AskBwog: Can You Hack the ROTC Survey?
Written by Bwog Staff
A tech-savvy commenter speculated that after “clearing their cookies” (a term we’ll define for the computer illiterate in just a minute), voters can change their personal survey ID number to someone else’s, which in theory would mean that anyone would be able to vote multiple times.
Bwog’s on-call computer whiz kids Hans E Hyttinen and Anish Bramhandkar explain why this is actually possible, but relatively unlikely:
Hans: Once you access the survey page, a cookie is created on your computer that stores a bit of information, probably indicating whether or not you have completed the survey, so that the next time you visit that URL, it can let you resume your survey (try this by clicking on your link, but closing the page without voting and then reopening the page). I don’t think clearing the cookie would do anything of consequence.
If you do change the ID number in the URL, it looks like you can vote again on that ID, just like you can vote again on your ID. It’s very stupid that there is no confirmation message or “sorry, you have already voted” message.
However, everyone is given a unique identifier (in the “WEM=” part of the URL) that you’d be hard pressed to just guess. So no, I don’t think you can actually change someone’s vote.
Anish: Perhaps they’re tracking by IP address? Perhaps preventing subsequent votes that aren’t from the same IP. Columbia IPs are dynamic, but most people are connected constantly enough that they don’t change.
I doubt that they’re doing either of these, but the ID number in the survey URL is so long that you’d be hard-pressed to find someone else’s legit ID.
Still, minutes later, one Bwog staffer tested it out and “changed one of the numbers and got a different working link. Clearing cookies was necessary, though. When I went back and clicked my own link, I had my own displayed.”