people do some actions (like start a new category) without logging in, but rating I haven't figured out how to avoid abuse without logins. Offering logins with OpenID (and rpxnow.com) reduces the hurdle significantly since people don't have to create a new account, they can use an existing one, but it's a hurdle none the less. Thanks for any tips!



OK, I'll bite and say it...

...no you can't make a credible voting or rating system without a login.

It's too easy to game the system to create repeat votes via cookie burning, ip rotation, etc (see the other responses).

Forcing someone to be logged in and then only allowing one vote per poll helps keep all but the most persistent griefers.

To that end, be aware account creation can be automated and unlimited unique email addresses created from one domain.

However, the difference between gaming the system by creating lots of fake accounts and gaming the system via cookie destroying/IP rotation is that the former is easy noticed within your system - assuming you have built such checks in place. It's also lets you easily remove the offending over-votes to restore calm to your survey/poll/etc.


polldaddy and sodahead both allow voting without logins. i think it's a probability game. yes, occasionally you get someone going overboard to cheat, but you make up for it in non-annoyed one time spontaneous voters.


You can use a fingerprint which consist of geolocation and Useragent. If you use javascript you can enhance the fingerprint with further data like screen resolution etc. It's not perfect, since some computers might generate the same fingerprint, e.g. corporate networks where everyone uses the same system, but then again, they are also using the same IP.

The fingerprint does not eliminate every attempt of cheating, but the method does not rely on cookies and just changing your ip-adress by reconnecting is also not helping, because you use the geolocation and not the IP. TOR, or just changing Proxies would still work, as well as using different browsers.

Another method I can think of are flash cookies. Most users don't know about them. Let users vote as often as they like, but only count them once. In order to make sure they believe their votes count you can display the result personally for them and include their additional votes, so they won't go looking, how they are recognized.

And if a user does not know about flashcookies it's pretty much impossible to cheat the system - and the flashcookie remains the same regardless of the browser you use.


"TOR, or just changing Proxies would still work" it's worth noting that from TOR, you are hitting their site from some exit node - which may very well repeat


At http://tagdef.com I let users both add content and vote without login in. It uses IP-addresses for keeping track of votes.

This has all the flaws that other people here have pointed out (multiple users behind same IP etc), but I feel that the advantage of being easy to use is greater than these disadvantages. It serves it main purpose (most of the time), of putting good content on top (see e.g. http://tagdef.com/ff) and hiding bad content.


Yep it might be worth the tradeoff. Or incorporate the fingerprint mentioned above, to mitigate the IP problem.


Sure, but at some level you're going to have to limit on IP, which means that people behind proxies or NAT are going to (unfairly) not have their votes counted.


I've found openID to be far more painful. I decided that I just can't risk making my Google account more powerful in case it gets suspended (for whatever reason, valid or not). So, what a pain to research how to make it work, what implications there will be, etc. I was very excited to try Stack Overflow's software, but it requires an openID and I just haven't gotten around to deciding what to do.


This is easy to fix, just make your OpenID your own domain, or a subdomain of it (http://id.example.com/). The OpenID standard lets your delegate to your provider of choice with a couple of link tags. If it gets shut down or you find a better one, just switch. The websites you authenticate to won't care.


In addition to the things people have already mentioned, I'd suggest combining all of them, and more, into a credibility score. If your application doesn't involve a strict tallying/reporting of votes, they you can use the score to do weighting, otherwise, you'd use it to discard votes below a certain threshold.

For the JavaScript fingerprinting, I wonder if there are ways to probe for bugs that characterize different browser versions both for a richer fingerprint and to detect spoofing of the useragent.

Other things that can fit into a credibility score: B computational JavaScript payload to impose more costs on automated abusers. Elapsed time between when the voting form was returned, and when the vote was submitted.

On the IP front, keep in mind the ability to correlate not just IP, but also netblock.


An example of a site that doesn't require you to login to vote that's widely used is PollDaddy.

Sadly, it's extremely easy to game it. See http://news.ycombinator.com/item?id=913966


Allow people to vote as many times as they want (allow them to click as many times). Normalize voting patterns based on items of known qualities, and account for the fact that people know you'll do this. Then let people click as many times as they want and you just might get accurate results if done right.

Btw, I have not tested this. Use this at your own risk.


This seems like a confusing user experience. Even users who weren't trying to game the system would see they could click it as many times as they want and might try.


I guess the idea is to account for the people who will try to game the system. Hey, it may not be a good idea, but it's unique right?

At least theoretically speaking, if we can model and predict human behavior, then the best way to do it is to let humans behave as naturally as possible, and model a rating system based on that behavior.


