Monday, August 30, 2010
Gaming of online polls and ways to mitigate vote fraud | Tweet |
I've been reading up on the gaming of the Time.com 100 Poll in 2009, where vote rigging saw the founder of 4Chan elevated to the top position and the order of names in the poll manipulated to spell out 'MARBLECAKE ALSO THE GAME' (see the video below).
While there are often legitimate reasons to create online polls or voting tools, it is very important to be aware of the potential pitfalls if measures aren't in place to minimise the risk of inappropriate voting - people 'gaming', defrauding or hacking individual polls.
Often people aren't aware of how easy it can be to game voting and it is important to weigh up what you're doing and put the right level of protection in place.
One of the simplest form of voting fraud can involve users with multiple computers and web browsers, who may be able to vote once per each - then vote again after clearing their browser cache of cookies. This is possible in the polls featured in many popular newspaper websites.
If an email address is required to vote, as is employed in more sophisticated voting systems, users with multiple accounts can sign-up and vote many times - particularly where they own domains and can create thousands of email addresses at a time. This can be monitored and partially mitigated by looking at voting patterns over time and checking the email addresses for similarity and veracity.
When polls check IP addresses they are harder to 'game', however there are still technical approaches some people can use to change IP addresses - or use botnetworks (all with different IPs) to vote on your behalf. This, however, can become quite technically complex and requires significantly more resources.
Finally, if the poll system's security is not assured, someone may hack the actual voting system and introduce biases that influence the outcome - from changing the order in which options to vote on are displayed, counting some votes as more than a single vote, or more obviously just manipulating the total votes through changing the register of votes.
There are way of checking polls to minimise fraud, using technology to check IP addresses, combining this with email address verification or linking to other services such as Facebook where people are unlikely to control more than a single account. There are also CAPTCHA-based means to screen out most automated voting (though adding a hurdle to fast voting) and even more complex automation techniques to analyse voting patterns in real-time and flag, check or disallow some votes based on their origin.
Depending on the poll different levels of mitigation may be needed. Basically the greater the reward for receiving the most votes in a poll, or the greater the controversy over the subject, the greater the likelihood that gaming or fraud will occur, and the greater the mitigation required.
Online voting in elections - such as used by Estonia - tends to employ far more sophisticated techniques to verify votes. These are much more effective, however tend to cost quite a bit (at present) to implement.
So if you're running a fairly simple and low cost online poll it may be best to use it simply as an indication, or to back it up with a human step (selecting a winner from the top ten publicly voted entries) which mitigates a lot of the risk of vote rigging.
While there are often legitimate reasons to create online polls or voting tools, it is very important to be aware of the potential pitfalls if measures aren't in place to minimise the risk of inappropriate voting - people 'gaming', defrauding or hacking individual polls.
Often people aren't aware of how easy it can be to game voting and it is important to weigh up what you're doing and put the right level of protection in place.
One of the simplest form of voting fraud can involve users with multiple computers and web browsers, who may be able to vote once per each - then vote again after clearing their browser cache of cookies. This is possible in the polls featured in many popular newspaper websites.
If an email address is required to vote, as is employed in more sophisticated voting systems, users with multiple accounts can sign-up and vote many times - particularly where they own domains and can create thousands of email addresses at a time. This can be monitored and partially mitigated by looking at voting patterns over time and checking the email addresses for similarity and veracity.
When polls check IP addresses they are harder to 'game', however there are still technical approaches some people can use to change IP addresses - or use botnetworks (all with different IPs) to vote on your behalf. This, however, can become quite technically complex and requires significantly more resources.
Finally, if the poll system's security is not assured, someone may hack the actual voting system and introduce biases that influence the outcome - from changing the order in which options to vote on are displayed, counting some votes as more than a single vote, or more obviously just manipulating the total votes through changing the register of votes.
There are way of checking polls to minimise fraud, using technology to check IP addresses, combining this with email address verification or linking to other services such as Facebook where people are unlikely to control more than a single account. There are also CAPTCHA-based means to screen out most automated voting (though adding a hurdle to fast voting) and even more complex automation techniques to analyse voting patterns in real-time and flag, check or disallow some votes based on their origin.
Depending on the poll different levels of mitigation may be needed. Basically the greater the reward for receiving the most votes in a poll, or the greater the controversy over the subject, the greater the likelihood that gaming or fraud will occur, and the greater the mitigation required.
Online voting in elections - such as used by Estonia - tends to employ far more sophisticated techniques to verify votes. These are much more effective, however tend to cost quite a bit (at present) to implement.
So if you're running a fairly simple and low cost online poll it may be best to use it simply as an indication, or to back it up with a human step (selecting a winner from the top ten publicly voted entries) which mitigates a lot of the risk of vote rigging.
Subscribe to:
Post Comments (Atom)
Insightful post Craig, thanks.
ReplyDeletePersonally I would never advocate e-democracy, we have democratic institutions to take decisions for good reasons. On top of the issues you cite relating to gaming we have to be mindful that there are important sections of the community who are not online and are excluded from these polls. Also those taking the time to vote will always be a skewed sample.
However, online polling can be an important part of e-participation which supports the decisions that our democratically elected institutions make.
Polls can give a very quick indication of the pulse of an issue and can also be a great way to allow people to easily participate and to draw them in to get them involved in deeper engagement. After voting in a poll (especially if they have signed up to vote) they may feel they want to discuss why and might join a forum where their ideas and opinions may be of real value to decision makers.
Of course the ultimate protection against gaming in polls lies in the understanding of the decision makers and their discretion in interpreting results.
A Government making decisions based on online polls alone would be almost as unthinkable as one making decisions based only on the results of focus groups...............hmmm