Ultimately, though, someone could just use HTTP instead of monkeying about with scripting in the browser. You could only deter this by serving up a new JS file every day that has a new way to e.g. calculate a checksum on the button click. Ultimately people are going to find a way to cheat no matter what you do. If this is a social experiment that is a result, too.
With a reasonably sized observation pool, they could compare subsequent clicks and detect outliers.
I think it would be hard to circumvent since people attempting to reverse engineer wouldn't have the observation pool to know what signals Reddit admins were modeling. The biggest downside I can think of is that there would be some delay before calling out a cheater depending on the reliability of the model.
The client side JS could detect the lack of an event capture payload and warn legitimate users after they unlock but before they click so they wouldn't be flagged due to browser incompatibility or JS restrictions from a security policy or privacy extension.