Hacker News new | past | comments | ask | show | jobs | submit login

Inside the click handler for the button use `new Error().stack`. You should be able to determine if it's a legitimate event from the stack trace.

Ultimately, though, someone could just use HTTP instead of monkeying about with scripting in the browser. You could only deter this by serving up a new JS file every day that has a new way to e.g. calculate a checksum on the button click. Ultimately people are going to find a way to cheat no matter what you do. If this is a social experiment that is a result, too.

What I'd probably do would be to have the JS in the button capture some user driven events such as mouse positions and click characteristics. If they had great foresight, they could have already been doing this for the previous 700k clicks.

With a reasonably sized observation pool, they could compare subsequent clicks and detect outliers.

I think it would be hard to circumvent since people attempting to reverse engineer wouldn't have the observation pool to know what signals Reddit admins were modeling. The biggest downside I can think of is that there would be some delay before calling out a cheater depending on the reliability of the model.

The client side JS could detect the lack of an event capture payload and warn legitimate users after they unlock but before they click so they wouldn't be flagged due to browser incompatibility or JS restrictions from a security policy or privacy extension.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact