- 3,220
- 486
Apparently we can't have nice things. It seems that the voting for the next character is being manipulated. I really don't care about joke and offensive votes, but votes for legitimate characters are being messed with by someone/some people that think they're funny.
As it turns out, locking votes via IP address and cookies is not enough.
Clarification on these methods
The problem with IP address tracking is that it prevents users who are behind a NAT from differentiating. In many situations, users who connect to the internet do so through either a NAT or a proxy: for instance, users of any WiFi connection in a shop, an airport, or whatever will all appear as a single IP address per physical location. What this means is different people logging in from the same WiFi network won't be able to vote. This also means that the same user will be able to vote multiple times by accessing the web through different networks (or using a VPN).
Securing the poll with the use of persistent cookies is even more ridiculously easy to circumvent. Cookies are identifiers that browsers use to know what websites you visit. The thing is, cookies are not shared between browsers and are not stored when browsing in Incognito mode, or can be cleared easily manually. What this means is that users can vote, close the browser, clear the cookies and vote again no problem.
I could place a security measure where users have to either login to their social media accounts, create a new account on the polling website or complete a CAPTCHA (though this would only prevent botting the poll). I chose not to do this because it's extremely invasive on the users and completely not suited for quick polling such as this one.
Seeing the current circumstances, I've decided to abadon the method of polling and will choose the characters manually myself. If someone wants to suggest characters, they can do so on my wall.
As it turns out, locking votes via IP address and cookies is not enough.
Clarification on these methods
The problem with IP address tracking is that it prevents users who are behind a NAT from differentiating. In many situations, users who connect to the internet do so through either a NAT or a proxy: for instance, users of any WiFi connection in a shop, an airport, or whatever will all appear as a single IP address per physical location. What this means is different people logging in from the same WiFi network won't be able to vote. This also means that the same user will be able to vote multiple times by accessing the web through different networks (or using a VPN).
Securing the poll with the use of persistent cookies is even more ridiculously easy to circumvent. Cookies are identifiers that browsers use to know what websites you visit. The thing is, cookies are not shared between browsers and are not stored when browsing in Incognito mode, or can be cleared easily manually. What this means is that users can vote, close the browser, clear the cookies and vote again no problem.
I could place a security measure where users have to either login to their social media accounts, create a new account on the polling website or complete a CAPTCHA (though this would only prevent botting the poll). I chose not to do this because it's extremely invasive on the users and completely not suited for quick polling such as this one.
Seeing the current circumstances, I've decided to abadon the method of polling and will choose the characters manually myself. If someone wants to suggest characters, they can do so on my wall.