In web communities where voting on an item is an essential feature, the vote result could be easily biased by one single user if she register many accounts and vote. What approaches can mitigate sockpuppeting?
I write the software from scratch and have total control on the feature set.
(This is a general question asking for system designs that prevents a single person casting multiple votes by faking multiple account).
Social voting is absolutely broken.
As you, and countless others, I'm sure, have observed: the "vote" means precisely bupkis.
The problem with online “voting” (or “liking”, or “plussing”, etc) is that it is a dimensionless data point.
Does getting 300 “likes” on a post make it “good”? Does it reflect on its quality in any way? How about getting nearly 400 upvotes (and only a handful of downvotes) on a question about MySQL (along with 100+ “favorites”) mean the question is good? Does it show something is popular? Are people clicking the vote mechanism out of peer pressure, because they actually agree, or because they think it needs more visibility? Or something else entirely?
What do you think a "vote" means? Was it "good"? Did it "help"? Was it "funny"? Do you just like the user who posted it?
Why do you even think you need any form of "voting"? (Outside of peer pressure, because "everyone else does it"?)
If you really want to obtain something that even resembles value for a vote, you need to include a lot more data:
And the total of each type of click should be shown – show me 10,000 people disagreed with what I said, 15,000 agreed; 20,000 upvoted, and 30,000 downvoted; 12,000 reshared it (with, or without, comment).
Because "voting" - especially so-called "sockpuppeting" or "revenge voting" has some nasty side-effects:
Using voting as a means of hiding things (and trying to prevent others from seeing them) can be somewhat akin to online bullying – revenge voting has its problems; as does blindly upvoting anything a particular person says/does. Which is why assigning (and then displaying) dimensionless data anything more than a count is dangerous.
Unless you have an unusually strong need to have something that resembles a "vote" (or like, or +1, or ♥️, etc), DON'T even put it in!
Answered by warren on September 3, 2021
Proactively: bind the registration to something that your users cannot easily replicate. Instead of using an e-mail, use a phone number to confirm registrations. Or if you are really serious verify registration using a digital signature (whose certificate signed by an authority trusted by you).
Reactively: monitor all activity your users do. Including all page views, posting and voting activity. And have a heuristics to determine if the activity is legit. A normal user would browse the site, make posts, vote on many posts. While a sockpuppet would go straight to the desired post and vote it. You should silently roll back the votes that trigger your heuristics.
Answered by Calmarius on September 3, 2021
The only real way to solve the problem is to filter the users who are allowed to vote. You need to be honest with your community and say that you are not interested in opinions of unestablished users. There are many reasons that might make you think this way, for example, but not limited to:
So, you need to choose a method to filter the users. Some methods are usually just bad and ineffective, for example:
They might not be inherently bad, but from my experience in various communities, they usually don't work and do way more harm than good.
Methods that work if implemented well:
Those are some of the ways you can use. Many more exist, and the exact set that you need heavily depends on your community's needs and size.
For example, a small web-site with only 10 users is a place where any sockpuppet attempt will be quickly discovered. Everyone knows everyone. You don't even need polls in such a system, such a forum can just discuss stuff.
A forum with 5,000 active users is the opposite of this, and many anti-fraud systems are needed.
Answered by Baskakov_Dmitriy on September 3, 2021
You can do a few things to mitigate against users creating multiple logins to skew the voting. None will prevent it completely but will go a long way to reduce vote fraud.
Strip out modifiers from e-mail addresses when checking if they've already been used. For example GMail allows you to create addresses of the form:
Strip out the "+modifier" and they won't be able to use their GMail address more than once. Obviously you need to keep the full address the user entered as they're probably using the "+modifier" to filter their e-mails.
Even with these ideas in place you're still going to get people who want to game the system. As a fail-safe make sure you have a mechanism that can remove the fraudulent votes. Either make sure the votes are removed when accounts are deleted or have a manual "remove votes" option in your admin pages. Again it won't stop the most determined puppet master, but will help reduce the problems they cause.
Answered by ChrisF on September 3, 2021
The most effective way to mitigate sockpuppeting would be to make registering multiple accounts more difficult - require captcha, track IP addresses and sessions. In most cases trespassers would be quite easy to block.
Answered by BanzaiTokyo on September 3, 2021
1 Asked on January 1, 2022 by dave-white
4 Asked on September 3, 2021 by william-edwards
1 Asked on September 3, 2021 by t-thomas
3 Asked on September 3, 2021 by fisherdog
7 Asked on September 3, 2021 by gaazkam
1 Asked on September 3, 2021 by solearth
4 Asked on September 3, 2021
3 Asked on September 3, 2021
1 Asked on September 3, 2021 by david-silva
1 Asked on September 3, 2021 by amar-singh
1 Asked on September 3, 2021 by benjamin-mrkus
1 Asked on September 3, 2021
2 Asked on September 3, 2021
1 Asked on September 3, 2021
4 Asked on September 3, 2021
4 Asked on September 3, 2021 by anvd
1 Asked on September 3, 2021 by spevacus
1 Asked on September 3, 2021 by ombo
Get help from others!