Fair voting on the Internet using sms
In December 2011, we tried to hold a contest for the best phrase for a T-shirt with the main prize - iPhone 4. Of course, we suspected that when authorizing via Facebook and Vkontakte, there could be all sorts of cheats and vote buying. However, the scale of fraud exceeded all our expectations and amounted to thousands of left-wing votes without even a single call to the voting page on our website . As a result, we were forced to first remove a few phrases from the competition, and then generally declare the voting results to be invalid. Having appointed a repeat vote at the end of January 2012, we seriously thought about how to ensure maximum honesty and objectivity of the repeat vote.
Refusing to authorize by email (as a way of not giving the proper level of protection against fraud), we decided to resort to a paid service SMSDirect (from the company iFree). SMS voting takes place in 3 stages:
1. The user presses the “Vote” button on the phrase you like;
2. Enters the Russian cell phone number gets a personal code by SMS;
3. Enters the received code on the site and confirms your vote.
On the voting page, users are guaranteed the security of their personal data, free of charge received SMS and the ability to vote only once from one number. Of the obvious drawbacks of such a scenario of Internet voting is its absence for the organizer and the high probability of users refusing to disclose personal data (phone numbers). One of the advantages is the high accuracy of the voting results and the high probability of the participation of motivated respondents.
')
Technical steps:
1. We have connected SMS-service ( SMSDirect )
2. Made a standard form for identification via SMS from two parts:
(the id of the phrase for which the person votes is transmitted)
a) enter the number ->
(checking the number and sending the code) ->
b) enter the code that came.
3. For each first part, if the correct number was entered (correct format + did not vote for this phrase),
- created a record in the database, which was waiting for confirmation.
- created session id, which is associated with the code and phone number
thus, the code will be correct and relevant only for this session.
(that is, if your code is currently entered, another voting person in his form will not work.)
- opened the second part (code entry)
4. By submitting the second part with the correct code entered, this record was confirmed, and from that moment it was counted as a vote for a specific phrase.
Potential technical difficulties: Checking the number, if you had to check the codes of operators in the region of St. Petersburg and Leningrad region, but it turned out that SMSDirect sends text messages all over Russia and to one price; in the number (respectively, the other incorrect numbers are already swept away by the operator).
Protection against potential fraud (and bots), which introduce reasonable numbers and just send us our text messages, in order to get us in trouble. In addition to limiting, the number of connections from the user with an accuracy of ip / cookie does not work, which, in general, is not entirely reliable. It is interesting how large companies (Vkontakte and Google, Alfabank) solve and solve this problem, using sending SMS to prevent fraud and authorization.
Our conclusion : at a reasonable cost of sending a test SMS, it is likely that the losses from unchecked SMS sabotage of users will be small, due to the considerable complexity of the SMS request procedure itself.
The main bonus for us: the transparency of the vote. Comparing the base of votes with the base of sent SMS (we have + on the service side), it is easy to check the uniqueness and validity of the voices up to the number. Well, as practice shows, it is much more difficult to have three SIM cards than three email accounts or three accounts, say on Facebook :)
Refusing to authorize by email (as a way of not giving the proper level of protection against fraud), we decided to resort to a paid service SMSDirect (from the company iFree). SMS voting takes place in 3 stages:
1. The user presses the “Vote” button on the phrase you like;
2. Enters the Russian cell phone number gets a personal code by SMS;
3. Enters the received code on the site and confirms your vote.
On the voting page, users are guaranteed the security of their personal data, free of charge received SMS and the ability to vote only once from one number. Of the obvious drawbacks of such a scenario of Internet voting is its absence for the organizer and the high probability of users refusing to disclose personal data (phone numbers). One of the advantages is the high accuracy of the voting results and the high probability of the participation of motivated respondents.
')
Technical steps:
1. We have connected SMS-service ( SMSDirect )
2. Made a standard form for identification via SMS from two parts:
(the id of the phrase for which the person votes is transmitted)
a) enter the number ->
(checking the number and sending the code) ->
b) enter the code that came.
3. For each first part, if the correct number was entered (correct format + did not vote for this phrase),
- created a record in the database, which was waiting for confirmation.
- created session id, which is associated with the code and phone number
thus, the code will be correct and relevant only for this session.
(that is, if your code is currently entered, another voting person in his form will not work.)
- opened the second part (code entry)
4. By submitting the second part with the correct code entered, this record was confirmed, and from that moment it was counted as a vote for a specific phrase.
Potential technical difficulties: Checking the number, if you had to check the codes of operators in the region of St. Petersburg and Leningrad region, but it turned out that SMSDirect sends text messages all over Russia and to one price; in the number (respectively, the other incorrect numbers are already swept away by the operator).
Protection against potential fraud (and bots), which introduce reasonable numbers and just send us our text messages, in order to get us in trouble. In addition to limiting, the number of connections from the user with an accuracy of ip / cookie does not work, which, in general, is not entirely reliable. It is interesting how large companies (Vkontakte and Google, Alfabank) solve and solve this problem, using sending SMS to prevent fraud and authorization.
Our conclusion : at a reasonable cost of sending a test SMS, it is likely that the losses from unchecked SMS sabotage of users will be small, due to the considerable complexity of the SMS request procedure itself.
The main bonus for us: the transparency of the vote. Comparing the base of votes with the base of sent SMS (we have + on the service side), it is easy to check the uniqueness and validity of the voices up to the number. Well, as practice shows, it is much more difficult to have three SIM cards than three email accounts or three accounts, say on Facebook :)
Source: https://habr.com/ru/post/137548/
All Articles