Honest internet voting using sms
Having refused authorization by email (as a way of not giving the proper level of protection against fraud), we decided to resort to the paid SMSDirect service (from iFree). Voting via SMS takes place in 3 stages:
1. The user presses the “Vote” button for the phrase he likes;
2. Enters a Russian cell phone number; receives a personal code by SMS;
3. Enters the received code on the site and confirms his vote.
On the voting page, users are guaranteed the security of their personal data, the free of charge SMS and the ability to vote only once from one number. Of the obvious consof such a scenario of Internet voting is its non-free nature for the organizer and the high probability of users refusing to disclose personal data (phone numbers). Of the pluses are the high reliability of the voting results and the high probability of participation of motivated respondents.
Technical steps:
1. We connected an SMS service ( SMSDirect )
2. We made a standard form for identification via SMS in two parts:
(the id id of the phrase was passed for the person to vote for)
a) enter the number ->
(check the number and send the code) - >
b) enter the code that came.
3. For each submission of the first part, if the correct number was entered (the correct format + did not vote for this phrase),
- an entry was created in the database that was waiting for confirmation.
- a session id was created that is associated with the code and phone number,
so the correct code will be relevant only for this session.
(that is, if your code is currently entered, another voting person in his form — it won’t work.)
- the second part was opened (code entry)
4. By submission of the second part with the correct code entered, this entry was confirmed, and from that moment counted like a vote for a certain phrase.
Potential technical difficulties: Checking the number, if you had to check the codes of the operators in the St. Petersburg and Leningrad region, but it turned out that SMSDirect sends sms all over Russia at the same price, so for our part it was enough to limit ourselves to checking the 7th first, and the total number of digits in the number (accordingly, the operator also marks the other incorrect numbers).
Protection against potential fraud (and bots) that enter reasonable numbers and simply send our SMS to them, in order to cause us trouble. In addition to limiting, the number of connections from the user up to ip / cookie does not work, which, in general, is not entirely reliable. It is interesting how large companies (Vkontakte and Google, Alfabank) that use SMS sending to suppress fraud and authorization solve and solve such a problem.
Our conclusion : at a reasonable cost of sending a test SMS, it is likely that losses from unbridled SMS-sabotage of users will be small, due to the considerable complexity of the SMS request procedure itself.
The main bonus for us: transparency of voting. Comparing the base of votes with the base of sent SMS (we have + on the service side), the uniqueness and validity of votes is easily checked up to the number. Well, as practice shows, getting three SIM-cards is much more difficult than three electronic mailboxes or three accounts, say, on Facebook :)