tags:

views:

162

answers:

6
+3  Q: 

How to identify unique user?

Question

How can you determine if a user is unique or not?

I understand there are many ways to do this using cookies, but what about methods that don't use cookies?

For example, go to Urban Dictionary and click one of the up/down vote buttons. Even if you delete your cookies and come back to the page, you will not be allowed to cast a vote on the same definition.

How do they do this?

Purpose

Eventually, I'd like to use this unique user detection method on a site where users create accounts. New signups are given a type of "reward" and I want to prevent people from creating multiple accounts in order to exploit the reward system.

Ultimately, I don't really care what techniques are used to achieve this. I understand that no method will be 100% reliable. Even preventing this for 70-90% of users with an average computer skill level would satisfy me.

+1  A: 

Some use cookies, some force a login/email address, and some track IP address.

Justin Niessner  2010-03-22 21:09:33
+2  A: 

I'm guessing that Urban Dictionary (and other voting sites, such as a variety of image boards) use IP addresses to track visitors. Not 100% fool-proof, but probably pretty good for most of the time.

Note that with many of these sites, you can vote again, usually once per 24 hours (or however long they log IP addresses for).

Some things that will break this scheme: People who know how to spoof IP addersses, NAT routers, proxies (possibly). Another thing: many home ISPs these days use dynamic IP addresses, so the IP address you have right now might be different in a few hours. If you want to force a new IP address, it's usually enough to unplug your high-speed modem for a few minutes then plug it back in. Some routers also have a feature to demand a new IP from the ISP.

FrustratedWithFormsDesigner  2010-03-22 21:10:08
Sorry, I updated the question with a "Purpose" section. I realize there's no stopping the savvy user that understands how to circumvent these preventative techniques, but I'd be happy with stopping the majority of the crowd.
macek  2010-03-22 21:15:11
A: 

As FrustratedWithFormsDesigner alludes to above, if you're not going to use cookies then you've got to use IP addresses. You can combine this with the user-agent, but even that is not infallible.

Cal Jacobson  2010-03-22 21:10:44
+2  A: 

Urban Dictionary is probably only allowing one vote per IP. Or they could be taking a browser fingerprint https://panopticlick.eff.org/.

For tracking whether a user has been to your site before, cookies are a probably your best bet

Adam Pope  2010-03-22 21:10:57
+3  A: 

Besides IP address and "normal" cookies, FLASH cookies may be used. FF has an add-on called "BetterPrivacy" that delete those cookies when you exit the browser. But they're less known.

Dor  2010-03-22 21:14:46
So aside from people that specifically clean these "Flash Cookies," they would remain on user's system?
macek  2010-03-22 21:16:05
Yes, they would remain, assuming the user has Flash enabled.
Dor  2010-03-22 21:17:17
Dor, I will have to look into these, thank you :) I can imagine I'll use as many layers as possible for maximum effectiveness. Perhaps 1) Flash cookies 2) Regular cookies 3) Browser fingerprint 4) Unique IP within X hours, etc.
macek  2010-03-22 21:19:54
NP :) In that case... An extreme approach may consider sending to the user an image that will be stored in the browser's cache "forever". When you recognize a "new" user, check if he asks that image from the server.
Dor  2010-03-22 21:26:15
A: 

IP address is commonly used but fallible, as others have said. Note that AOL (and perhaps other ISP's) use shared proxy servers for content-type requests and caching, so that a single user's requests for images may show up to your server as coming from several different IP addresses. Conversely, all AOL users' requests for images will therefore comme from these same IP numbers.

jwadsack  2010-03-22 22:36:43

related questions

Why does my UUID use too much time?
Storing UUID as base64 String
What is the smallest way to store a UUID that is human readable?
Postgres + Hibernate + Java UUID
Best (most efficient) DataType to use for UUIDs as JPA IDs
When are you truly forced to use UUID as part of the design?
Is it safe to use Python UUID module generated values in URL's of a webpage?
Select a UUID
Storing MySQL GUID/UUIDs
Platform-independent GUID generation in C++?
How to create a GUID in Python
How to create a GUID/UUID using the iPhone SDK
what is the algorithm used to generate those little gravatar identicon images?
Extracting MAC addresses from UUIDs
Generate UUID in Java
How can I assemble bits into a long to create a unique ID?
Do I need a UUID to program for the iPhone?
What is a UUID?
Is there a method to generate a standard 128bit GUID (UUID) on the Mac?
Is there any difference between a GUID and a UUID?
Most efficient data type for UUID in database besides a native UUID.
Generating a unique ID in PHP
How to create a GUID / UUID in Javascript?
Advantages and disadvantages of GUID / UUID database keys
What's your opinion on using UUIDs as database row identifiers, particularly in web apps?