SCP and CCP no longer play any role in your ability do submit links/start discussions or vote. You can now downvote as soon as you create an account. Please note that you can only vote once from a single IP address (voting IP addresses are stored encrypted and we have no way to reverse this encryption). We are still tweaking this so please report if you notice anything unusual about voting.
Edit: The biggest reason for this change is that I noticed how multiple subverses had "please upvote me" threads where their members were able to gain 300+ CCP in matter of minutes. At the same time, regular users would need weeks or even months to reach this level. That essentially broke the old system and we need something new. Perhaps requiring new accounts to create 100 comments in 100 different subs before being able to vote 100 times? If you have an idea, please feel free to share it, I'm all ears.
Edit 2: Here is an example of the problem I am trying to tackle:
- a large corporation which has hundreds or thousands of employees, comes over to Voat and pushes their advertising links to the frontpage because upvotes are not restricted for new accounts as much as downvotes
- at the same time, majority of Voat users today does not have the ability to downvote or has restricted downvotes
Edit 3: This is now reverted to the way it was. I need to think this through.
view the rest of the comments →
NSAOfficial ago
Not sure IP addresses are a good idea. Some of us use Tor, which has (IIRC) several IP addresses, and there's always a chance two or more people could get the same address at some time.
you-dumbass ago
Or those of us who mainly use the mobile site
klongtoey ago
and plenty of people use VPNs, my IP changes like twenty times per day.
ChillyHellion ago
I agree with you. My fiancee and I are both on Voat and I'm pretty sure I'm using up her voats pretty much all the time.
Pissed-Off-Panda ago
SEXIST! CONSTANT OPPRESSION!! triggered I declare this "Voat Rape"!
MadCamel ago
Using IPs is a very bad idea.
What will happen when the UK's IWF or Russia's ROSKOMNADZOR considers a page on voat obscene? These systems implement page-by-page blocking by routing all traffic to any site with a censored page through proxies. The end result is that you start to get entire COUNTRIES of users coming from only 20 or so IP addresses.
Also, I don't see how it's possible to securely store IP addresses given the tiny amount of entropy in an ipv4 address. You'd have to use something really heavy like pbkdf2 with a few thousand rounds. At this point it would take the server a few seconds at 100% CPU load to encode a single IP address. I doubt this is being done. Therefore it's VERY safe to assume that a malicious actor with access to voat's database could pull IP addresses from it. And voat's databases are kept on cloud servers...
Don't get me wrong, it's not a huge problem. There are plenty of easier ways for a malicious actor to get users IP addresses. But I don't like that Atko is promising something he can't feasibly deliver...
Acharvak ago
Don't know about IWF but Russia's Roskomnadzor doesn't have nationwide proxies. It sends blacklists to ISPs, who then block websites themselves.
But IP-based voating restrictions are still a bad idea because of dynamic IPs, carrier-level NAT and other problems.
MadCamel ago
Ah, thanks for the info. I'm more familiar with IWF. They do the same thing, sending blacklists to ISPs. The ISPs then route (not DNS jiggering, actual routing/traffic interception) IP addresses of sites with blocked pages through an ISP-owned transparent proxy farm.
Calorie-Kin ago
So much this. I think a better idea would be session IDs. They're non identifying and unique per visit. Something stored as a cookie or something. Link a username to a cookie, and check if said cookie is around when the user is logging as another account. This way, someone who tries to brigade or manipulate votes would have to delete their cookies each time, which makes it uncomfortable, and not as many people will go through the trouble.
7veils ago
Self Destructing Cookies kills cookies immediately after leaving a web site.
InnocentBystander ago
Not a bad idea, but it is very simple to delete cookies. I don't think it would be very effective.
Reow ago
It's not too hard to write a script to do this. You need something beyond a thing the user can manipulate (if they've done IP checking correctly, spoofing shouldn't work). The only real alternative is to monitor voting patterns (e.g. accounts that vote the same way at the same time, etc.).
Aaragon ago
Or multiple people in a coffee shop/household/university wifi.
I hope this doesn't get any random, innocent users in trouble.
Acharvak ago
Hell, right now I'm at home, yet my IP changes every day because my ISP apparently assigns IPs dynamically. If there is another Voater who lives nearby, we can "block" each other's votes.
RebelWithCauses ago
With this system, a husband and wife who voat can't have opposite votes on a subject. Married couples who are both on the same WiFi, and therefore the same external ip address can have different voat votes, but now only the fastest responder can have his say.
TahTahBur ago
Aka, multiple people in a big corporate building.
AN0NYM0US ago
Or hotels. Are traveling voaters going to have their accounts all linked?
TahTahBur ago
It's called getting on your cellphone if it's so damn important to upvoat or downvoat with a passion
Craige ago
That shouldn't be necessary. The system shouldn't work against the average user.
alienz ago
should be by username