Reputation: 130
How to support anonymity on a website?
I'm making a website (using PHP, JavaScript and MySQL) with a voting system which allows people to vote anonymously but just only once.
It means that my system have to know who voted (because I have to check if the user already voted or not)but I didn't want to store the user name or the user's IP address in the database (ruin the anonymity). I don't know how to get started, I need some guidelines; what should I look for?
Upvotes: 2
Views: 111
Answers (2)
Reputation: 64399
Your worst problem is how to make sure your users only vote once, but that's not the point of the question: you are asking how to ensure anonimity
That is rather easy: treat the whatever you use for single-voting as a password, and hash it. So lets say for argument's sake you are using the IP. I'm aware of the problems with that, but lets assume this is your choice.
- User votes
- You hash the IP and save it.
- You can even go as far as saving it in a different location. No need to even save what hash voted which option.
- User votes again -> IP-hash is allready in database.
- To not give away if someone has already voted, don't reply " you have already voted ", but just don't save the vote. This way there is no way to even know if there was a vote from this machine
Mind you, this is about anonimity, not about how to ensure single-voting.
Upvotes: 5
Reputation: 4936
As Lix stated, really the only way, without storing IP addresses or forcing users to register, would be to store a Cookie linked to a session, however of course this is by no means a solution, as Cookies can easily be cleared.
You could attempt to use a persistent Cookie solution, such as evercookie, but if I were a user of a site which implemented something like that, it would annoy me more than having to register, and no matter what methods are used, they can always be circumvented to remove the Cookie/identifying information.
Another possibility is another form of persistent Cookies which got a lot of publicity last year (or was it 2012 - I forget), which utilize Flash to store Cookies. These Cookies can be accessed in multiple browsers. One such solution is flash-cookie, but again, this is likely to annoy users, and would not be 100% reliable as not all users have Flash enabled or installed.
Upvotes: 1
Related Questions
- Secure php voting without login
- Secure voting system with php without login
- Daily voting system with IP
- Implementing a voting system without requiring registration
- PHP - Good secure way for voting?
- Guarantee anonymity to users
- Best method to prevent gaming with anonymous voting
- Secure voting website
- Creating a PHP web app to allow users to vote on submissions - How can I minimize abuse
- Stopping people from hijacking a voting system using PHP?