15

I'm a moderator at a small phpBB forum and we recently held a writing contest. The winners to be decided by a standard phpBB poll.

Our goal was to determine the best story, based on the judgement of our diligent members.

The various authors, of course, wanted to "win" -- sometimes no matter the method.

We soon had sock-puppets and friends and family of some authors signing up just to vote and then disappearing back into the ether. When we required at least 1 post to vote, they'd post something generic, vote, and leave.

Then again, some "family" (2 different email accounts, posting from the same residential IP address) did take the time to critique the stories and/or otherwise contribute.

So:

  1. How can we detect sock puppets, and how can we differentiate them from family or coworkers behind the same firewall?

  2. How can we prevent friends from signing up and just voting for their friend's story without evaluating other stories?

Improve this question
1
  • 3
    One policy that I have found to work well is to only allow accounts that were already existing prior to the contest creation to vote - new accounts were welcome to critique and give feedback, but their votes would not be counted.
    – user2813274
    Commented Oct 2, 2014 at 2:03

4 Answers 4

Reset to default
11

The easy way to solve this problem while still using the phpBB voting system is to disallow participating in polls for users with less than, say, three to five posts.

Without too much digging, I found this thread on the phpBB forums concerning limiting poll participation by post count. If you set the threshold somewhere around three to five, you'll weed out people who just create accounts in order to vote. The code for this, credited to jalaln on the phpBB forums, is suggested as follows:

if ($user->data['user_posts'] < 10)
{
   trigger_error('Sorry, your postcount must be 10 or greater in order to vote in polls.');
}

placed just before: 

foreach ($voted_id as $option)
      {
         if (in_array($option, $cur_voted_id))
         {
            continue;
         }

in the viewtopic.php file.

Other than that, you just have to put some faith in your active users to read the content before voting in the poll.

It is highly unlikely that your existing users will have already-created sockpuppet accounts with a high post count since it's a forum, and there's really not that much advantage in doing so.

Also, as Anna Lear points out, it may also be helpful to limit voting eligibility to accounts that have already existed before the voting starts. However, this would only work consistently once, as people would feel motivated to create sockpuppet accounts for use at a later time.

Improve this answer
7
  • 3
    In addition to post count, could also limit valid votes to accounts that were created prior to the contest announcement. So, in total, the eligibility criteria would be "made a few posts to qualify as a member and did not create the account just to vote during the contest".
    – Adam Lear
    Commented Oct 1, 2014 at 21:34
  • @BrockAdams Yeah, as I suggested, 3-5 posts would make it easy to detect and prevent.
    – user35
    Commented Oct 1, 2014 at 21:43
  • @Anna Actually, I disagree - this would only work once, as people would create sockpuppet accounts in advance once they knew they needed them.
    – user35
    Commented Oct 1, 2014 at 21:43
  • 1
    @Emrakul That's why there should be both age and post count requirements. Heck, one could also require posts to be relatively recent. If someone wants to maintain a fleet of sockpuppets that meet all the criteria... more power to them? :) (Not to mention that you could also identify and cull socks in-between contests.)
    – Adam Lear
    Commented Oct 1, 2014 at 21:45
  • Re: However, this would only work consistently once, as people would feel motivated to create sockpuppet accounts for use at a later time. Maybe, but it's a lot harder for most people to remember what account and password they used, weeks later, than to create a "one and done". 3-)
    – BHA
    Commented Oct 1, 2014 at 22:32
6

Related, yet different, to the previous answers is utilizing the "Groups" functionality of PHPBB. You can place your established users (or a subset of users that you wish to allow to vote - perhaps just those that are interested in the contest itself?) into a group.

Host your contest voting in a subforum that you've set up to only allow this group to vote in. You can do this by visiting your ACP and going to the Forums tab, then "Group Forum Permissions". If you set everything to "No", except the group you wish to vote, new users won't be able to place a vote in this contest.

Polls Permissions

For setting users as part of a group, this can be accomplished via the ACP -> Users tab and adding appropriate users to the group you wish. If you just make them a member, but don't make this new group the default, there will be no visual changes to the forum. They will be able to see that they are part of this group though.

Obviously, this puts the work on your end, because you have to add them to the group. You can install a promotion plugin that can handle this work for you, if you wish to reduce your workload a bit.

The advantage to this is that you give your users a goal: Get into the group that can vote. From your point of you have enabled "gamification" - which, if done correctly, can drive more engaged users. New users who haven't reached this privilege can still participate by interacting with the contestants and offering feedback. They just can't cast a ballot.

