Solutions Membership Marketplace SaaS Dynamic data
Secure Voting list against cheaters

2020-04-17

Voting fraud was expected

It was expected to face the cheating behavior of our members before starting the Challenge project. But we focused on the launching speed, getting the feedback, and proving the idea at that time.

Voting by cookies is not a good idea anymore. But we've decided to do it as simply as possible. And it allowed us to create the prototype in 3 hours and polish it in 3 days.

So we've stuck with a voting fraud very soon.

Starting of the voting list

The general idea of Challenge is submissions + voting list and defining the winner of each Challenge by voting counters.

From the beginning, we understood that anonymous voting based on cookies is not reliable.

To prove the general idea of the Challenge product it was quite enough. But we've got so many visitors and registrations from Product Hunt and other sources. So the product became much more mature and much earlier than we could expect it.

We need a secure voting

And of course, we faced cheaters earlier than we prepared some solution to avoid this fraud.

And after the honest message from one of our members about they created a voting bot even, we decided to stop defining the winner just by votes till the issue will be solved by a better algorithm.

This person showed us how they used Integromat to automatically upvote their submission.

And even everybody can use different browsers and/or different devices and vote for own submission multiple times. Or they can clean the browser's cookies.

Honest informing about the cheating

We decided to inform our audience about this fact

Let them know about the alternative way to define the winner until we can secure the Challenge voting system

Can some external services save us urgently?

It was a draft idea to use some existing voting service like https://likebtn.com/en/ as an interim solution

But actually it is not what we need. They don't provide security anymore

Because it can be based on visitor's IP, User-Agent, request time and other information from the HTTP request

Authorized voting is required!

So any anonymous solution couldn't work as we need.

But unique voting available only with some sign-in/sign-up membership system

And it is always a threshold as we've experienced with registration

But social media authorizing helps to overcome this obstacle

So we need at least two features for this voting at once: twitter login and then personal voting

Interface improvement

As an authorized user I can Vote up or down. And even I can see where I've already voted

And I can downvote only submissions voted exactly by me

Since we can see all the voters

It is available on the submission page

We can see the latest voted name and the counter of voters

And by mouse hovering it displays the full voters list like you can see it on Facebook

My voted submissions in my profile

Now it is possible to see all the submissions I voted before

Votes list in the backend

It is also convenient to see the full list of voters for each submission on the managed area

Surprising Viral result

It was available to vote anonymously before

But since it became required authorizing, many people started registering

Just because submissions owners ask own friends to vote for them

And they vote of course but after the registering

Voting list for you

If you have some similar ideas, you can find the template of such a project in our solutions store. Play with it and improve during the trial period for free.

None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None