I guess the idea is to account for the people who will try to game the system. Hey, it may not be a good idea, but it's unique right?


Do you do anything extra to verify an OpenID account? It's probably easy to set up a bunch of domains with fake openid servers, so I would expect that to be susceptible to abuse too unless you have some extra step to make sure the voter is human.


Don't have anything in place right now, that is a good point.


I've seen voting tools that apparently track by IP address. Not infallible, but maybe no worse than using a unique account name, since accounts are typically easy to acquire (unless you are track them by IP address as well :) )


yeah but at least this requires work. at least you're putting the barrier up of having to login over and over. if you do detect login abuse voting, you simply ban the IP and throw up a message saying "you've been banned for..." my experience is that fake account voting is way way less frequent than double IP voting.


i've done this on Pikk, what i do is set a cookie as an identifier and then without login, forbid double ip-addressed based voting. upon login, if there is a cookie set, i go and harvest the votes and convert them to the logged in user. so the table Votes has a user id and a cookie user id. hope this helps. check out www.pikk.com and let me know if this is what you mean.


Actually, this is very easily gamed:

1. Fire up Chromium in incognito, and once you've voted once, just close it again and open it again to vote once more. Rinse and repeat.

2. The ip choice is smart, but there are ways to get a dynamic ip every [insert time interval].

One could perfect this to an art really. Get your ip to start changing, have Chromium open on a hotkey, use ctrl+shift+n to go incognito (or just have it auto-load in incognito), have the poll set as your homepage. You can clock alot of votes this way.

Logins are best.


This reminds me of a story.

A couple years ago, some university friends and I went to an engineering competition in Ontario. It was an event spread over four or five days, and on the last night a dance was held. This information was given to the participants a couple of weeks in advance.

The DJ for the dance had set up a website to allow people to request songs from off of a giant list. Each person got five or six "votes", and the system stopped them from voting any more after that. It was a cookie-based system. (It didn't bother with IP stuff).

One of my friends ended up using the macro system on his Macbook to vote for the song he wanted until he ran out of votes, delete his cookies, refresh the page, and repeat. He ran this macro overnight for a couple of days.

By the time we got to the competition, "Never Going to Give You Up" had three or four thousand votes. There were about two hundred people attending.


One could perfect this to an art really. Get your ip to start changing, have Chromium open on a hotkey, use ctrl+shift+n to go incognito (or just have it auto-load in incognito), have the poll set as your homepage. You can clock alot of votes this way.

If someone's willing to go to that far of an extreme to game a vote, I don't think a login system would do much to stop them either. You can just as easily create new accounts with the new IP and a fake email address.


Your're correct that it could be gamed with multiple email addresses as well. It would just take a little longer. Going to click a confirmation link, a captcha, etc.


Exactly.


Not really.

The difference is that with a login method, it takes significantly more effort and time. This is pretty straightforward once you have it setup.


How does one consistently get a new IP in [time interval smaller than creating a login takes]?


In some countries it is normal to get a new IP each time your router re-connects or even every 24 hours.


to me, the point at which someone is willing to invest the effort to do this is the point at which you're popular enough to be able to shut down voting without logging in, but you're absolutely right, this is a vulnerability.


Pikk is a slightly offensive word in Norwegian: http://translate.google.com/translate?js=y&prev=_t&h...


yeah i've heard this, i thought it was finnish, but maybe it's the same language? i'm not planning on doing much PR in norway :-)


Pretty cool, definitely step in the right direction.

Is there ever a situation where a bunch of legitimate users have the same IP? I'm thinking at a university maybe, corporate firewall, or AOL?

Even so this compromise might be worth it to remove the login hurdle.

If you become Digg or something and people start actively trying to get around it, do you think this would be about as secure as logins? Could be a high quality problem to have.


that is a drawback, but all you have to do is create a login and the problem is solved. it's a compromise for sure but the problem is, one bad apple ruins the whole system, and as soon as you launch, one bad apple will come along and vote 20 times on a story by clearing their cookies. so, for me, 1 vote per IP for cookie based login or ignore IP for logins has worked out well for me. i haven't officially launched the site yet, and when i do, i am actually leaning toward requiring logins but i'll play that by ear.


The dorm I live in is behind a NAT, so we all have a shared IP.


Interesting site, but just a friendly word of warning: Pik (with one k) is the Danish word for 'cock', in the porn sense.


Does pikmin mean anything?


The site is in English, right, so I am not sure why this matters?


It matters if they would like users from Norway.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: