Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

What kind of sanity checks did you implement, or how did you know what data to throw?


We had an interactive task (hosted in our own server) and a questionnaire afterwards. Sanity checks off the top of my head:

* Control words: our server gave them two (unique) control words (one for joining, one for winning), and we asked for them in the post-task questionnaire. Some of these words ended up being reused among several participants, even from participants that never even started the task.

* IP checks: we had an experiment that you could "win" (and earn a bonus), but you only were allowed to play once. Some people restarted the task several times, so we only used the first attempt in a sequence (as reported by their IP and timestamp).

* Data thrown away: we further removed data where we had more than one player per IP (to control for both multiple accounts per person and use of proxies), experiments that were way too fast, and experiments with unsupported browsers (which we explictly mentioned in the description).

Regarding money, we were not allowed by the TOS to withold payment to anyone that filled the questionnaire, even if we knew they did it in bad faith. We therefore implemented the "winning" bonus, and also gave bonus to people who lost but really tried.

I want to point out that a LARGE percentage of participants played honestly, and some of their data was thrown away only out of an abundance of caution. Once you keep the first bad apples out, they simply move to other, easily-exploitable tasks.




Consider applying for YC's Summer 2026 batch! Applications are open till May 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: