How We Protect Your Contests From Cheaters
December 06, 2019
If you run a popular online voting contest where there are prizes to be won, then there is a risk that cheaters will try to rig the results in their favour. A quick Google search shows just how easy it is to buy contest votes off the internet. In this blog post, we explain the different mechanisms that we put in place to detect and prevent fraudulent votes.
Cookies are small files stored on browsers. We use them to record whether or not a user has already completed your contest. If a user tries to access the contest’s URL again after voting, they will be redirected to the Thank You page.
The obvious drawback with cookies is that they can be wiped out quite easily from any browser. For this reason, we only rely on them to conveniently redirect well-meaning users.
An IP address is an internet identifier for your computer. Your IP address tells websites you visit how to reach you and send you the information you requested. Think of it like a postal address but for the internet.
An IP address can be shared with other devices on the same network. For example, people in your household, your office or at your local coffee shop might use the same IP address. Since IP addresses are not unique to one device, the contest app will let different people vote using the same IP address. However, someone trying to vote with a previously used IP address will also need to authorize the app so that their Facebook ID can be recorded along with their answers.
A Facebook ID is a unique number that identifies each Facebook user. By recording the Facebook ID along with the answers, the app ensures that a user cannot vote twice from the same Facebook account. Participants only need to log in to Facebook and authorize the app if someone previously submitted a form with the same IP address.
The latest version of Google reCaptcha helps detect abusive traffic on your contest without any user friction. This means that users won’t be asked to solve a captcha before submitting the form. Instead Google does a risk analysis of how a user interacts with the page and returns a score based on these interactions. A low score indicates a high risk of an interaction from a bot. If more than a certain percentage of respondents are flagged as possible bots, you will receive a warning email and an explicit captcha will be added to the form.
You are in control!
Finally, the last line of defense is you, the contest owner! Here are some warning signs you should look out for when analyzing the results:
- If your audience is mostly from your country but a big share of the votes come from a foreign country, then this might indicate fraud. Use a filter to see if voters from a given country all voted for the same option.
- In your Excel file, check if more than a few answers were submitted from the same IP address within a short timeframe. Although voters sharing the same IP address also need unique Facebook accounts, it is not too hard to open fake accounts on Facebook.
The Internet is built on anonymous protocols and therefore it is impossible to block all fraudulent votes all of the time. We also need to strike the right balance between preventing fraud and letting authentic participants vote without any friction. That’s why we are constantly working on improving our techniques and algorithms, so your contests can remain fun and your results real!