Helping people with computers... one answer at a time.

Many online polls and voting tools use your IP address to keep track of the number of votes you've made. Unfortunately that technique is flawed.

When I go to a certain website and cast a vote it displays that someone has cast a vote from my computer or from the IP address. Is there anyway of finding out who is using my IP address in a fraudulent way? Now I'm leery as to why i have a computer in the first place!

You're making one huge assumption that's likely not correct. It's very unlikely that there's fraud here at all.

There are a couple of very valid ways that the same IP addresses might appear to be in use by several different computers. If the voting software using only your IP address to check for voting abuse, then it's not doing as good a job as it should be.

Two scenarios come to mind immediately: routers and bad IP detection.

As I've discussed before, a router allows several computers to share a single internet connection. One side effect of doing so is that all the computers that are sharing that connection appear on the internet as having the same IP address. The internet IP address actually belongs to the router, and it manages the routing the appropriate data to and from the appropriate computer behind it.

If you're in a home or small business that uses a router to share an internet connection, then any of the other computers could have voted and appeared as having come from the same IP address your computer would.

If you're connecting from a larger facility, say a school or corporation, the same issue can arise. Many facilities connect their internal network to the internet through a set of routers. A company of several thousand might appear as only a handful of IP addresses on the internet. If someone else within the company voted, it's quite possible that you might appear as the same IP address when you attempt to vote later.

"Using just the IP address to counter voter fraud and other types of abuse is common because it's easy."

And then there's AOL.

When last I checked, I believe AOL puts all of its subscribers behind the equivalent of a collection of routers. Therefore when you as an AOL user connect to a web site you may be using the same IP address as some other AOL subscriber who came before you.

There's another problem that could be at play here as well.

If you're behind a router, your IP address is an IP address on your local network, not the internet. Most consumer routers use the 192.168.1.x range. In fact, most will start assigning IP addresses at 192.168.1.1, then 192.168.1.2, then 3 and so on.

As a result there are thousands of machines out there at IP address 192.168.1.1 on their local network.

If the voting abuse software attempts to use the IP address of the machine rather than the IP address of the machine's connection to the web site, then it'll just be wrong. The first person with an IP of 192.168.1.1 might be able to vote, but all that follow would be seen as coming from the same address.

It's very unlikely, but it is one additional way that the voting abuse detection scheme might fail.

Using just the IP address to counter voter fraud and other types of abuse is common because it's easy. As you can see, that often has the unintended side-effect of blocking more than just a single abuser. Unfortunately blocking an individual computer for these types of accesses is difficult - at least doing so in a way that isn't trivial to circumvent is difficult. The most common alternate approach is to require registration and login to vote, which naturally reduces the number of voters as people are reluctant to jump through the additional hoops.

Article C3147 - September 12, 2007 « »

Share this article with your friends:

Share this article on Facebook Tweet this article Email a link to this article
Leo Leo A. Notenboom has been playing with computers since he was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed. After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers to common computer and technical questions. More about Leo.

Not what you needed?

5 Comments
Greg Bulmash
September 12, 2007 1:06 PM

Actually, AOL not only puts their users behind a bank of routers, but during a single session the IP address you're presenting to external sites can change from moment to moment.

Kenny Whyte
September 15, 2007 4:01 AM

Where I work we route all web-traffic through a proxy which points to one of 3 cache machines, so your IP is usually detected as one of those IP's.

Can causes problems for us - like last week when we were blocked from indirect searching on google for 12 hours, and our near constant IP ban from Wikipedia.

Mark Davies
September 15, 2007 12:30 PM

Another issue relates to the way ISP's issue IP addresses. If you use a dial up connection you are only issued an IP address for your session the IP address is re-used by the next session after you've disconnected. Also in some parts of the world ISP's don't issue static IP addresses to broadband routers, they change the IP address you're using every day, so someone could have voted yesterday using the same address.

Chris
September 16, 2007 4:22 PM

Some poorly coded voting applets will also save your vote to a cookie.. Which means, disabling cookies for that particular page can allow you to vote infinity times as you refresh the page :).. Try it..

a
January 6, 2009 11:18 PM

is this coming back to me as some one has used a form and i got sent an email saying i sent it.How?

Comments on this entry are closed.

If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.

If you don't find your answer, head out to http://askleo.com/ask to ask your question.