bbernhard
commented
7 years ago I think we should probably implement the browser fingerprinter sooner than later. I think for now it would be sufficient to just log the users action together with a fingerprint. This maybe helps us to clarify some open points:
- is creating a browser fingerprint (too) expensive?
- do we get a lot of collisions?
- should we invest more time in the browser fingerprinting approach?
Consider implementing "browser fingerprinting" for users who don't want to sign up. So every time someone validates something the browser fingerprint gets sent to the server and stored as session id. During the validation phase the user randomly gets "control pictures" served . If he scores really bad on those his votes aren't counted anymore. It for sure isn't bulletproof, but maybe it's another obstacle that one needs to overcome in order to perform malicious attempts.