Is this an effective anonymous user voting system!

Question

UPDATED

overview of the problem

I am developing a public idea sharing website, where any user(after creating an account) can submit ideas; they will then be reviewed & rated by our internal reviewers. And only the best submitted ideas will be published. These ideas can now be voted by anyone anonymously. And for each 1000 idea votes, we will reward idea authors with say $0.5.

I'm using an anonymous voting system where each vote is identified by a combination of IP address and User-agent.

But since we are rewarding users with cash , I fear this voting system could be manipulated!

Measures I've thought of taking:

Voting only with javascript enabled( using ajax) - to make sure votes come from browsers alone.
Also considering to receive votes, only from the most commonly used browsers.

Can this kind of voting work effectively without much loopholes?

Any good solutions for anonymous voting systems?

Wow! this link is helpful: What is a reliable method to record votes from anonymous users, without allowing duplicates

I just voted for this as off topic. When should I expect to receive my $0.5? — Cody Gray - on strike, Jan 20 '11 at 05:06
Checking that JavaScript is enabled does not prove it is a usual browser. I often use HttpUnit, it is capable of simulating a web user, and it uses Rhino to execute JavaScript. — Nicolas Raoul, Jan 20 '11 at 05:13
Thank u all for this insight. I've decided to continue with this voting system but will not reward users on the basis of no. of votes. — anand, Jan 20 '11 at 17:01

score 1 · Answer 1 · answered Jan 20 '11 at 05:08

1

authentication based on the users account (credit card, checking account ..) Or how is the money payed out?

answered Jan 20 '11 at 05:08

user492238

4,094
1
20
26

If you use anything other than credit card data or checking account information, then your system can and will be abused. The user agent and even the IP address can both be spoofed and changed to arbitrary values. – void-pointer Jan 20 '11 at 05:13

score 1 · Answer 2 · edited May 23 '17 at 11:55

This won't work. People can easily masquerade under a different user agent, regardless of whether or not it's a "commonly used browser" or if Javascript is enabled. It doesn't make any sense why you think limiting voting to users with common browsers will do anything at all. Client-side scripts could also be written to cast votes, even if you require Javascript to be enabled. Not even IP addresses are immune from spoofing; for example, the user could work from behind a proxy server. Also consider that there could be more than one user who shares the same IP: dynamic IP addresses are quite common, and large ISPs frequently re-use IP addresses by allocating them to different users at different times.

I already voted to close this as off-topic, but it looks like it's also a duplicate: Limit 1 vote per IP Address?

Is this an effective anonymous user voting system!

2 Answers2