Or is running an effective online poll truly hopeless?
I'm coming up with all sorts of similes but they all sound snarky, and I don't want to be snarky, so I'll just say it straight: there is no "integrity" in an online poll.
The results are always stunningly, catastrophically, inarguably invalid for any sort of rigorous use. The only thing that makes this particular poll more obviously flawed than the Ron Paul surges which were more obviously flawed then the garden variety online poll is that the latent vulnerability was exploited to an extent approaching parody.
(Note you don't have to have an adversary at all to make an online poll invalid. They're always the result of self-selection on the part of the participants anyhow.)
But you're right - in any case where the voters find you, your results will be trash.
I'm guessing some kind of statistical method for determining which votes don't fit the profile of a site's visitors combined with actively weeding out obvious instances of mass voting could make the results at least appear more accurate.
Sure there's no actual validity or rigor to online poll results, but the point is more to have results that at least appear plausible.
Seems to me the issue raised is about the "integrity" of online/offline "journalism" (of Time) in not acknowledging the meaninglessness of the poll results (or even the fact they were badly hacked). [ Maybe that's for Newsweek to report?]
I think that if one vote, or any small number of votes were allowed
per IP, the attack would have been much more difficult, as there
simply are not tens of thousands of readily available proxies, unless
these people have access to a big botnet.
A downside to one vote per IP is that AOL and some organizations place
their outgoing web traffic behind one or a small pool of IP addresses.
So these users wouldn't have been able to vote.
That would not have been such a big problem. But be sure to play 'dead man' and maintain the illusion that every vote counts.
Even more devious would be accepting the unwelcome votes, but also reversing each one of them after a random time has passed. This way the attackers get the see illusion, that their attacks succeed, but are fought back (or drown out in counter-votes from real people) only a few hours later.
At least I spent a few minutes here and there since yesterday thinking how it could be secured. Any method I thought was quickly demolished by a few attacks that would work.
But I am open to be corrected! If anyone thought they could have solved this problem, please reply :)
Of course, if you were only polling existing users, you could limit voting to those users who were there before you started the poll.