如何记住匿名投票 [英] How to remember an anonymous vote

问题描述

实现匿名投票的内存或持久性的最佳方法是什么？前几天，我正在浏览某个网站（不幸的是，我忘记了URL），因此我可以快速竖起大拇指或竖起大拇指一个项目。所以我对几个项目进行了投票。然后，我关闭了所有浏览器实例，删除了所有浏览器历史记录和文件。我回到网站上对某些相同的项目进行了投票，但它已经我知道了。因此，我想知道实现此目标的最佳方法是

What is the best way to implement a "memory" or persistence for an anonymous vote? The other day I was browsing some site (unfortunately I forgot the URL), and I could quickly "thumbs up" or "thumbs down" an item. So I voted on several items. I then closed all my browser instances, deleted all the browser history and files. I went back to the site to vote on some of the same items but it "knew" that I had already voted. So I am wondering what's the best way to accomplish this

我读过有关evercookie的信息，但从某种程度上讲，它们似乎并不是一种对待用户的好方法。我不想走那条路。还是evercookies是实现此目标的唯一方法？

I have read about evercookies, but somehow they don't seem like a nice way to treat your users. I don’t want to go that way. Or are evercookies the only way to accomplish this?

如果evercookies并非其背后的机制，那么我唯一想到的方法就是记住客户端的IP +用户代理+其他。但是什么是别的东西？

If evercookies were not the mechanism behind this then the only way I can think of is to remember the client's IP + User Agent + something else. But what is "something else"?

有什么想法吗？

问候，
Archil p>

Regards, Archil

推荐答案

网站可能会使用以下内容的组合来尝试确定洪水或滥用某种形式（例如在线民意调查）。没有一种方法是绝对可靠的。

Sites may use a combination of the following to try and identify flooding or abuse of a form such as an online poll. No method is completely infallible; in fact, most are trivial to fool.

识别同一个人：

• 设置cookie（例如会话cookie）


• 比较IP地址


• 一种具有cookie并比较部分IP的启发式方法地址（/ 24子网）和/或用户代理作为没有cookie时的备份。

防止其他类型的滥用：

Preventing other types of abuse:

• 防洪：每分钟来自某个IP子集或每个人的投票数不能超过一定。

• Flood control: don't allow more than a certain number of votes per minute from a certain IP subset, or from everyone.
• Spam detection: try to detect bots by signature (eg malformed user-agent or accepts header, etc)

让用户跳过滚轮：

• CAPTCHA /机器人检测


• 使用户通过电子邮件确认投票


• 进行用户注册，提供唯一的电子邮件地址，确认电子邮件地址

每次测量e是平等而相反的对策。例如，滥用者可能会忽略Cookie，更改其用户代理或使用匿名服务来更改每个请求的IP地址。他可能会使用多个帐户使用扔掉的电子邮件地址进行注册，甚至可以尝试击败CAPTCHA（例如，为另一个站点上的用户重放CAPTCHA）。

For every measure there's an equal and opposite counter-measure. For example, an abuser might ignore cookies, vary his user-agent or use an anonymiser service that varies his IP address for every request. He might sign up using multiple accounts with throw-away email addresses, and there are even ways to try and defeat CAPTCHA (eg. replay the CAPTCHA for users on another site).

请注意，对于那些决心要破坏的人来说，evercookie对您的作用并不比cookie大。例如，它们不会影响机器人。

Note that to someone who is determined to disrupt, an evercookie doesn't do much more for you than a cookie. They wouldn't affect a bot, for example.

我个人不喜欢使用使用户跳过障碍的障碍。希望我已经证明了，即使您需要注册，也不能像使用好的防洪算法那样，更加防范防备滥用者，因为获得多个一次性电子邮件地址很简单。

I personally do not like to use the barriers that make users jump through hoops. Hopefully I've demonstrated that even if you require registration you are not guarding against abusers all that much more than you would with a good flood control algorithm, since it's trivial to get multiple throwaway email addresses.

这篇关于如何记住匿名投票的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！