How the protection from unfair voting is implemented?

In NorrCompetition the protection from unfair voting (voter fraud) and repetitive attempts depends on contest settings.

Users cannot vote by default. To give them this permission you should proceed to Options > Permissions tab and allow users from certain groups to vote for entries (set "Vote" to Allowed).
Read more here: Permissions.

So, the first and the main protection level is to allow only registered users to vote. When the user is voting, his user ID is checked first, and if he has not voted yet, user ID is being recorded to votes table.

The protection levels below are used for cases when we allow unregistered user to vote. So we advice to disable them completely if you allow only registered users to vote.

IP-address check is the second protection level. When the user is voting, their IP-address is checked first, and if they have not voted, IP-address is being recorded to votes table. To enable this option open Options > Competition tab and set the "Check IP" parameter to Yes.

But, there are several problems with IP checks:

  • Many users have dynamic IP-addresses
  • Several users have the same IP-address (for example, different organizations). To solve this problem you can set check for IP+Fingerprint combination.
  • A user can use a proxy server to hide his real IP-address

Fingerprint check is the 3rd protection level. Browser fingerprinting is an incredibly accurate method of identifying unique browsers. Fingerprints can be used to fully or partially identify individual users or devices even when cookies are turned off. Moreover, it helps to identify simple robots that are trying to vote instead of a human.

To enable this option open Options > Contest tab and set the "Check Fingerprint" parameter to Yes.

Cookie check is the 4th protection level. When the user is voting, the component generates a special cookie and writes it to the user’s browser. The user cannot vote when this cookie is set. To enable this option open Options > Contest tab and set the "Check Cookie" parameter to Yes.

The problem with cookie check is quite simple – the user can erase cookie file or simply vote using another browser.

One more protection is Captcha. You can display it to users and protect the voting from bots. Captcha works on the entry page only. Please refer to Entry Layout Options document.

Despite all these protection options, please remember, that there is only one almost 100% protection from unfair and repetitive voting - to allow only registered users to vote.