Yes, this is our highest priority.

Please write up a detailed design of exactly how anonymous voting vs. logged-in voting should be handled in order to address this serious problem with tragic consequences. You appear to have only scratched the surface here. Dig deeper, consider the different scenarios. Unless you actually have something important to do instead.

Hi, thanks for the reply and considering this seriously.

This is a problem faced by all sites which uses IP to track users. Consider the case of rapidshare. They give the limit of some 100MB size. They use IP address to track. The effect is if either of us in the office downloads some file, it affects the downloads by others :(

A possible solution can be, track both IP and user. I.e. if user is Anonymous,check IP. For all other users, look for user ID. A possible truth-table which allows anonymous user and one vote per a logged-in user can be

+---------------+-------------+-------+-------------------------------
+--------+
| IP Address    | User        | Vote  | Comments                      
+        |
+---------------+-------------+-------+-------------------------------
+--------+
| 192.168.1.10  | vcTheGuru   |  Y    | 1st Vote by vcTheGuru         
+        |
| 192.168.1.10  | Anonymous   |  Y    | 1st vote by vcTheGuru, without
+ login  |
| 192.168.1.10  | tye         |  Y    | 1st Vote by tye               
+        |
| 192.168.1.10  | Anonymous   |  N    | 2nd vote by Anonymous from sam
+e IP.   |
|               |             |       |                               
+        |
| 192.168.1.11  | vcTheGuru   |  N    | 2nd Vote by vcTheGuru         
+        |
| 192.168.1.11  | Anonymous   |  Y    | 3rd Vote by vcTheGuru,New IP-A
+nonymous|
| 192.168.1.11  | tye         |  N    | 2nd Vote by tye               
+        |
+---------------+-------------+-------+-------------------------------
+--------+
[download]

It is obvious that Anonymous user can vote from any IP. Otherwise there no meaning in allowing anonymous user to vote. If someone wish, he can cheat the on-line voting. I feel like none of the method is fool-proof someone wish to screw up any voting :(

--VC

My Home

... If someone wish, he can cheat the on-line voting.

It's not like we were having an election for PM's President, or some such... :)  I always thought of these polls as being for entertainment only, and to provide some context for funny, wise or witty remarks, which all in all just helps to get to know each other a little better, and gives some rough feedback what "the community" thinks.

I've personally never felt the urge to vote more than once, except maybe if I couldn't decide on which option to vote. And even then, I just picked one and went on with life.  I'd suppose the majority of Monks are handling this in a similar way (?)

How does that help any? Everyone can now vote more often than before! The majority of people currently have one vote, but you just gave them a second vote.

If I'd make a change, it would be to give the following results:

+--------------+-----------+------+--------------------------------+
| IP Address   | User      | Vote | Comments                       |
+--------------+-----------+------+--------------------------------+
| 192.168.1.10 | vcTheGuru |  Y   | First instance of IP and user. |
| 192.168.1.10 | Anonymous |  N   | IP already voted.              |
| 192.168.1.10 | tye       |  N   | IP already voted.              |
| 192.168.1.10 | Anonymous |  N   | IP already voted.              |
| 192.168.1.11 | vcTheGuru |  N * | User already voted.            |
| 192.168.1.11 | Anonymous |  Y   | First instance of IP and user. |
| 192.168.1.11 | tye       |  N   | IP already voted.              |
+--------------+-----------+------+--------------------------------+
[download]

The * marks the only change from the current setup.

However, the gains from this change are *very* minor: It would force the "cheat" to logout to place any vote after the first. It won't stop him from placing as many votes as he has IP addresses. It's not worth the effort.

"I feel like none of the method is fool-proof someone wish to screw up any voting :(" ding ding ding we have a winner! ;)

The only way to "fix" this is to disallow anony votes which wouldn't be very nice so, oh well.


___________
Eric Hodges

Internet poll throttling by IP trivially circumvented. Film at 11.

Yes, that should be fixed, now that the trick is public... btw, you could have /msg'ed the gods prior to "full disclosure".

_($_=" "x(1<<5)."?\n".q·/)Oo.  G°\        /
                              /\_¯/(q    /
----------------------------  \__(m.====·.(_("always off the crowd"))."·
");sub _{s./.($e="'Itrs `mnsgdq Gdbj O`qkdq")=~y/"-y/#-z/;$e.e && print}