Unlimited surveys

[BruAguilo]

Describe the bug
I answer the same survey from different browsers, not concerning if I have answered it before. So I can answer it one time from one browsers, a second time from another browsers, etc. from the same IP.

To Reproduce
Steps to reproduce the behavior:

1. Go to survey component.
2. Answer it and click on "submit".
3. Try the same steps on your different browsers.
4. See error.

Expected behavior
I can only answer one time per survey, not mattering the browsers you use in the same IP.

Screenshots

Stacktrace
If applicable, add the error stacktrace to help explain your problem.

Extra data (please complete the following information):

• Device: iMac
• Device OS: macOS Big Sur v11.2
• Browser: Safari v14.0.3, Firefox v85.0.2, Chrome v88.0.4324.182

[microstudi]

This is the normal behavior for "anonymous surveys", that's why they should be used wisely (there's a disclaimer when configuring them).

[mrcasals]

So, the component is configured to allow "anonymous surveys" and this is the expected behavior, is that right?

[BruAguilo]

Yes, sorry for not mention that the component is configured to allow "anonymous surveys", thanks for remembering that!

But the point is: it doesn't allow me to answer more than one time per browser, but I can answer as many times as I want depending on the number of browsers that I have and if I jump between them. Shouldn't I be able to respond only once per IP?

[microstudi]

I don't think so because ips are not a reliable identifier. People can use vpns or proxies for instance, more than one person might be ending using the same ip.
The current system uses the browser session as user identifier that's why you can answer using different browsers (or a new private window for that matter).
Any changes to this behavior should be discussed technically in any case

[BruAguilo]

super! thanks for your time and for the clarification, @microstudi !

[andreslucena]

I think this would need to be clarified on the admin panel or in the docs, something like:

Mind that a participant could answer the same survey multiple times, by using different browsers or the "private browsing" feature of her web browser.

Or something a clearer that doesn't repeat browser 3 times 😝

[armandfardeau]

Hi, what do you think about https://github.com/fingerprintjs/fingerprintjs @microstudi ?

[ahukkanen]

If you'd like to limit the answers per user, I would suggest adding some kind of answer tokens which can be generated for the anonymous survey and then each user could be emailed (or other way of communication) their own token.

Then in the answer view, the user would have to enter their answer token before accessing the survey or alternatively, you could send a link with the answer token pre-entered.

[microstudi]

@armandfardeau not a fan to be honest, it means more dependencies, Not 100% accurate and feels like a privacy invasion to me.

@ahukkanen is right, but in this case, wouldn't be easier to just use normal surveys that require users to authenticate?

There's also intermediate scenarios possible: for instance, create a field for the email and monkey patch the answer token to return the content of that field.

And, I'd also like to have an even more "wild-free" type of survey, without any token authentication at all. There use cases where you want users to answer the same form over and over without much concerns about "authenticity" or duplication.

[andreslucena]

Just to keep track, this need was also detected by @AriadnaVA at https://meta.decidim.org/processes/roadmap/f/122/proposals/14323?commentId=24323#comment_24323

[ahukkanen]

Much of what @microstudi mentioned above is relevant.

I think that creating the token list by admins would still help this particular issue in case Decidim surveys were used as in more traditional survey tools. Registration is a big barrier for many, so if they have to register to fill a survey it would mean less answers. It seems kind of too much to ask just to answer a survey. That's why I suggested the token approach @microstudi .