{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 Rolldiameter 的问题《Prevent users from starting multiple accounts?》','https://www.manongdao.com/q-179363.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I know that in the end it, can't be done.
But, what are the options to:
a) limit the options for persons to create multiple accounts,
b) increase the chance of detecting multiple accounts / person
for a blog-like web service?
(people can sign up for their own blog)
Update:
I think the 'limit the options' has been answered nicely. (there is no reliable method, but we can raise the bar)
However, I would still like to know what other options there are to detect multiple accounts?
I think, as many people have mentioned above, one of the best ways is to verify mobile numbers and that's what I wanted to use in teh first place, if it wasnt so damn expensive ...
I have found this site here and I think it can be used for this purpose but I havent tested it myself, but it seems pretty modern and cheap
Ask users to register with a credit card. You don't have to charge anything to the card, you can just check that the card is valid.
You can set a cross browser cookie e.g. http://samy.pl/evercookie/ (flash cookies) The can not be deleted by the browser cookie deletetion they stay 4 ever and you can read the cookie cross browsers. Its the ultimate solution if the user uses the same computer. With more than 1 computer the IP address is your only way to find out, but (in my case) sometimes 2 real people in the same house with 2 computers login 2 my website
The most difficult to break methods I've seen implemented in real life are to use a separate hardware medium for confirmation (sending a confirmation code via SMS for a public service, or mailing an RSA token for something more sensitive, like intranet access), or to ask for a financially-bound piece of identification, for example a bank account number (Paypal deposits a few cents to your account and the sum of the amounts is your passcode) or a valid credit card number.