The article reveals good concerns – but the trouble with checking against IPs is the following:
– A single network with many users
– A family sharing the same computer
– A Small Local ISP, where two different users may statistically get the same Dynamic IP
The sharp success of digg was probably a surprise to them, so unlike a Google or Yahoo – they may not have the time or expertise to pro-actively address every flaw.
If this is in fact true, it is sad that some are killing related stories – so that theirs can stand out.
But ironically, if one really wanted to invest the time and effort, there is one solution ...
if the same people in basically the same order are constantly digging a specific group of stories – hmmmm... |
True, IP checking isn't perfect. You could restrict a single IP per day. E.g. you could say:
- I allow 3 same IPs per day; more than that will be ignored
I do similar on ChoiceBlogger.com, plus I set a cookie. I know IP checking isn't perfect (especially if an email is sent internally in a company, e.g. "hey, go vote here", and the company shows 1 IP), but I think it's quite pragmatic.
I almost think the only perfect solution consists of verifying a user by sending them a snail mail to a post address with the password, and then allow every user to vote only once per story? |
Philipp , there is a need for a reputation system layered onto all the cookie/ip methods too. Without that, then the value cannot be cohesively derived. What happens when networks go inot th v6 cluud, there are so many ip available if you are actually workin of a mobile ip!! |
I'm astonished at the negative response. i mean, this is simply a proof of concept. He's not the one doing it maliciously; he's pointing out the flaw for digg to fix. Digg users' automatic defensive position is interesting; why are they so intensely defensive of digg? that doesn't make any sense.... |
If someone found a way to hack Google Blogoscoped site and used it to create several or more random blog entries and spam hundreds (if not thousands) of comments in all or first 10 blog entires with link to his blog...
All that without notifying Philipp or anyone of the flaw in the first place...
It would make me a little bit mad.
Kind of make me wonder... why attack a very public site without notifying the creators? Why he didn't try to notify ANYONE before he released hell on a site where more than 2,000 visitors an hour visit?
Maybe he did it for fame... Maybe he wanted to help but made the wrong decision... Maybe he enjoyed it... Maybe he wanted to prove to the world that he is a "great hacker"...
His motivation is the one that under fire. Not his "hack" or digg's flaws. |
To me the fact is really simple:
1) The guy just wanted to show that a flaw exists.
2) He also did it for fame, that's obvious.
3) What he noticed is a real flaw that needs to be considered and fixed.
4) Digg users comments on the fact show that they are just dumbasses for 3 main reasons:
4a) They should focus their attention on how to solve the problem.
4b) They should calm down. The guy was probably a kid, and if he wasn't..who cares. Just solve the problem. Meanwhile, before commenting on the fact: shut your room's door, choose an mp3, put the volume extremely loud, then start yelling out like a fool. You should feel better now.
4c) They're giving him too much attention without first focusing on point 4a.
Now, maybe he wanted to prove to the world that he's a "great hacker", maybe he just wanted to prove that he's a "great spammer" or a "great bastard", who cares. Fix the damn bug. |
> If someone found a way to hack
> Google Blogoscoped site and
> used it to create several or
>more random blog entries and
> spam hundreds .......
Talk about spam attacks, my server recently went down after the forum was bombared with spam posts (600 made it through, but I'm sure there were even more requests). Captchas might help, but they would also put a (minor) burden on everyone posting here. I didn't check with the last attack, but the attack before that which brought my server down was even with different IPs – a DDoS spam attack, if you will (I wonder if the DDoS attacks even care if their posts get through, i.e. if Captcha would help?). Imagine a blogger wants to be full-time and these spammers bomb his server so it goes down? The spammers might kill his existence. |
"Imagine a blogger wants to be full-time and these spammers bomb his server so it goes down? The spammers might kill his existence."
<sarcasm>
Ohhh, don't worry... He just trying to help the blogger fix the flaw by disrupting his site...
</sarcasm>
Sorry about the sarcasm. I am just trying to make a point. |
http://diggtheblog.blogspot.com/2005/12/growth-spam-and-fraud.html
Wouldn't ya' know it – right after this Topic – Digg released this Spam News update on THEIR blog
Talk about Timing ;-) |
