On 7/12/02 6:46 PM, "Nick Simicich" <njs @
> Different entry points so that people can get the survey for their
> users. That is, if a list owner wants to join the survey, the owner can
> register on your site and get an entry url for their site
That's an interesting idea. I've been hashing over how to do the "what lists
are you a member of" thing, and I'm starting to get some ideas. It'll be a
bit of work technically, but do-able. Tying that into some kind of
"reference list" would be possible then.
> I do not suggest that you ask people for their e-mail addresses. I suspect
> that people will believe that you are trying to gather addresses to spam
I need some way to uniquely identify them. IP address won't work because of
the shared proxy/shared server problem. I'd rather not request e-mail
addresses either, but I think I have to. What I need to do is make it clear
what I'm doing with them so people can decide for themselves whether to
trust me. If I do that and they still don't trust me -- I tend to think the
data we get would be bad anyway. Anyone that paranoid is likely to answer
wrong on some questions as well, on purpose, especially on demographic
data, and that invalidates their data overall.
> to, or, better yet, drop a cookie on them (only to tell that they have
> filled the survey out once
Trivial to override, which makes the data pretty useless if someone stuffs
50,000 sets of votes in around the cookie. I'm still at risk of some hacking
attempts (the easy one is a @
com, aa @
com, ab @
infinitum) but I think it's manageable. If necessary, I can invalidate an
entire domain that seems to be scripted in.
If I depend on a browser-side block to limit to one-per-customer, I might as
well not bother. That simply is telling the script kiddies to come and play.
The e-mail address is relatively unique to a user. If we want ot keep users
from stuffing the ballot box, we have to limit in some way off of that.
Storing an MD5 hash seems to be the cleanest way to recognize we have an
address without actually being able to recreate it or having to store it.
Chuq Von Rospach, Architech
com -- http://www.chuqui.com/
Yes, I am an agent of Satan, but my duties
are largely ceremonial.