|
|
Posted by Gordon Burditt on 11/03/06 00:14
>>>>You could try a "I voted on this survey" cookie. If you insist that they
>>>>accept cookies before even SEEING the survey, this might work well enough
>>>>for your purposes. They are, however, easily defeatable.
>>>
>>>I am sorry, I don't quite get this idea, could you give more details?
>>
>>
>> It's very simple (and very defeatable). For each different thing
>> they can vote on, define a cookie name, like
>> "I_VOTED_FOR_Benbrook_DOG_CATCHER_PLACE_53". Perhaps you want to
>> make this a bit less obvious. If you try to vote for Benbrook Dog
>> Catcher Place 53 (the place has really gone to the dogs if it needs
>> 53 dog catchers) and this cookie is ALREADY set, they're trying to
>> vote twice for this race. After they vote, set that cookie.
>>
>> This tries to enforce one vote per computer. Or perhaps one per
>> computer account, if they've got different profiles. That's a
>> better approximation to one per person than one vote per IP.
>>
>> This works (a little) better if you insist that they turn on cookies
>> before they get to the vote pages. It's easy to defeat if the user
>> is asked whether to accept cookies and he refuses any set after you
>> submit the voting page.
>>
>> You could perhaps use this in conjunction with IP checking. For
>> example, you might allow votes from a given IP more often if they
>> don't have the cookie and haven't been trying to duplicate-vote
>> recently according to the cookie.
>>
>>
>>>And one more question, maybe more on the psychological side - what
>>>actually stops these kids from manipulating digg's content? I guess
>>>opening 100 accounts shouldn't take too much and it should be enough to
>>>get any link on top of the list?
>>
>>
>
>Doesn't work at all. For instance, I have my systems set up to clear
>all cookies when the browser is closed. And I could also go in and
>clear the cookies manually at any time.
Yes, it does. It means that the kiddies who don't use bots have
to close and re-open the browser every time, and that slows them
down by at least a factor of two. Probably more. And manually
clearing cookies probably doubles the number of mouseclicks or
keystrokes needed per vote. So it slows down the rate of duplicate
votes. A little. It also prevents the casual cheaters who don't
know what a cookie is and give up easily from casting duplicate
votes.
As I said, the method is very defeatable. It's a lot like making
a vault door out of 1-ply toilet paper, which is still better than
no door at all: it might slow down bank robbers by a second or so.
More if they can't stop laughing.
People spending millions of dollars on elections (like the US
government and state governments) haven't managed to stop phony
votes, either. You're certainly not going to do any better without
even having a voter registration list. All they can do is try to
reduce the problem.
Navigation:
[Reply to this message]
|