On Thu, 2003-04-03 at 05:11, Joop Teernstra wrote: > >With AOL and other funky proxying, you > >have to ignore IPs in web voting anyway unless there is a seriously > >strong correlation. > > Can you explain? Eh, "proxying" was probably not a good word, though I can explain what I meant. DHCP would've been a better example: since the IP can change each time, it's possible to log off and get a different IP for each new user/pass you want. For a large ISP like AOL, it'd be easy to hide in the giant pool of IPs. Furthermore, you can have the opposite situation: people behind an IP masquerading box (e.g., the ubiquitous Linksys router). Several users will share connections through one IP, so it's impossible to know if it really is several users or just one bastard. :) Thus, you can't in general correlate votes cast with IP address to detect fraud, though it can be an aid to cull out "likely good votes" in a contested election. But then, you can't only count "likely good votes" because then you're allowing multiple users of the same IP (or range) to DoS each other (i.e., by casting numerous false votes under the same IP, you will get that IP range thrown out and eliminate legitimate votes). The only way (I know of) to do online elections Right[tm] is to have a PGP web of trust thing... you have key signing parties where you bring your birth cert, a photo ID, and a floppy disk and everyone signs everyone else's keys. Of course, this has problems too if one of those people goes home, makes up a bunch of accounts and signs all the keys into the web of trust. Debian makes that particular hack difficult by making it a long and arduous process to become a member... but I'm not sure if that is an option for ICANNATLARGE.ORG. Perhaps you have to have 2 or 3 "trustee" signatures to be counted as legit, not just any member's. That might work. -s
Attachment:
signature.asc
Description: This is a digitally signed message part