LoudounI.com Poll Incompetence: If the members of Loudoun's Board of Supervisors were all up for re-election today, who would you want voted out of office?

Wednesday, March 31, 2010

Sorry I haven't posted anything in a while, I've been dealing with some family issues.

I'm a little late on this topic, but I have some interesting insights on it.  Recently, LoudounI.com had the following online poll:

If the members of Loudoun's Board of Supervisors were all up for re-election today, who would you want voted out of office?

Stevens Miller (D-Dulles), extreme leftist, was winning the poll (to be voted out of office).  Then, a voting-bot was obviously put into use by the left-wingers to try to force Eugene Delgaudio (R-Sterling), conservative patriot to win the poll.  I seriously doubt this was illegal since the bots were merely voting, not trying to cause a Denial of Service or gain access to server.  Rather, it exposes incompetence in the management of the online poll because there are relatively simple ways to prevent this from happening if the webmaster put enough value in the poll to take the time to secure it.

The poll uses (it's still open) a simple HTML form that submits an HTTP POST request to transmit the vote and an ID for the poll itself, not the particular vote.  It is very easy to generate an HTTP POST request from any computer or server, submit it to the poll server, and vote, over and over again automatically.

One way the webmaster could deter this without out too much server-side tracking is to include two hidden form fields, a timestamp and an encoded version of the timestamp that was hashed with another value by a function on the server.  Each time someone loads the poll web page, the values would be different.  When the poll is submitted, the timestamp and the encoded version can checked for tampering (the timestamp field in the submitted vote re-encoded by the server should equal the encoded version in the submitted vote).  To detect machine submissions, use the timestamp to make sure the vote wasn't submitted faster than humanly possible.

No online poll can ever be considered accurate, but polls where the webmaster doesn't even attempt to deter vote-bots are totally worthless.

Until LoudounI.com, secures their online polls, their polls aren't worth the time to read the results.

UPDATE:   I just saw this article: Editorial: Listening to You

This week’s poll took off, largely due to its asking readers to announce the support (or lack thereof) of the Board of Supervisors and its members. While we feel that these surveys are valuable in taking a “room temperature” of public sentiment, the polls are not intended as a scientific study. As with any online poll, there is certainly the possibility of multiple votes being cast by the same person.
The red section above should read:
As with any online poll [ON OUR WEBSITE], there is certainly the possibility [GUARANTEE] of multiple votes being cast by the same person.
If you don't at least attempt to stop poll-bots, you're guaranteed to have them destroy the results of your poll whenever the two sides of an issue get fired up on a contentious issue.

0 comments:

Post a Comment