Mark Phillips wrote:
>
> Why the browser user agent string?
>
> If I have firefox and IE installed on one machine, could I vote twice, once
> from each browser?
The Firefox plugin User Agent Switcher would let me vote as many times
as I have agent strings to choose from.
Just using the IP is not perfect either since my current IP is from home
but I'll have a different one at work and another at Schlotsky's.
> Let me see if I understand the concept -
>
> Email is sent with a link to an html page. The link could be of the form:
>
> http://some.web.server/form.jsp?vote=no
>
> The page then captures the vote = no, and displays a thank you page.
>
> How can I get the email recipient's email address in the query string? For
> example:
>
> http://some.web.server/form.jsp?vote=no&email=member@yahoo.com
So I could vote multiple times in other people's names just by changing
the URL to a different email address.
I'm not trying to be contrary to your problem. I am also not a web
developer so perhaps I should quit espousing possible solutions that I
have no experience implementing. But let me get to my point:
The only way to ensure that you will not have multiple votes by any one
person is to uniquely identify each person in a way that can't be
"spoofed" by someone else. That means passwords, pre-shared keys or
public/private key pairs like PGP. (Or some other security system that
I don't know about.) Anything else will be game-able.
The point to any of the easy three; agent string, IP address and email
address is to keep honest people honest. If you have a problem with
people gaming the system, I don't think any of the three easy solutions
will be good enough to prevent it.
Back to perhaps being helpful, I just had a thought. You could use one
of the easy tracking methods and publish some rules about the number of
votes. For example:
1 - If the total votes by the deadline are less than 80% of the eligible
voters, the vote does not count. (Encourage people to vote and get the
number close to the maximum possible.)
2 - If the total number of votes then exceeds the number of possible
voters, you know someone gamed the vote and it does not count. (This
way a "ballot box stuffer" has a disincentive to stuff too much and
their effect is minimized.)
This solution depends on nearly the entire community actually voting to
overwhelm any stuffers. The other weakness is that a stuffer can
invalidate the election every time if they want.
An interesting conundrum. Let us know how it goes.
Alan
---------------------------------------------------
PLUG-discuss mailing list -
PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
(text/plain)