You are viewing a single comment's thread.

view the rest of the comments →

0
99

[–] NSAOfficial 0 points 99 points (+99|-0) ago 

Not sure IP addresses are a good idea. Some of us use Tor, which has (IIRC) several IP addresses, and there's always a chance two or more people could get the same address at some time.

1
31

[–] Calorie-Kin 1 points 31 points (+32|-1) ago  (edited ago)

So much this. I think a better idea would be session IDs. They're non identifying and unique per visit. Something stored as a cookie or something. Link a username to a cookie, and check if said cookie is around when the user is logging as another account. This way, someone who tries to brigade or manipulate votes would have to delete their cookies each time, which makes it uncomfortable, and not as many people will go through the trouble.

1
14

[–] kactusotp 1 points 14 points (+15|-1) ago 

or use incognito/private browsing as an easy/quick work around.

A bigger problem will be uni compasses where thousands might get the same ip.

0
5

[–] Reow 0 points 5 points (+5|-0) ago 

It's not too hard to write a script to do this. You need something beyond a thing the user can manipulate (if they've done IP checking correctly, spoofing shouldn't work). The only real alternative is to monitor voting patterns (e.g. accounts that vote the same way at the same time, etc.).

0
1

[–] 7veils 0 points 1 points (+1|-0) ago 

Self Destructing Cookies kills cookies immediately after leaving a web site.

0
1

[–] InnocentBystander 0 points 1 points (+1|-0) ago 

Not a bad idea, but it is very simple to delete cookies. I don't think it would be very effective.

0
26

[–] Aaragon 0 points 26 points (+26|-0) ago 

Or multiple people in a coffee shop/household/university wifi.

I hope this doesn't get any random, innocent users in trouble.

0
18

[–] TahTahBur 0 points 18 points (+18|-0) ago 

Aka, multiple people in a big corporate building.

0
3

[–] Acharvak 0 points 3 points (+3|-0) ago 

Hell, right now I'm at home, yet my IP changes every day because my ISP apparently assigns IPs dynamically. If there is another Voater who lives nearby, we can "block" each other's votes.

1
9

[–] MadCamel 1 points 9 points (+10|-1) ago 

Using IPs is a very bad idea.

What will happen when the UK's IWF or Russia's ROSKOMNADZOR considers a page on voat obscene? These systems implement page-by-page blocking by routing all traffic to any site with a censored page through proxies. The end result is that you start to get entire COUNTRIES of users coming from only 20 or so IP addresses.

Also, I don't see how it's possible to securely store IP addresses given the tiny amount of entropy in an ipv4 address. You'd have to use something really heavy like pbkdf2 with a few thousand rounds. At this point it would take the server a few seconds at 100% CPU load to encode a single IP address. I doubt this is being done. Therefore it's VERY safe to assume that a malicious actor with access to voat's database could pull IP addresses from it. And voat's databases are kept on cloud servers...

Don't get me wrong, it's not a huge problem. There are plenty of easier ways for a malicious actor to get users IP addresses. But I don't like that Atko is promising something he can't feasibly deliver...

0
3

[–] Acharvak 0 points 3 points (+3|-0) ago 

Don't know about IWF but Russia's Roskomnadzor doesn't have nationwide proxies. It sends blacklists to ISPs, who then block websites themselves.

But IP-based voating restrictions are still a bad idea because of dynamic IPs, carrier-level NAT and other problems.

[–] [deleted] 2 points 0 points (+2|-2) ago 

[Deleted]

0
7

[–] ChillyHellion 0 points 7 points (+7|-0) ago 

I agree with you. My fiancee and I are both on Voat and I'm pretty sure I'm using up her voats pretty much all the time.

1
2

[–] Pissed-Off-Panda 1 points 2 points (+3|-1) ago 

SEXIST! CONSTANT OPPRESSION!! triggered I declare this "Voat Rape"!