to aid engagement, preferable allow users not logged in website vote on topic. should limited 1 vote per user per topic. aware ideal solution in fact force users log in or create account, (partly challenge) avoid this.
my research far has pointed combination of following:
- logging ip addresses, , rate limiting based on info. cause problems users in environment common address.
- set normal cookie. spoofed / deleted.
- use method of fingerprinting such fingerprintjs2. harder spoof average user, not prevent bots. imagine users in same workplace share same fingerprint - correct?
- set kind of supercookie hard delete , hard spoof.
what have missed? i'm aware isn't ideal, there kind of protocol this?
without authentication, there no way in way rule out bots.
but believe there middle ground work.
since anonymous votes, try come 2 numbers below:
- rate of anonymous votes per minute ip comfortable let happen, regardless if person or bot.
and
- rate of anonymous votes per minute specific topic/pool can get. can higher number, control bots use multiple ips vote.
and if of rates met, inform user limit of anonymous votes per minute reached , have wait bit or register.
that way still engagement users without worrying bots.
Comments
Post a Comment