Implementing an anonymous "like"-function for my webpage
I'd like for my users to be able to "like" my blog posts as an extra point of feedback for me to consider while writing. This should be done without creating an account as I'd expect no one to invest that much effort into my website.
For now I've settled on using some hardware + software characteristics to create an anonymous fingerprint of a users browser in order to make a small attempt at weeding out duplicate likes.
Is there any obvious negatives to storing these fingerprints as plain text in my DB? They're not specific enough to identify a user (nowhere near) and I can't store them hashed since I have no username or the likes to search the tables with. This approach eliminates the need for cookies (which I would like to stay away from if possible) and would give me "good enough" protection against refreshing and liking again.
Something does still feel a little bad about having the fingerprints just laying around in plain text though. Am I too paranoid?
5 Replies
The fingerprint I've settled on consists of:
- cpu architecture
- amount of hardware threads
- browser name
- browser major version
- engine name
- os name
- os version
- list of preferred languages
- timezone
- screen dimensions
Seems very anonymous to me but still "unique" enough to at least ward off the same person spamming the like button naively
unless you have thousands of followers or your posts are especially controversion, then I'd stick to just rate limiting the IP-address using Redis or a hosted alternative
Oh that is an interesting option I had not considered. Wouldn't that cause problems though if I had several users on the same network?
are you expecting a lot of likes from muliple people on an IP address? they would be blocked but this is usually an extreme edge case. you don't have to block them from viewing the article, just sending likes
Yeah, unfortunately that is exactly what I expect. Views from an org like a school is very expected to occur. Thank you for the great suggestion though!