

Ask HN: Build a voting system,users vote without sign up, only once - hhimanshu

I am implementing a suggestion system where a user can vote suggestions by other people(much like what we see on ycombinator) but here is the problem:&#60;p&#62;- I don't want the users to signup before they vote(why? I dont want user to bother in the very first place to signup to vote, its not convenient)
- for a particular suggestion I just want them to vote ONCE, they can vote all suggestions on a page, but not more than once&#60;p&#62;Is it a way to achieve this? I am working on my first app and want to learn how to do this&#60;p&#62;Thank you people
======
bradbeattie
Persistent cookies can easily be cleared. IP address limitations might prevent
legitimate users behind firewalls, while allowing others to vote multiple
times if they have access to multiple computers.

I've looked into the problem for my own voting site
(<https://modernballots.com/>) and I haven't found a good way of doing this
for public polls where anyone's allowed to vote.

The solution I developed was to just create the option for private elections
that require invitations to vote in. This has its own issues (most notably the
distribution of invitation keys), but it's worked so far.

Long story short, there's no good way of doing what you're looking for unless
you're willing to accept the risk of false positives, false negatives, and the
problems that come with both.

------
dangrossman
Your first line of deduping will be cookies. When there's no cookie present,
also check against (user agent, IP) pairs; remarkably unique at web scale. The
chances of two people with the same browser on the same OS with the same
plugins behind the same IP address hitting a random website are very small,
and collateral damage is limited to not letting two people at a very IT-
homogenous corporation vote on the same item.

~~~
bradbeattie
Your method of detecting duplicate ballots is also subject to the
vulnerability of false negatives if one person votes once on two different
machines. There's no good way to protect against this. Further, useragent/IP
pairs are easily bypassed by forging a false user agent string.

------
callmeed
Use an evercookie (or something similar): <http://samy.pl/evercookie/>

------
ericingram
It could be gamed a bit, but I think it's worth the trade off. I did something
like this with a chat system (no login to post first), and it blew up. Avg
6,000 comments a day for a while, ~500,000 comments in a year.

++

------
soho33
there are many sample scripts already available to do this depending on what
language you are using.

everytime a vote is done, you would capture that users IP address and store it
in a database with the ID of the question they voted for. In your algorithm,
before each vote check the database to make sure the user IP and the question
ID already doesn't exist.

~~~
callmeed
Doesn't that prevent 2 people behind the same router (or work IP) from voting?

~~~
soho33
that's true. maybe he can store the source port as well along with the IP? the
source port will always be different even if behind the same router.

