At 1:19 PM +0100 2/21/09, Per Jessen wrote:
Nathan Rixham wrote:

 it's all a bit pointless, the only way to ensure only one vote per
 person is to get take and test a dns sample from each user.

 anything else is going to be flawed

Not at all - you issue voting-rights based on user identity.  Works very
well in many places.  Here in Switzerland for instance.


Certainly voting methodology can work provided you can accurately identify the voter -- and therein lies the problem.

Fortunately/unfortunately, the server can only gather a limited amount of information from a user's visit and certainly not enough to accurately discern one user from another.

So some other method must be employed and all methods revolve around some process where the user is required to identify themselves online before casting their vote.

Now, the question is -- how do you do that? With Unions, Federal, State, Local and other such organizations, they often have hard-copy ID cards that the user have in their possession.

The organization wanting the gather the vote simply has to have an online database with those ID numbers to approve and subsequently permit voting. However, a problem still remains, which is "Is the person casting the vote the person who is registered to that ID?" At some point you have to conclude that the person submitting the correct ID is the person voting.

If you don't have a hard-copy ID card for the people you are accepting votes from, then you must rely on some other method of uniquely identifying the person voting.

The method I suggested was simply to use the person's email address. Each email address is indeed unique. HOWEVER, many people could use the same email address and thus the method cannot guarantee the identity of the person casting the vote. But like the ID card, at some point you have to conclude that the person submitting the correct email address is the person voting. Neither method is perfect, but one vote is gathered per ID/email address.

Granted, my method does not prohibit someone from gathering numerous email address and voting several times. But my method does provide a better job than not requiting any identification from the voter at all, as was suggested at the beginning of this thread by someone who didn't understand the problem. It's one thing to be required to have a real email address, it's another matter to just click and click again. Even with using COOKIES, it's not a problem to click, clear COOKIES, and click again.

So in Switzerland if each of you have a ID card, then the problem is "solved" as descried above. However, if there is no ID card, then other methods must be considered. But I just don't see any way of uniquely identifying a user online without some sort of unique user input -- do you?




PHP General Mailing List (
To unsubscribe, visit:

Reply via email to