Stopping users from voting twice

I have a simple voting page using php and mysql and wonder how I can
prevent users from voting twice.

Here are three ways:

1. IP locking or IP locking with a time limit
The same IP address can not vote twice, or not vote twice within the
time limit.

2. Cookies, weak version.
If the user has cookies turned on they can only vote once. The cookie
may be stored on the server and last till the browser is closed, or on
the client and last till the user deletes it.
If the user has cookies turned off they can vote as many times as they
like.

3. Cookies, strong version
If the user has cookies turned on a cookie (session variable) is
stored on the server and last till the browser is closed.
If the user has cookies turned off they are told to turn it on for at
least the present site.

I exclude any options that uses usernames and/or passwords as that
would be too cumbersome for most users.

Disadvantages with each method:

1. Users behind a proxy have the same IP address. This means that if
one has cast a vote, the others can't or have to wait a certain time
to do so.

2. This allows repeated voting too easily.

3. People may decide not too vote as they do not want to take the time
to turn cookies on for the present site, or are generally sceptical
about cookies at all. They may vote again when they reopen the
browser.

Personally I like best method 3, but post my thoughts here to hear
your ideas.

Are there other ways than the 3 listed? Which one do you like the
best? Why?

Regards,

Jan Nordgreen

Re: Stopping users from voting twice

"damezumari" wrote in message
news:1195022167.572184.284420@k79g2000hse.googlegroups.com.. .

[voting]

Voting implies, as a result, statistics and statistics, particularly
obtained via or about the web, are at best meaningless.

> 3. People may decide not too vote as they do not want to take the time
> to turn cookies on for the present site, or are generally sceptical
> about cookies at all. They may vote again when they reopen the
> browser.
>
> Personally I like best method 3, but post my thoughts here to hear
> your ideas.

If a site tells me to turn on cookies/flash/java/whatever I leave
immediately.

--
Richard.

Re: Stopping users from voting twice

damezumari wrote:
> I have a simple voting page using php and mysql and wonder how I can
> prevent users from voting twice.

Hi Jan,

>
> Here are three ways:
>
> 1. IP locking or IP locking with a time limit
> The same IP address can not vote twice, or not vote twice within the
> time limit.
>

Yes, this works a little.
But, as you describe, this might block fresh users that are behind the
same IP.

Also, this can be circumvented with IP spoofing.

If I send a vote, and fake the returnaddress in the IP package, I can
vote as many times a I like. But this is probably difficult for regular
cheaters.


> 2. Cookies, weak version.
> If the user has cookies turned on they can only vote once. The cookie
> may be stored on the server and last till the browser is closed, or on
> the client and last till the user deletes it.
> If the user has cookies turned off they can vote as many times as they
> like.

Cookie stored on the server?
I guess you mean that you remember some value set in a cookie on the
server and compare.

And yes, this is totally weak. Clearing cookies let you revote.

>
> 3. Cookies, strong version
> If the user has cookies turned on a cookie (session variable) is
> stored on the server and last till the browser is closed.
> If the user has cookies turned off they are told to turn it on for at
> least the present site.

And what protects you against:
1) vote
2) clear cookies
3) vote

????

The fact that you create a session doesn't solve the problem at all.



Bottomline:
You have no safe way of voting like this.
The only reliable way is authenticating a user, and yes, that means a
username/password.

Sorry for the bad news.
Best bet is to go with option 1 I think, but that has the disadvantages
you described already, but is harder to break than with just 'clear
cookies'.


Regards,
Erwin Moller


>
> I exclude any options that uses usernames and/or passwords as that
> would be too cumbersome for most users.
>
> Disadvantages with each method:
>
> 1. Users behind a proxy have the same IP address. This means that if
> one has cast a vote, the others can't or have to wait a certain time
> to do so.
>
> 2. This allows repeated voting too easily.
>
> 3. People may decide not too vote as they do not want to take the time
> to turn cookies on for the present site, or are generally sceptical
> about cookies at all. They may vote again when they reopen the
> browser.
>
> Personally I like best method 3, but post my thoughts here to hear
> your ideas.
>
> Are there other ways than the 3 listed? Which one do you like the
> best? Why?
>
> Regards,
>
> Jan Nordgreen
>

Re: Stopping users from voting twice

Erwin, I agree with your bottom line.

In my setting I want everybody to be able to vote.

That means that option 1 is no good. With option 3 cookies can be
deleted, but my guess is that few will go to this step as the vote is
not that important.

I have seen option 1 and 2 (amazingly enough!) in use on other web
pages, but not 3.

Regards,

Jan Nordgreen

Re: Stopping users from voting twice

damezumari wrote:
> I have a simple voting page using php and mysql and wonder how I can
> prevent users from voting twice.
>
> Here are three ways:
>
> 1. IP locking or IP locking with a time limit
> The same IP address can not vote twice, or not vote twice within the
> time limit.
>
That locks out entire networks that enforce proxy servers...

> 2. Cookies, weak version.
> If the user has cookies turned on they can only vote once. The cookie
> may be stored on the server and last till the browser is closed, or on
> the client and last till the user deletes it.
> If the user has cookies turned off they can vote as many times as they
> like.

mm.
>
> 3. Cookies, strong version
> If the user has cookies turned on a cookie (session variable) is
> stored on the server and last till the browser is closed.
> If the user has cookies turned off they are told to turn it on for at
> least the present site.
>
> I exclude any options that uses usernames and/or passwords as that
> would be too cumbersome for most users.
>
> Disadvantages with each method:
>
> 1. Users behind a proxy have the same IP address. This means that if
> one has cast a vote, the others can't or have to wait a certain time
> to do so.
>
> 2. This allows repeated voting too easily.
>
> 3. People may decide not too vote as they do not want to take the time
> to turn cookies on for the present site, or are generally sceptical
> about cookies at all. They may vote again when they reopen the
> browser.
>
> Personally I like best method 3, but post my thoughts here to hear
> your ideas.
>
> Are there other ways than the 3 listed? Which one do you like the
> best? Why?
>
> Regards,
>
> Jan Nordgreen
>

Frankly it can't be done reliably. 3 is the bet of a a bunch, but I
would never use it in any situation where accuracy was needed.

How does one cater for the person who hits every browser in an internet
cafe? or the single machine in an entire classrooom that all the kids
want to vote, using.

Re: Stopping users from voting twice

I'm interested in a solution to this kind of problem myself and the IP
address version is the one I would probably go with, although it's far
from perfect.

One other solution might be to ask users to enter their email address
and then only accept the vote once they click a link on a confirmation
email. That's very cumbersome and people may not go to the trouble of
bothering with that, depends on how important the vote is I suppose!
Even that's far from foolproof, but worth mentioning I thought.

Re: Stopping users from voting twice

"How does one cater for the person who hits every browser in an
internet
cafe? or the single machine in an entire classrooom that all the kids
want to vote, using."

The person will be able to vote several times. The same is true if he
had more than one browser on his computer.

On the single machine the kids will have to close and reopen the
browser to vote again.

Re: Stopping users from voting twice

wrote in message
news:1195044911.383993.279170@o3g2000hsb.googlegroups.com...

> I'm interested in a solution to this kind of problem myself and the IP
> address version is the one I would probably go with, although it's far
> from perfect.
>
> One other solution might be to ask users to enter their email address
> and then only accept the vote once they click a link on a confirmation
> email. That's very cumbersome and people may not go to the trouble of
> bothering with that, depends on how important the vote is I suppose!
> Even that's far from foolproof, but worth mentioning I thought.

I've worked on several survey sites before, and I can tell you - if you're
not having the users signup for it, you're results will suck.
That's why ALL of the professional survey sites demand a signup before
questions are posed.

You KNOW there are folks out there who will spend a lot of time figuring out
whatever lock-outs you have.
So if you allow anonymous votes - you'll draw them as surely as if your site
was called "HackMe.TV".

Re: Stopping users from voting twice

On Wed, 14 Nov 2007 07:36:07 +0100, damezumari
wrote:

> I have a simple voting page using php and mysql and wonder how I can
> prevent users from voting twice.
>
> Here are three ways:
>
> 1. IP locking or IP locking with a time limit
> The same IP address can not vote twice, or not vote twice within the
> time limit.
>
> 2. Cookies, weak version.
> If the user has cookies turned on they can only vote once. The cookie
> may be stored on the server and last till the browser is closed, or on
> the client and last till the user deletes it.
> If the user has cookies turned off they can vote as many times as they
> like.
>
> 3. Cookies, strong version
> If the user has cookies turned on a cookie (session variable) is
> stored on the server and last till the browser is closed.
> If the user has cookies turned off they are told to turn it on for at
> least the present site.
>
> I exclude any options that uses usernames and/or passwords as that
> would be too cumbersome for most users.
>
> Disadvantages with each method:
>
> 1. Users behind a proxy have the same IP address. This means that if
> one has cast a vote, the others can't or have to wait a certain time
> to do so.
>
> 2. This allows repeated voting too easily.
>
> 3. People may decide not too vote as they do not want to take the time
> to turn cookies on for the present site, or are generally sceptical
> about cookies at all. They may vote again when they reopen the
> browser.
>
> Personally I like best method 3, but post my thoughts here to hear
> your ideas.

As indicated earlier, there's no real way except user authentication (and
even with registration: depending on the mechanism users can register as
many times as they want..). Last time I made something like this, I
applied a mix of all three (and clearly indicated to the client what it
could and couldn't do).

1. IP-check: an IP is saved with the vote, for possible statistical
analysis later on voting habits. There was also a (small) timeout on
IP-address, votes from the same IP had to be at least 2 minutes apart.
Hardly ideal, but it catches some eager cookie deleters/clickers. And yes,
it would block some users sharing the same IP address.
2. The fact a vote was given was stored in a cookie with a lifetime untill
the end of the voting period (x days in the future). Easily deleted, but
remember: not all multiple voters deliberately try to mess up your poll,
some of them just click in every poll they see. The way this is used is
more like an indication wether to serve the voting form or the results so
far to the user (in this case both were displayed at the same location in
the page).
3. A session cookie was required for voting. People voting without a
session just got their vote discarded. My client really didn't care about
possible people not allowing cookies. Unless browser/internet use is
related to the specific poll, people not allowing cookies and people who
do probably don't vote different enough to make a fuss about it. In an
open poll on internet you're not interested in individuals, it's 'a small
indication of probable averages' at best.

--
Rik Wasmus

Re: Stopping users from voting twice

rf wrote:
> If a site tells me to turn on cookies/flash/java/whatever I leave
> immediately.
>

Yea but everyone is not so aggressive. A lot of people already use flash
and cookies for video websites. For example, Google Mail required
Javascript, newest Firefox/IE build, and Cookies, at its inception and
most people used google mail for the benefits it offered.

Re: Stopping users from voting twice

Animesh K wrote:
> rf wrote:
>> If a site tells me to turn on cookies/flash/java/whatever I leave
>> immediately.
>>
>
> Yea but everyone is not so aggressive. A lot of people already use flash
> and cookies for video websites. For example, Google Mail required
> Javascript, newest Firefox/IE build, and Cookies, at its inception and
> most people used google mail for the benefits it offered.

If I turned off cookies I would have to drive miles to the shops.

Re: Stopping users from voting twice

>I have a simple voting page using php and mysql and wonder how I can
>prevent users from voting twice.

First, think about the problem. What's a "user"? A human being, right?
There's a big difference between a human and an IP address. You'll
have both false negatives and false positives.

- Users behind proxies may get locked out as only one vote in the whole
company is allowed.
- Multiple users in the same family (using the same computer) can't all vote.

- Dial-up users getting dynamic IP addresses can probably vote once each
time they dial up.
- Users between proxies that use many IP addresses may be able to vote many
times.

Now, why are you holding a vote? And who is eligible to vote?

If this is a vote for an elected office, it ought to be a capital
crime to hold a vote that can't be re-counted, and that means a
chad-free paper trail. And, yes, I'm including offices like student
council representative of Section 5 of Grade 2 at Jeffery Dahmer
Elementary School, assistant White Poodle catcher, and vice-president
of the PTA along with more traditional ones like Governor or
Vice-President of the USA.

Even national elections have a lot of problems with this, and they
sign up voters and check off who voted against lists. Problems
include people registering to vote multiple times (possibly at
different locations), ineligible voters (including the dead)
registering, people presenting fake ID to vote multiple times,
people coercing other people to vote in a particular way, vote
selling, etc. This doesn't even include problems that all the
candidates suck.

If this is for some kind of survey, have you ever heard of statistical
validity of results? To start off with, you're going to have
problems with (a) a self-selected sample (people who don't LIKE
music probably won't answer a survey about music), (b) multiple
voting and people getting locked out of voting, and (c) not getting
a representative set of votes from the population of interest.

>Here are three ways:

>1. IP locking or IP locking with a time limit
>The same IP address can not vote twice, or not vote twice within the
>time limit.

>2. Cookies, weak version.
>If the user has cookies turned on they can only vote once. The cookie
>may be stored on the server and last till the browser is closed, or on
>the client and last till the user deletes it.
>If the user has cookies turned off they can vote as many times as they
>like.
>
>3. Cookies, strong version
>If the user has cookies turned on a cookie (session variable) is
>stored on the server and last till the browser is closed.
>If the user has cookies turned off they are told to turn it on for at
>least the present site.
>
>I exclude any options that uses usernames and/or passwords as that
>would be too cumbersome for most users.

The problem is, that "too cumbersome" method of issuing ID isn't
enough in practice.

I'll suggest voting with a confirmation email address. One vote
per email address (on a particular vote), which has to be valid
since they have to receive mail at it to do the confirmation. This
DOES have disadvantages, as multiple email addresses aren't uncommon,
but most people (except those who manage servers) don't have HUGE
numbers of email addresses.

>Disadvantages with each method:
>
>1. Users behind a proxy have the same IP address. This means that if
>one has cast a vote, the others can't or have to wait a certain time
>to do so.
>
>2. This allows repeated voting too easily.
>
>3. People may decide not too vote as they do not want to take the time
>to turn cookies on for the present site, or are generally sceptical
>about cookies at all. They may vote again when they reopen the
>browser.

4. People may not vote because they are afraid of SPAM.

>
>Personally I like best method 3, but post my thoughts here to hear
>your ideas.
>
>Are there other ways than the 3 listed? Which one do you like the
>best? Why?