I'm building a site that needs to guarantee user reputation scores are accurate by preventing users from creating more than one account, at the cost of decreased user signups. So far, the only solutions I have thought of are allowing users to:
- Link to their (verified) PayPal account through PayPal Account Authentication
- Provide their PGP public key, and checking that the MSD (a metric of trustworthiness) is below a certain value
Of course, even these methods aren't bulletproof, but are likely to make creating a sock-puppet account very difficult. Are there any others I haven't considered?
-
12How about offering a service that encourages people to use one single account by rewarding loyalty and honesty?Kerrek SB– Kerrek SB2011年10月19日 12:43:44 +00:00Commented Oct 19, 2011 at 12:43
-
10You can never be 100% sure. If your site is of high value to the users, they can trade registered accounts. If it's of low value, people would be not willing to put so much effort into proving their uniqueness, so they just wouldn't register. After all, the site is for the users, not vice versa.Vlad– Vlad2011年10月19日 12:57:29 +00:00Commented Oct 19, 2011 at 12:57
-
1What are you giving away that is so valuable? I want to sign up.JeffO– JeffO2011年10月19日 14:10:43 +00:00Commented Oct 19, 2011 at 14:10
-
8Charge 1,000ドル per account. That'll either keep people from making more than one account (and probably any account...), or make you very rich. It's win win!thedaian– thedaian2011年10月19日 15:29:13 +00:00Commented Oct 19, 2011 at 15:29
-
1Could always require a webcam and use facial recognition.SoylentGray– SoylentGray2011年10月19日 16:35:47 +00:00Commented Oct 19, 2011 at 16:35
6 Answers 6
You can't Prevent it, you have to provide incentives against it.
You problem is that your system has a built in incentive to create multiple accounts. Remove that incentive or give a better one for sticking with one account.
-
+1 for the dose of reality, and incentivising creating only one account.SplinterReality– SplinterReality2011年10月20日 02:36:00 +00:00Commented Oct 20, 2011 at 2:36
I'd be very wary about requiring users to use their PayPal account. This would imply that you were going to be taking money from users at some point. This would put even more off.
The best solution is probably the simplest. Do what Stack Exchange does. Allow the user to sign up with OpenID (or even just e-mail and password) and then track the IP addresses the user logs in from and who the user gives reputation to and who they get it from. There are probably other things you can track such as the time of day they usually log in etc.
Then have tools for your site moderators (you'll need moderators) to show users that share IP addresses and have interacted with each other a little too much (for example). Depending on what you track you can show different data.
Obviously one drawback with the IP address is that it's not unique. People at the same workplace will share one as will people using the site from internet cafes or libraries.
Now on Stack Exchange where the post is more important that the person colleagues shouldn't be voting for each other more than they would for any random person on the site. However, if on your site the person is more important then the reverse could well be true.
What ever system you implement people will try to circumvent it, so this will be an ongoing process of changing sign-in rules etc.
-
True, but then corporate users will often show up with the same IP addresses, so even that isn't foolproof.ChrisBD– ChrisBD2011年10月19日 12:50:55 +00:00Commented Oct 19, 2011 at 12:50
-
@ChrisBD - true - but they should not interact with each other significantly more than with any other person on the site if they are being honest in their usage.ChrisF– ChrisF2011年10月19日 12:53:04 +00:00Commented Oct 19, 2011 at 12:53
-
@ChrisF: well, colleagues are likely to interact more than just arbitrary pair of accounts.Vlad– Vlad2011年10月19日 12:54:37 +00:00Commented Oct 19, 2011 at 12:54
-
2@Vlad - you can have ranges of "allowed" behaviour. I suppose it depends on the focus of the site. Is it the people or the content?ChrisF– ChrisF2011年10月19日 13:03:57 +00:00Commented Oct 19, 2011 at 13:03
One way a lot of websites use is adding a SMS verification code to their signup process. It delegates the uniqueness problem to some mobile phones company.
It's still not bullet proof, it will diminish your user signup numbers a lot. But rare are those who have access to multiple mobile phone numbers. It may cost you some money if you're operating in an area where SMS have to be paid by the sender.
But couple this with some IP and behavior tracking and -as mentioned by other people- incentives to having only one account and you should be set.
-
1Automated IP tracking is a not so nice idea, you know, people today may use MANY IPs. Work computer, home computer, work blackberry, home iphone, gf iphone. And a couple of browsers too. And UMTS networks seems to give you a different IP each time you check in. And they get geotracked by databases, too, but they get geotracked WRONG.ZJR– ZJR2011年10月19日 13:39:59 +00:00Commented Oct 19, 2011 at 13:39
-
Cell phone tracking is kinda good, in reality you can have 6 numbers of 3 different operators and no one would actually mind, but it's gonna cost you some money and it's unpractical for many purposes, so it doesn't happen very often. (Work phone / home phone duality is widespread, though) Be wary, that sending SMS may present costs to your client.ZJR– ZJR2011年10月19日 13:42:52 +00:00Commented Oct 19, 2011 at 13:42
User reputation (assuming you have some upvote-feature like the Stack Exchange sites) will never be a truly accurate score. Even if you really make sure that no natural person can create two accounts by whatever means (I doubt that this will be possible), you still have these problems:
- People can upvote their friends more often than other people (or gang together to downvote someone else).
- If high reputation is really valuable for some people and sockpuppeting is a way to get it, people will sell (or lease) verified accounts for sockpuppeting.
So, don't rely on such a feature.
Give users a range of options to verify? Combine a good "user policy" ("We won't share your information with third parties", etc) with a good behind-the-scenes "points" scheme give points for stuff like:
- Verified phone number (SMS them a code that they enter)
- Facebook
- OpenID
- Paypal
- etc
Give each option a point value (Paypal is worth more than a GMail account, for example)... and let them choose how to get enough points to become "verified". Make this information available to the "owner" of the account.
If the account changes hands, the new owner now has that personal information... if the information changes (new email address) you can increase/decrease the "verified score", make the re-verify phone numbers or whatever. Fishy activity on an account can increase the needed "verified" score.
I'd do something like this, combined with the aforementioned IP/usage tracking to try and identify bad behavior and "gamificaton" to reward good behavior.
-
So I can create one account with my Paypal account, and another one with Facebook? (And there is no problem in creating lots of different OpenIDs for myself.)Paŭlo Ebermann– Paŭlo Ebermann2011年10月23日 00:56:08 +00:00Commented Oct 23, 2011 at 0:56
In South Korea and the PRC they do this by requiring users register with their personal ID number (Social Security # for U.S. folks). But in these societies that number is a lot less "secret" than it is in America.
While not legally/politically/socially acceptable in every country, this is the only really good method for limiting registrations that I've ever seen.
Not really a solution for you, probably, but of interest nonetheless.
-
This only helps if you can ensure that one does neither uses another person's number nor a random number which looks like such an ID number.Paŭlo Ebermann– Paŭlo Ebermann2011年10月23日 00:53:09 +00:00Commented Oct 23, 2011 at 0:53
Explore related questions
See similar questions with these tags.