Identifying users without cookies etc

Question

I want to write a new aggregator site where users can submit news and up and down vote on them (Pretty basic stuff, similar to a tiny reddit).

My problem is this:

• Someone can only up or downvote a news article once a day
• I don't want users so sign up
• Cookies for voting could be deleted

How do i identify a user over the course of the day and how do i make sure that this user didn't vote on some article some minutes before.

Is this even possible?

Answer 1

You could use the browser fingerprint.

The browser fingerprint is an identifier generated from the information that every browser sends on every connection (HTTP headers) and additional information available through basic JavaScript.

Information like:

• User agent
• Language
• Installed plugins
• Screen resolution
• ... and more.

A browser fingerprint identification isn't bulletproof because there are self-defense tactics but it can spice up your recipe. Despite its controversy, it's widely used.

Mozilla has a great wiki article about the subject.

And you can check your own browser fingerprint at https://panopticlick.eff.org/

Answer 2

Short answer: No, it is not possible to reliably identify a user without login and without using cookies or a similar technique.

I hate to post this, but the evercookie project is a good collection of the techniques for making something like a cookie that is somewhat more persistent than your standard cookie. It uses some neat tricks, but one could also argue that it has some privacy issues. I would not recommend you to implement it. Even if you did (or borrow some of their ideas), then

• Any remotely tech-savvy user would still be able to clear the cookie.
• You can't guard against users using multiple devices and browsers.
• You can't (reliably) guard against users not posting via a browser, thus circumventing cookies and other tricks.
• Etc, etc.