How RED / BLUE counts votes, prevents cheating, and protects you.

One vote per person. No accounts. No tracking. No raw IP addresses on disk. Here is exactly how.

The lifecycle of a vote

1. You press a button. The browser sends a small payload to the Vercel edge runtime: your choice (red or blue), a device fingerprint generated locally by your browser, and the request headers Vercel attached automatically.
2. The edge function geolocates the request from x-vercel-ip-country. We use the country code only; we never store latitude/longitude, city, or any precise location.
3. An identity hash is computed: a SHA-256 of IP ‖ user-agent ‖ secret salt. The salt lives only on the server, so the hash is non-reversible and non-correlatable across deployments.
4. The row is inserted into Postgres, subject to three unique indexes:
   • session_id — a signed, HttpOnly cookie set on first visit and good for one year.
   • device_hash — the client-side fingerprint. Catches same-device + different-browser and same-device + incognito.
   • Plus a non-unique index on ip_hash for abuse review only. IPs are deliberately not unique, so a whole household or office cannot be conflated into one vote.
5. Database triggers update the aggregates. Two small tables — tally (global) and country_tallies (per-country) — are kept in sync by a Postgres trigger on insert. These are the only tables every browser subscribes to, so a viral surge does not flood the realtime channel.
6. You see the result instantly. The vote you just cast bumps the counter you are now staring at, along with the counters of everyone else in the world watching at that same moment.

What we store

• Your choice: red or blue.
• A country code (e.g. DE, BR).
• A session ID (random; not linked to you).
• A user-agent string.
• A salted hash of your IP and user-agent.
• A device fingerprint hash.
• The timestamp.

That is the entire record. There is no name, no email, no IP address, no precise location, and no cross-site tracking.

What we do not do

• We do not store raw IP addresses.
• We do not run third-party analytics on the voting page.
• We do not sell, share, or syndicate any of the data.
• We do not subscribe browsers to the raw votes table. Only aggregates and a short event ticker are public.

Why your vote can't be reversed

A reversible vote is a vote you can keep voting on until you like the answer. The lock makes the choice expensive in a way that does not require money. The only cost the experiment can charge you is irreversibility.

How abuse is prevented

Three independent layers, any one of which is sufficient to catch the common cases:

• Session — defeats reload-replay and same-tab spam.
• Device fingerprint — defeats clearing cookies and incognito.
• Unique DB constraints — even if both of the above are bypassed, the database refuses the duplicate write. The API responds with the original vote, idempotently, so the attacker cannot tell whether they succeeded or were caught.

The site is also crawlable by AI assistants — see robots.txt. The current tally is available in machine-readable form at https://redorblue.space/llms.txt.

Open source spirit

The architecture is intentionally simple. If you are a developer and want to read the schema, the triggers, and the edge function, start with about and follow the links from there. The realtime aggregate pattern (no raw subscriptions to a write-heavy table) is the bit most likely to be useful elsewhere.