Update on the TechStars Startup Madness Tournament

Posted on 03-21-2011 by Rebecca Kelley (Rebecca)
URL for sharing: http://thisorth.at/1oe5
142755

I wanted to update you guys with what's going on with the TechStars Startup Madness tournament. Some folks have complained that some of Round 2's votes appear to be as suspicious as a grown man showing up at a young girl's house to "hang out," only to run into Chris Hanson in the kitchen. Fear not, conspiracy theorists! Your suspicions have been confirmed: there have definitely been some voting inconsistencies.

We've adjusted the voting after identifying that a single group was affecting multiple different match ups. You'll likely notice a large adjustment in votes for many start ups -- this does NOT mean that a company who lost a lot of votes is guilty of cheating since the group we've identified was posting a ton of fake votes for various companies.

We'll continue to monitor voting; in the meantime, to compensate, we've extended the voting time for Round 2 by four hours. Both TechStars and This or That take this contest very seriously, and we're constantly working to ensure that it is is honest and legitimate. To all of the companies still in the running to win the TechStars Startup Madness tournament, good luck! Keep voting and sharing, but keep in mind that we're monitoring the votes and are working to keep the results as accurate as possible.

Did you like this post?

Debate It! 14

What criteria have you used to isolate a fraudulent vote guys?

Posted By neek, 03-21-2011 (2 years and 2 months)

@neek I wish we could be totally open about it, but the information asymmetry is an important advantage for us -- those trying to game the system don't know exactly what our data set looks like or what we can see.

Posted By Jon, 03-21-2011 (2 years and 2 months)

That's fine and I understand it must be difficult. I just hope you're happy it's accurate/fair and not too simplified like being based on time submitted or duplicate IPs. We're based in Europe so I saw all these votes coming in but I was also working hard on getting the word out and know we had plenty of legit votes go in the system in parallel. Two users of ours also both voted just now (and tweeted) but the vote count only went up +1. This is a very serious comp for us startups but you know that I'm sure. We all just want a fair fight (to the death!!!)

Posted By neek, 03-21-2011 (2 years and 2 months)

Why not make people validate their email address when they sign up if not using fb connect? I would thunk it would be harder to game a system that way.

Posted By alexcross28, 03-21-2011 (2 years and 2 months)

@AlexCross It's definitely on our to-do list and has high priority, but I'm not sure how quickly we can get it implemented.

Posted By Rebecca, 03-21-2011 (2 years and 2 months)

@Rebecca thanks for your help today with clearing up those wanky accounts!

Posted By joekromer, 03-21-2011 (2 years and 2 months)

@Rebecca, fair enough. Glad it's on the horizon. Thanks again for the help today. When do you certify the results?

Posted By alexcross28, 03-21-2011 (2 years and 2 months)

The new round should begin tomorrow.

Posted By Rebecca, 03-21-2011 (2 years and 1 months)

If you can't explain how the fraudulent votes were cast, can you say who the "single group" was? Why on earth would one group of people cast hundreds of fake votes on multiple contests... and on both sides of each contest? Also, as neek asked, can you confirm it wasn't something simplistic like IP filtering?

What's done is done, but a lot of people are still scratching their heads.

Thanks!

Posted By Denishurley, 03-22-2011 (2 years and 1 months)

It's hard to tell who the single group was because they cast fake votes for multiple start ups, so it's difficult to tell who they were secretly representing.

Posted By Rebecca, 03-22-2011 (2 years and 1 months)

TOT's user registration, voting system, and TechStars Startup Madness Tournament are completely broken. It still hasn't been made clear what constitutes a fraud vote. I understand not revealing how you removed votes, but is this really coming from a stand point of security or from hiding incompetence. How are users supposed to avoid being counted as fraudulent (Can my wife and I vote at home or is that cheating?) At a minimum you should post some guidelines to prevent your vote being discounted.

I'm sure you did some IP filtering techniques, looking at your analytic information from google, quantcast, and woopra and manually looking at usernames, emails to see if they are "sensible" and not random; but is this enough or appropriate? One of the easiest preventive measures would be to make your user registration system more robust. Right now its too easy for script kiddies to script up user account creation, ip spoofing, and voting. Make it random enough and there would be no way to tell under your current system of "detection". Add a captcha, confirmation email, check to see if email domains exist, add a harder password strength, and salt your passwords in your db, do something to improve this sites registration.

The tourney is broken, and anyone who wins is essentially your "best guess" of the winner. Accusations of cheating can be very damning to startups and removing more votes at random for a specific startup up inadvertently labels them with a Scarlet 'C'.

I appreciate your work that you have done already, and wish you the best of luck, but the site needs a major overhaul to prevent it from being gamed.

P.S. I can't believe the username 'admin' wasn't blocked out.

Posted By changedusername, 03-23-2011 (2 years and 1 months)

@Dennishurley -- it wasn't something as simplistic as IP filtering.

@changedusername (note: the user originally registered "admin" as their username),
> It still hasn't been made clear what constitutes a fraud vote... At a minimum you should post some guidelines to prevent your vote being discounted.

We have an engineer (an actual human, not a simple filter) examining the votes. I think he's smarter and more sophisticated that you might imagine, but then again he's human (i.e., not perfect).

>Add a captcha, confirmation email, check to see if email domains exist, add a harder password strength, and salt your passwords in your db, do something to improve this sites registration.

As Rebecca noted, improving the registration process is on the agenda. It's always a trade-off, though. We want it to be as easy as possible for people to participate in the voting. I know there is a theme in the "security community" that more & harder is always better. This attitude is what leads to 16 character alphanumeric passwords that have to be changed every 8 days and CAPTCHAs that take a dozen attempts to get right. Security is and always will be a trade-off and dependent on the situation.

>Accusations of cheating can be very damning to startups and removing more votes at random for a specific startup up inadvertently labels them with a Scarlet 'C'.

I'm sorry, but the doesn't make any sense (and it won't, no matter how many times you repeat it). Anyone can create invalid votes for any participant. Removing votes doesn't say anything about the participants, it just says that some votes were invalidated. I'm confident all of our participants and voters are smart enough to understand that.

Posted By Jon, 03-23-2011 (2 years and 1 months)

And...
> P.S. I can't believe the username 'admin' wasn't blocked out.
You got us, congrats! I don't think you really fooled anyone with your comments, though. You just made us do some pointless work in changing your username. I guess I still don't get the whole anonymous trolling thing. You made some good points, it's a shame that you aren't willing to sign your name and be a real part of the discussion.

Posted By Jon, 03-23-2011 (2 years and 1 months)

Looks like more stuff is going on. Some startups appear to be losing votes, others gaining votes, while vote totals are dropping. Looks like TOT is moving votes from one startup to the other. Is that the case?

Posted By rfawal, 03-28-2011 (2 years and 1 months)