I can vote every time I access at vote page. (Already sign in Google)
So i worry about Bot that can vote infinitely.
Is anyone else experiencing this issue?
I voted for my app, it stays voted and can’t unvote or vote again for it, maybe more context would help to understand the issue.
I think he means that you can go incognito and vote again. Does the same for me too - can vote multiple times.
Yes, this is a critical issue that needs to be resolved, as some people might have already started taking advantage of it.
there were also some concerns that the votes are only being stored locally and is not truly being tracked can we get some confirmation on that
@Lloyd_Hightower @luluthepooh
I looked at some of the js files.
The voting mechanism in the code is based on local storage, meaning it tracks votes on a per-browser and per-device basis. When a user votes for a project, the project’s identifier (slug) is stored in the browser’s local storage, preventing the user from voting for the same project again from that browser.
These are some of the codes on the client sides that show all this:
var l3 = async function(a) {
return a ? (await k3()).includes(a) : !1;
}
The function l3 takes a project identifier (a, typically the project’s slug) as input. It calls another function k3 that retrieves the list of voted projects from local storage. If the project slug is found in the list (includes(a)), it returns true, meaning the user has already voted for this project. Otherwise, it returns false.
There is also this part:
var m3 = async function(a) {
if (a) {
var b = await k3();
if (!b.includes(a)) {
var c = (await _ds.u()).getStorage();
b.push(a);
try {
await c.set("googledevai-gemini-voted", "project-list", JSON.stringify(b))
} catch (d) {}
}
}
}
- The function first checks if the project slug
a
has been passed. - It then retrieves the current list of voted projects by calling
k3
. - If the project slug (
a
) is not found in the list (!b.includes(a)
), it:
- Retrieves the storage object (
c
). - Adds the project slug to the list (
b.push(a)
). - Saves the updated list back to local storage (
c.set
).
- The list of voted projects is stored under the key
googledevai-gemini-voted
in the storage.
and also:
var k3 = async function() {
var a = (await _ds.u()).getStorage();
if (!a) return [];
if (a = await a.get("googledevai-gemini-voted", "project-list"))
try {
return JSON.parse(a);
} catch (b) {}
return [];
}
This function fetches the list of projects the user has already voted for from local storage.
It seems to be completely local storage and since incognito doesn’t use the local storage of the browser that will allow it to vote.
So far, this seems to be an issue since I saw no server side processing, and it’s purely locally saved in the browser.
However, I didn’t check the whole code, there are probably some mechanisms preventing spamming in the backend process that ignore the votes coming from an anonymous source with no gmails.
Will this be a problem as theoretically , people can still just proxy spam votes to get the advantage.
Can we please get some insights from the Google team?
Thanks
Hi @ChanHHOO
General users other than Google employees participating here cannot determine whether this is normal or abnormal.
There was a comment in advance from a Google employee asking for a vote among developers, but for now anyone can post.
There are no “rules” for posting, so I don’t know anything about it at this point.
It is unclear at this time whether the number of votes will be made public.
@Lloyd_Hightower is the only Googler in this community who can answer questions.
I wish to get any answer about this situation
Indeed, I checked the F12 Network tab and it seems that when you click vote, they are not being sent to the server.
I hope that Google has a system that can detect it. I checked a few apps and I think many people have not followed the rules therefore there will be a lot of rejections when Google developers analyze the codes.
Is there still no official feedback from Google on this issue?
I hope that they at least check if the bots voting or not
Per browser 1 vote and if changed google account then may be one more vote
They have started sending voting events to Google Analytics now (This wasn’t happening earlier). That is the only network call happening now on voting. And they are recording the voted project ids locally, so If you go to incognito, you can vote again.
That still doesn’t make any sense. All pages use the same tag GTM-TC2MQKS8, but it should be a different tag for each page, and no network requests are sent when “Vote” is clicked.
Also, it doesn’t make sense to use Google Analytics, because all it does is provide Analytics … (obviously), it would be very wrong to use Google Analytics for it because simply opening a page does not mean that someone clicked on “Vote”.