How do we prevent voting manipulation?

In this article


It is a challenge allowing users to vote without signing in while keeping things legitimate. However, it is our preferred option:

  • Users are more likely to give you feedback if you make it as easy as possible
  • It feels the wrong way round to penalise honest users because of the actions of a minority

If you want to have more control over who sees and uses your board, you can:

How we prevent voting manipulation

We do this in a number of ways:

  1. We use cookies to ensure that under normal web browser usage, a person only receives the opportunity to vote once per suggestion.
  2. We add a unique single-use token to each voting form, which must be included in a hidden form field when voting. This reduces the use of command-line scripting to create votes.
  3. We throttle voting by IP address combined with the “User-Agent” text sent by your browser with each HTTP request. You may be surprised to hear that we allow multiple votes per IP address. The limit is very low. We allow this so that a person can ask one or two relatives, friends, or colleagues to vote up their submission. This lets the user feel they are gaming the system while in fact, they are having little impact on the final vote.
  4. We throttle voting by suggestion. If a suggestion is receiving far more votes in a short timespan than is normal, it is probably manipulation. So we will silently ignore votes. Our throttling has several levels, including per minute, per hour, and per day limits.

We believe our system works, but we’re open to improvements. We continue to monitor the way people use our site, and make changes to our anti-manipulation algorithms.