scttcper
commented
7 years ago Maybe have them sit on a landing page and complete a proof of work? https://github.com/indutny/proof-of-work Edit: used here currently https://indutny.github.io/vote.wdgt/
Open lenaten opened 7 years ago
scttcper
commented
7 years ago Maybe have them sit on a landing page and complete a proof of work? https://github.com/indutny/proof-of-work Edit: used here currently https://indutny.github.io/vote.wdgt/
aleemb
commented
7 years ago Another mitigation strategy is to expire IPs in the database after X minutes. This will let people vote once per X minutes which is enough to mitigate voter fraud and also sufficient to avoid collisions (two people behind same IP voting within X minutes of each other). Not sure if DynamoDB supports this but I have implemented something similar in Redis since features key expirations.
The proof-of-work concept is pretty cool too.
aleemb
commented
7 years ago DynamoDB supports it seems https://aws.amazon.com/about-aws/whats-new/2017/02/amazon-dynamodb-now-supports-automatic-item-expiration-with-time-to-live-ttl/
This will also keep the number of records to a minimum since you won't have to store millions of IP addresses.
tj
commented
7 years ago ahh I'm storing in a set right now, in the poll's doc, but could create a second doc for the ip set which expires as a whole
IPv4 addresses are almost over, so a lot of ISPs provide a single IP to multiple users (NAT). One possible and simple user validation could be a Github user account.