-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mark Phillips wrote: > > Why the browser user agent string? > > If I have firefox and IE installed on one machine, could I vote twice, once > from each browser? The Firefox plugin User Agent Switcher would let me vote as many times as I have agent strings to choose from. Just using the IP is not perfect either since my current IP is from home but I'll have a different one at work and another at Schlotsky's. > Let me see if I understand the concept - > > Email is sent with a link to an html page. The link could be of the form: > > http://some.web.server/form.jsp?vote=no > > The page then captures the vote = no, and displays a thank you page. > > How can I get the email recipient's email address in the query string? For > example: > > http://some.web.server/form.jsp?vote=no&email=member@yahoo.com So I could vote multiple times in other people's names just by changing the URL to a different email address. I'm not trying to be contrary to your problem. I am also not a web developer so perhaps I should quit espousing possible solutions that I have no experience implementing. But let me get to my point: The only way to ensure that you will not have multiple votes by any one person is to uniquely identify each person in a way that can't be "spoofed" by someone else. That means passwords, pre-shared keys or public/private key pairs like PGP. (Or some other security system that I don't know about.) Anything else will be game-able. The point to any of the easy three; agent string, IP address and email address is to keep honest people honest. If you have a problem with people gaming the system, I don't think any of the three easy solutions will be good enough to prevent it. Back to perhaps being helpful, I just had a thought. You could use one of the easy tracking methods and publish some rules about the number of votes. For example: 1 - If the total votes by the deadline are less than 80% of the eligible voters, the vote does not count. (Encourage people to vote and get the number close to the maximum possible.) 2 - If the total number of votes then exceeds the number of possible voters, you know someone gamed the vote and it does not count. (This way a "ballot box stuffer" has a disincentive to stuff too much and their effect is minimized.) This solution depends on nearly the entire community actually voting to overwhelm any stuffers. The other weakness is that a stuffer can invalidate the election every time if they want. An interesting conundrum. Let us know how it goes. Alan -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFGKYAqDQw/VSQuFZYRAl27AJ9iJYe1FtpToUNom8vO+ZvbQJaP3wCdG7ie fEp9F2cmldVp9WD1L40PKQk= =617D -----END PGP SIGNATURE----- --------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change you mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss