What is the best way to implement a "memory" or persistence for an anonymous vote? The other day I was browsing some site (unfortunately I forgot the URL), and I could quickly "thumbs up" or "thumbs down" an item. So I voted on several items. I then closed all my browser instanc开发者_如何学Goes, deleted all the browser history and files. I went back to the site to vote on some of the same items but it "knew" that I had already voted. So I am wondering what's the best way to accomplish this

I have read about evercookies, but somehow they don't seem like a nice way to treat your users. I don’t want to go that way. Or are evercookies the only way to accomplish this?

If evercookies were not the mechanism behind this then the only way I can think of is to remember the client's IP + User Agent + something else. But what is "something else"?

Any thoughts?

Regards, Archil

Sites may use a combination of the following to try and identify flooding or abuse of a form such as an online poll. No method is completely infallible; in fact, most are trivial to fool.

Identifying the same person:

• Setting a cookie (such as a session cookie)
• Comparing the IP address
• A hueristic approach having a cookie, and comparing part of the IP address (a /24 subnet) and/or user-agent as a backup when there's no cookie.

Preventing other types of abuse:

• Flood control: don't allow more than a certain number of votes per minute from a certain IP subset, or from everyone.
• Spam detection: try to detect bots by signature (eg malformed user-agent or accepts header, etc)

Making the user jump through hoops:

• CAPTCHA/robot detection
• Making the user confirm their vote by email
• Making the user register, provide a unique email address, confirm the email address

For every measure there's an equal and opposite counter-measure. For example, an abuser might ignore cookies, vary his user-agent or use an anonymiser service that varies his IP address for every request. He might sign up using multiple accounts with throw-away email addresses, and there are even ways to try and defeat CAPTCHA (eg. replay the CAPTCHA for users on another site).

Note that to someone who is determined to disrupt, an evercookie doesn't do much more for you than a cookie. They wouldn't affect a bot, for example.

I personally do not like to use the barriers that make users jump through hoops. Hopefully I've demonstrated that even if you require registration you are not guarding against abusers all that much more than you would with a good flood control algorithm, since it's trivial to get multiple throwaway email addresses.

I have got your question and there are many methods to identify the user clicks or visit.

Cookies

There are various cookies you can store in users machine like

• SuperCookies
• Flash Cookies
• Silverlight Cookies
• Zombie Cookies
• First party cookies
• Third party cookies

Zombie cookies are similar to Flash Cookies. If you don't want to use all these, you can simply use SuperCookies. It's usage is simpler and you can find it in github. But the problem is most of the users will disable the cookies. So you can even use the below methods which gives the hash key which we will be generated depending on broswer, fonts etc.

• webGL fingerprinting
• canvas fingerprinting
• audio fingerprinting

Panopticlick says that 1 of 84 will have similar canvas hash and 1 of 983 will have similar webGL.

You can have a look at the site user tracker. This type of websites also adopts some of the methods to identify the users like

• getting client's IP
• location
• browser fingerprinting

we can get the client's IP by using the webRTC.

We also have websites which gives free api to get location like ipgeolocation. You can match with webGL, canvas hash keys with your location.

And finally browser fingerprinting which helps most of the companies and websites to identify the users.