如何匿名识别用户并存储该信息 [英] How to anonymously identify a user and store that information

问题描述

我需要一个简单的用户识别系统允许/禁止一个动作的目标即可。

I need a simple user identification system for the purpose of allowing/prohibiting an action.

这是<强>不是一个高安全性要求，这是确定犯错（例如，同一用户将通过不同的浏览器执行不允许的操作）。

This is not a high-security requirement and it is ok to make mistakes (eg same user will execute non-allowed action using different browsers).

要少抽象，让我们在计算器的投票看，我们假定我们希望允许公共观众的投票，但只有一次。

To be less abstract, let's see at the StackOverflow voting and assume we want to allow voting by public audience, but only once.

这是可以工作的最简单的事情 - 正在使用的饼干：设置每回答一个新的cookie;存储所有的票在一个cookie（或以某种方式组合这些）。

The simplest thing that can work - is using a cookie: set a new cookie per answer; store all votes in one cookie (or combine these somehow).

这是一个有点靠不住由于饼干大小/数量的限制。它还将发送cookie来现场所有的时间，虽然只需要1行动。

This is a bit unreliable due to the limitations of a cookie size/number. It will also sent the cookie to the site all the time, while it is only required on 1 action.

所以从这个角度来看，我想尽量避免使用的cookie。结果
但没有看到这样做比普通HTTP更好。我不认为IP / MAC地址等。

So from this perspective I would like to avoid using cookie.
But don't see a better of doing this over a regular HTTP. I don't consider IP/MAC address etc.

所以，上述的背景下，这些问题是：如何匿名识别用户并存储在客户端上的信息

So, with the context above, the questions is: how to anonymously identify a user and store that information on the client?

感谢。

推荐答案

匿名用户识别当然可以进行（和正在做）具有相当高的精确度。而不是转载的方法在这里是有点读数将为这一切了。

Anonymous user identification can certainly be done (and is being done) with a fairly high degree of accuracy. Rather than reprint the methodology here's a bit of reading that will lay it all out.

首先是关于用户隐私的互联网上的数学底子（特别是数据背后的熵）的旧位被联邦军。当然可选的，但它的前presses，我们正在寻找的模型。你可以跳过这背后是否识别数学不感兴趣。

First is an old bit by the EFF regarding the mathmatics of user privacy (specifically the entropy behind your data) on the internet. Certainly optional, but it expresses the model that we're looking at. You can skip this if the math behind identification doesn't interest you.

<一个href=\"http://www.eff.org/deeplinks/2010/01/primer-information-theory-and-privacy\">http://www.eff.org/deeplinks/2010/01/primer-information-theory-and-privacy

基本上采取一言以蔽之：仅使用浏览器的代理，IP地址和其它数据的发表自己的例子之一（panopticlick） HTTP：/ /panopticlick.eff.org/ 你有唯一地识别用户的可能性非常高（只要它是在同一台机器），而不需要饼干。关于他们的研究浏览器检测和独特性的更多信息，请访问：

Basically taken in a nutshell: using just the browser-agent, IP address and other data published in one of their examples (panopticlick) http://panopticlick.eff.org/ you have a very high likelihood of uniquely identifying a user (as long as it is the same machine) without the need for cookies. Additional information regarding their research into browser detection and uniqueness is available here:

<一个href=\"http://panopticlick.eff.org/browser-uniqueness.pdf\">http://panopticlick.eff.org/browser-uniqueness.pdf

访问panopticlick页面，并给它一个考验。它会告诉你如何寻找（并给予例子以及如何去做源），而.PDF将详细介绍了指纹识别方法的独特性和细节。

Visit the panopticlick page and give it a test. It will show you what to look for (and give examples and source of how to go about it) while the .pdf will detail the uniqueness and specifics of the fingerprinting method.

我的系统的配置，例如，是1301578总用的识别信息（减少熵的）20.38位测试中是独一无二的。鉴于他们的研究，你将有94.2％和99.1％的精度识别访问之间的用户没有使用任何客户端跟踪。

My system configuration, for example, is unique among the 1,301,578 total tested with 20.38 bits of identifying information (reduction of entropy). Given their research, you will have an accuracy of 94.2% and 99.1% in identifying users between visits without the use of any client side tracking.

这篇关于如何匿名识别用户并存储该信息的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！