How do we prevent voting manipulation?
In this article
It is a challenge allowing users to vote without signing in while keeping things legitimate. However, it is our preferred option:
- Users are more likely to give you feedback if you make it as easy as possible
- It feels the wrong way round to penalise honest users because of the actions of a minority
If you want to have more control over who sees and uses your board, you can:
- password-protect your board
- use Single Sign-on to restrict access to your feedback board so that only authenticated members of your organisation can view and add suggestions
How we prevent voting manipulation
We do this in a number of ways:
- We add a unique single-use token to each voting form, which must be included in a hidden form field when voting. This reduces the use of command-line scripting to create votes.
- We throttle voting by IP address combined with the “User-Agent” text sent by your browser with each HTTP request. You may be surprised to hear that we allow multiple votes per IP address. The limit is very low. We allow this so that a person can ask one or two relatives, friends, or colleagues to vote up their submission. This lets the user feel they are gaming the system while in fact, they are having little impact on the final vote.
- We throttle voting by suggestion. If a suggestion is receiving far more votes in a short timespan than is normal, it is probably manipulation. So we will silently ignore votes. Our throttling has several levels, including per minute, per hour, and per day limits.
We believe our system works, but we’re open to improvements. We continue to monitor the way people use our site, and make changes to our anti-manipulation algorithms.