We hear the following questions almost every day:<\/p>\n\n\n\n
\n\"Is it possible to cheat when voting on Pinpoll?\"<\/em><\/p>\n<\/blockquote>\n\n\n\n
\n\"How do you make sure that one can only vote once?\"<\/em><\/p>\n<\/blockquote>\n\n\n\n
\n\"One answer of my poll received multiple votes within a short period of time - how's that even possible?\"<\/em><\/p>\n<\/blockquote>\n\n\n\n
The short answer to this: A secure, anonymous online voting is a perfect example of an Oxymoron<\/a> - \u201csecure\u201d and \u201canonymous\u201d are mutually exclusive by definition.<\/p>\n\n\n\n
In the News<\/h3>\n\n\n\n
We are regularly confronted with the fact that people call on others to manipulate the online voting of our customers in Social Media<\/a>. Not to influence the result in their favour, but rather to prove that anonymous online voting is not suitable for establishing a representative opinion. Some even offer programs<\/a> designed to facilitate manipulation. To our colleagues at Opinary, they even dedicated an article<\/a> (available in German language only).<\/p>\n\n\n\n
Folks, no one ever claimed it was a representative voting. People just love to give their opinion and see what others think. Every result should be reflected accordingly and that's it.<\/p>\n\n\n\n
Then there are those who explain to us with little technical knowledge how poorly our fraud prevention was programmed. \"Why don't you just allow one vote per IP address?\" Um, no, that's just not how it works in the age of large offices and free VPNs. This group of people also likes to send us videos demonstrating for minutes how they change their IP address, delete their cookies and cast another vote. That's amusing in many ways. Don't you have other things to do? And do you really believe that every vote counts just because we show a voting animation?<\/p>\n\n\n\n
And finally, another group of people joins in: the \u201cmature and self-determined citizens\u201d. The results of each and every poll is questioned, especially when it comes to Corona, vaccinations or restrictions on \u201cpersonal freedom\u201d. These people even call us and insult our crew on the phone. They threaten us with \"going public\u201d in tabloids, in case we don't do our job. Well right, we could simply limit the voting by IP address \ud83d\ude09<\/p>\n\n\n\n
This brings us to the core of the problem: These three groups of people would also complain if we tried to prevent manipulation using all technically means possible. Why? Because this could only be done by weakening data protection to a large extent.<\/p>\n\n\n\n
Data Protection vs. Fraud Prevention<\/h3>\n\n\n\n
There is a good reason for the requirement of personal legitimation in public elections: only if I know who has cast their vote already can I prevent that person from voting again. In our polls, however, there is no \u201crequirement for identification\u201d. We must therefore find other ways to remember who has voted already. This memory can be simulated, for example, by setting a cookie. Data protection is also guaranteed, since the user consents to the setting of the cookie, which is technically necessary in this case and not used for tracking. Alone, it is easy to delete a cookie in order to be able to vote again. But who's the bad guy now: the provider of a voting solution, who complies to data protection laws, or the participant, who deliberately manipulates the poll?<\/p>\n\n\n\n
Fingerprinting<\/h3>\n\n\n\n
To prevent manipulation in the first place, we used fingerprinting technology until a few months ago. A \u201cfingerprint\u201d was created, encrypted and stored in our database, which is unique for each browser. Of course, this can also be generated over and over again by a bot. However, that requires significantly more technical knowledge compared to deleting a cookie.<\/p>\n\n\n\n