I think that I upset some people by my tongue in cheek reference to ballot stuffing. I am not a big fan of online polls. In the past I have regretted participated in the yearly The Predators & Editors Readers’ Poll. It annoys me that these polls have nothing to do with quality, but everything to do with how many people you know and how easy it is to spoof the poll.

A while ago, I wrote my own polling system so that editors could put a JavaScript widget on each page and have their readers rate a story. This didn’t work out because most stories suck and the poll just pissed people off, especially writers. There was also the problem that it was easy to stuff the ballot box. Here are some thoughts about some of the design issues in crafting such a ballot system.

Cookies. The first defense against voting many times is to drop a cookie. A cookie is a small chunk of information that is stored by the web browser. They are general secure and not dangerous. They are extremely valuable to anyone designing an online system. If you go to Harlan Ellison’s page you can read his paranoid rant about cookies, but he is way off the mark. No one cares much about cookies. There are the occasional tracking cookies, but even they are anonymous and are only used to gather generic data about surfers.

If you have a system that drops a cookie when you vote, then the person will not be able to vote again on that machine without clearing cookies. Most people don’t even know how to do this. Of course, you should not accept votes unless the cookie is verified. Harlan Ellison could not vote because he turns off cookies in his browser so no one can spy on him and as a result it must cripple his online experience.

IP Address. You can record an IP address for each vote. This is easily available to online programs. The problem with this is that AOL users all come from a single small range of IP Addresses in Vienna Virginia. The IP numbers are shared among a huge number of users so that by limiting voting to one IP address per vote, you wind up shutting out AOL and most other ISPs in the world who use IP masquerading to limit their exposure to the outside world.

Email confirm. By forcing your users to put in an email address and then sending them a confirmation link, you can limit the voting to one vote per email address. The problem is that I have unlimited email addresses at CTHREEPO.com and my other domains. I can also use the anonymous email servers like WillSelfDestruct.com and many others. These sites don’t need you to register or anything. You just make up an email address like [email protected] and then go check your mail. They keep any mail going to that address for a day or so and then it goes away. There is no security, but you don’t need security to stuff a ballot box. Email confirmation does not work.

IM or Text Message confirm. This is the most secure. You ask the user to put in an IM handle or a cell phone number and you send them a text message with a url or code to confirm their vote. The “magic step” is sending the text message or IM. There are all kinds of barriers to this and many of them have a cost associated with them. I have researched free variations, but have always come up just short. I will create a completely free text message voting system one of these days when I have more time. There has to be a way to do it for free.

The cell phone text message works well and I’ve use that when signing up for conferences. A person seldom has more than one phone and at most a work phone and a personal phone. Ballot stuffing is severely curtailed by limiting the poll to one vote per telephone number. IM messages are a little easier to get around. It takes only a few minutes to register a new IM handle, but are still harder to get than an email address.

Micropayments. One might consider making a micropayment of a few cents to vote. I would not object to paying 10 cents or 25 cents to vote. There is a psychological barrier at one dollar, but even 50 cents might be a problem for me. PayPal charges something more than 30 cents for a very small payment. Amazon has its “honor” account where you can accept very small payments at about 30 cents plus a small percentage for each payment. These are both appropriate for voting where you might charge 35 cents a vote and not make any money on it. The goal is to get a valid vote and not make a profit on the voting. Many people will vote once, but not many will spend the cash to vote twice. It is also easy to limit the voting to one vote per account. The problem is that most people will not whip out their credit cards to vote in a silly poll. But then anyone who won’t pay 35 cents to vote might not have a valuable opinion. This would keep out casual voters as well as fraudulent ones. One could also charge a buck and any
profit could go to a worthy cause. This might even get me to vote.

In conclusion, don’t trust online polls. They are mostly just friends voting for friends and they mean very little. If you want to design a voting system, use telephone text messages to confirm votes, or charge a small fee for the privilege of voting.