Function to allow only one vote for equipment

2

I set up a simple polling system in which you can vote only once per IP. However, it registers the IP of the network and not the user's computer, making it impossible for other equipment on the same network to vote. I already researched Google and found no alternative to remedy this problem. I'd like your suggestion.

    
asked by anonymous 03.05.2018 / 22:25

1 answer

2

It is impossible to differentiate two devices that use the same network using only your website , regardless of the programming language you use on your server. cookies, which however can be easily circumvented if the user wants to clear the browsing data, here are suggestions:

Cookie / localStorage

The most you can do is create a cookie, or "maybe" localStorage of JavaScript, but it does not mean that you have guarantees against fraud in the votes, as the user can simply delete the cookies or the localStorage and ready, he can vote again.

Voting via application

Another solution is to create an app, which will use another type of identification, such as the person's cell phone number, of course the votes could only be made by the app, then no site, only webservice and a TOKEN for identification between client and server, this way it would be much harder for the user to circumvent.

Validate the vote

If you really want to use the web, one way to ensure that the vote is real is to validate via other means, such as e-mail, for example:

  • the person who votes type the email and selects the voting option
  • The server generates a single link that can only be used once
  • the server sends the link via email to the user who voted
  • user opens INBOX and clicks the link
  • when accessing the link the server validates the vote flag with some flag that the link has expired (can be done via the database)

This same technique could be used with validation via SMS, of course this will depend on a service that sends and receives SMS.

Zombie cookie

A few years ago some large sites were accused of using a technique called zombie cookie or evercookie or persistent cookie (I had other names for this, remember I'll edit it), it's a very variant technique strong>, which usually consists of creating the cookie and using other aspects such as:

  • cache
  • create a temporary element on the page
  • ajax
  • localStorage / sessionStorage
  • embedded technologies such as flash or silverlight

In other words, I recorded a simple reference that would serve as an identification to regenerate the cookie, if the user cleared all the navigation data, then since the page was open, even cleaning the data they were regenerated, even more advanced users they knew well how to circumvent it.

Understand that I'm not talking about making use of this and I will not even provide a code for this, I'm just commenting because the subject seems appropriate here, since the technique was created with a similar purpose.

This technique, despite bringing a reasonable efficiency, is still controversial and maybe in Brazil does not cause anything like process, but the technique has already been accused of violating the user's privacy, including MicroSoft itself had something like that for using a "cookie" to identify the users, which later after the controversy was disabled.

    
03.05.2018 / 23:04