Improve this answer
1
  • +1, This approach also has the advantage that it doesn't require making and maintaining a mod to the PHP code.
    – BHA
    Commented Oct 2, 2014 at 1:52
5

Basically you can't prevent "drive by" voting.

  1. It's perfectly legitimate for several people to share the same IP address - work colleagues, people logging in from internet cafe's etc, just as it's perfectly legitimate for someone to only log in from a single IP address. If there are multiple accounts then you can't automatically assume bad faith.

    You could have a rule that states that votes from the same IP address won't count towards the total, but that could be tricky to sell and is circumventable.

  2. You can't prevent people just signing up and voting on their friend's stories. However, if they have no votes for other people's posts (either inside or outside the competition) then you could invalidate (or just discount) those votes before counting.

    You need to have some way of analysing the proportion of votes user A gives user B. If you can't analyse the voting patterns then there's nothing you can really do to stop this - or at least discount the fraudulent votes.

You could try insisting that people register before voting, but with throwaway e-mail accounts it's hard to automatically detect whether the new account is real or not.

Improve this answer
2
  • #2 could be a hard sell, too, if the poll shows winner A, but we say "Oh, by the way, we're throwing out 20 votes for A." If we tell them why, then they know how to game the next time. If we don't tell them why, credibility is shot.
    – BHA
    Commented Oct 1, 2014 at 21:47
  • 1
    @BrockAdams - indeed. My answer was partly to show how difficult the problem was. Anna's idea of only allow votes from pre-registered users with 3-5 real posts is probably the way to go.
    – ChrisF
    Commented Oct 1, 2014 at 21:48
3

Here's a solution that involves a tiny bit of sneakiness, but I think is quite adequate.

  1. Make the voting work as usual--everyone can vote, and never receives an error or rejection message. Votes are stored in the database, and the account that votes gets his indication that he's already voted.
  2. When counting votes, only count those from people who've posted at least X times (1 - 5?) and optionally, registered before the contest started.
  3. Do not reveal these rules. The cheaters will continue to get family and friends to vote, or create sock puppet accounts, but won't know that their votes do nothing unless they are active participants. Just indicate in general terms that the quality of the voter's contributions to the site are weighted and factored in some way--which is true, you're just not saying what those weights are (multiply by zero for some).
  4. Solve the smaller problem of how to make people think their to-be-ignored votes are counting.

Some thoughts on #4:

  1. Only change the displayed vote count once a day--this obscures the connection between an individual vote and the display of votes. Could arouse suspicion as there may still be noticeable discrepancies at the end of the day--if the person knows he got 100 people to sign up and vote, but his count only rose 25, he'll know something's up. Which brings us to...
  2. Display some other metric than votes, that conceals the exact count. For example, display votes for an individual entry as percent of the total, or percent * 100 so you can drop the fractional part. Since the people cheat-voting for one entry have no idea how many people are voting for other entries, they won't suspect anything when their percentage didn't go up hugely--apparently other entries are getting a lot of votes, too!

This is a tactic similar to the one used on forum trolls, called something like "shadow banning". The person's posts are displayed only to him--everyone else sees nothing. This prevents further abuse and the troll from signing up with multiple accounts, since he believes he's accomplished what he set out to do. But for some reason, his victims display extraordinary restraint and wisdom by simply ignoring his posts! How frustrating for him. He so wishes someone would have taken his bait.

Perhaps I have not thought of all the wrinkles, but with some creativity I think this could be quite workable.

Improve this answer
3
  • Some interesting ideas. Big problem is that this would damage the trust and credibility of the site, unless the rules were fully revealed (and thus game-able again). ... Lesser problem is that this requires modification of the forum software (possibly extensive) -- which means that only the site owner can do it, not one of his moderators or even admins without FTP access (which is the usual case).
    – BHA
    Commented Oct 2, 2014 at 6:35
  • The term I hear most for this is "Hell ban". :)
    – BHA
    Commented Oct 2, 2014 at 6:36
  • I don't see it as damaging credibility as long as you were careful with how you ran it and what you said. And yes, it would take modification of the forum software. Consider sweepstakes entries--they don't tell you how many people have actually entered, just that your entry was accepted, and you have to trust that it's true.
    – ErikE
    Commented Oct 2, 2014 at 16:29

Not the answer you're looking for? Browse other questions tagged or ask your own question.