In order to prevent from multiple votes from the same visitor (check out the topic about voting frequency here), our default identification technique is cookies. We leverage both regular HTTP cookie and LSO (Local shared object a.k.a Flash Cookie) to uniquely mark the visitor’s device. As you probably figured out, it’s very simple to clean your cookies or use incognito mode, to actually make more than one vote from the same device. Thus, if fraud votes is a critical issue for you, our premium product support additional identification methods:
- By IP: These visitor identification method means that by default only one vote can be contributed from the IP. The advantage of this method is that it’s much harder to change IPs than cookies (requires some hacking skills but possible using proxies, etc.). The disadvantage is that different visitors who are using the same NAT (E.g. same router device), won’t be able to vote more than once.
- By Login: We provide a very useful JavaScript callback called beforeRate, you can use it to force a login to your site before being able to rate. Note: These method is also not 100% safe and could be hacked.
- By Social Login: Before a visitor can rate, he is required to connect his social identify with RatingWidget (currently we’ve implemented Facebook Connect). We believe this is the most safe identification method for many reasons. The main one is that in order to make fraud/fake vote – it requires a new social identity (creating of social identity takes time, requires unique email, etc.). The disadvantage of this method is that it significantly reduces the number of votes (some people don’t like to connect their social identity with external services).