Getting unique info about user or computer?

Discussion in 'Java' started by Rhino, Jun 18, 2004.

  1. Rhino

    Rhino Guest

    I'm really not sure what the best place is to ask this question so please
    forgive me if this isn't it - and redirect me to the right place, if you
    know what that is ;-)

    I'm trying to figure out if there is any reliable way to uniquely identify a
    user or the computer that they are using WITHOUT asking them explicitly.

    I am trying to help someone non-technical achieve something that it is out
    of my area of expertise. She has created an HTML form that contains a
    survey. She wants to collect responses and analyze the data so that she can
    make certain decisions based on the answers.

    The survey is anonymous. In other words, she doesn't ask the people who
    complete the survey for any identifying information like name, Social
    Security Number, phone number or anything else that might be uniquely
    identifying. I'm not clear if she is not allowed to ask for such things by
    her organization's policy or whether she simply doesn't want to but the
    bottom line is that nothing is known about the person who completes the
    survey. By the way, the survey is an administrative questionaire about
    university policies, nothing to do with spam or marketing of any kind.

    She is concerned that some people will be tempted to complete the survey
    multiple times to skew her analysis and asked me if there is some way that
    she can ensure uniqueness of each response so that no person can complete
    the survey more than once.

    My best guess was that a MAC address might do the trick. However, when I did
    some research on this, I found information to the effect that:
    a) not all computers have a MAC address
    b) a computer can have multiple MAC addresses if it has multiple network
    cards
    c) the MAC address of many network cards can be changed, although it is not
    something a typical user would normally do

    Please correct me if any of this information is wrong; I'm not a networking
    guy so maybe I misunderstood!

    If all of the above information is correct, it would seem to eliminate the
    MAC address as a solution. Therefore, I'm wondering if there are any other
    solutions to this problem?

    I saw one post that said there was talk of burning unique serial numbers in
    CPUs but I got the impression that this was only proposed (in 1999) and
    would only apply to Intel chips. That clearly lets out older CPUs and
    non-Intel ones as well, making this a useless approach.

    Can anyone suggest another approach? She doesn't want to know anything
    secret about the people completing the survey that could harm them or raise
    concerns about identity theft or whatnot; she only wants to ensure that a
    given person only completes the survey once.

    --
    Rhino
    ---
    rhino1 AT sympatico DOT ca
    "There are two ways of constructing a software design. One way is to make it
    so simple that there are obviously no deficiencies. And the other way is to
    make it so complicated that there are no obvious deficiencies." - C.A.R.
    Hoare
     
    Rhino, Jun 18, 2004
    #1
    1. Advertising

  2. Rhino

    Liz Guest

    "Rhino" <> wrote in message
    news:CUpAc.34363$...
    > I'm really not sure what the best place is to ask this question so please
    > forgive me if this isn't it - and redirect me to the right place, if you
    > know what that is ;-)
    >
    > I'm trying to figure out if there is any reliable way to uniquely identify

    a
    > user or the computer that they are using WITHOUT asking them explicitly.
    >
    > I am trying to help someone non-technical achieve something that it is out
    > of my area of expertise. She has created an HTML form that contains a
    > survey. She wants to collect responses and analyze the data so that she

    can
    > make certain decisions based on the answers.
    >
    > The survey is anonymous. In other words, she doesn't ask the people who
    > complete the survey for any identifying information like name, Social
    > Security Number, phone number or anything else that might be uniquely
    > identifying. I'm not clear if she is not allowed to ask for such things by
    > her organization's policy or whether she simply doesn't want to but the
    > bottom line is that nothing is known about the person who completes the
    > survey. By the way, the survey is an administrative questionaire about
    > university policies, nothing to do with spam or marketing of any kind.
    >
    > She is concerned that some people will be tempted to complete the survey
    > multiple times to skew her analysis and asked me if there is some way that
    > she can ensure uniqueness of each response so that no person can complete
    > the survey more than once.
    >
    > My best guess was that a MAC address might do the trick. However, when I

    did
    > some research on this, I found information to the effect that:
    > a) not all computers have a MAC address
    > b) a computer can have multiple MAC addresses if it has multiple network
    > cards
    > c) the MAC address of many network cards can be changed, although it is

    not
    > something a typical user would normally do
    >
    > Please correct me if any of this information is wrong; I'm not a

    networking
    > guy so maybe I misunderstood!
    >
    > If all of the above information is correct, it would seem to eliminate the
    > MAC address as a solution. Therefore, I'm wondering if there are any other
    > solutions to this problem?
    >
    > I saw one post that said there was talk of burning unique serial numbers

    in
    > CPUs but I got the impression that this was only proposed (in 1999) and
    > would only apply to Intel chips. That clearly lets out older CPUs and
    > non-Intel ones as well, making this a useless approach.
    >
    > Can anyone suggest another approach? She doesn't want to know anything
    > secret about the people completing the survey that could harm them or

    raise
    > concerns about identity theft or whatnot; she only wants to ensure that a
    > given person only completes the survey once.
    >
    > --
    > Rhino
    > ---
    > rhino1 AT sympatico DOT ca
    > "There are two ways of constructing a software design. One way is to make

    it
    > so simple that there are obviously no deficiencies. And the other way is

    to
    > make it so complicated that there are no obvious deficiencies." - C.A.R.
    > Hoare
    >


    I think it is not possible, but I may be wrong.

    You can't use IP address or MAC address because it is possible that more
    than
    one person legitimately answers your survey using the same machine. Or using
    the same user account on the same machine.

    Users are often suspicious when you tell them that their identity is
    anonymous.

    You can assign a unique password for each user, have them use the password
    when they fill out the form and if they try to do it more than once let the
    most recent set of answers supersede the previous ones. This way you will
    not
    get multiples, but they will be suspicious that you are going to use the
    data against them in some way.
     
    Liz, Jun 18, 2004
    #2
    1. Advertising

  3. Hi Rhino,

    MAC-Address or CPU-Id (which both can be faked with more or less afford) is
    not accessible in a HTML-Form. So no chance.
    By the way, the user could use different computers (internet-cafes etc.) to
    change that simply.

    I would suggest the user has to register for an account first which is
    uniquely bound to an e-mail address, where the system generated password to
    access the survey is sent to. So only each e-mail address can register
    exactly once. Of course users which have many e-mail addresses can register
    more then once and do the survey more then once.
    On the other hand e-mail address could be a problem, because it's not 100%
    anonymous then, but i dont have a better idea at the moment.

    Regards,
    Clemens


    "Rhino" <> schrieb im Newsbeitrag
    news:CUpAc.34363$...
    > I'm really not sure what the best place is to ask this question so please
    > forgive me if this isn't it - and redirect me to the right place, if you
    > know what that is ;-)
    >
    > I'm trying to figure out if there is any reliable way to uniquely identify

    a
    > user or the computer that they are using WITHOUT asking them explicitly.
    >
    > I am trying to help someone non-technical achieve something that it is out
    > of my area of expertise. She has created an HTML form that contains a
    > survey. She wants to collect responses and analyze the data so that she

    can
    > make certain decisions based on the answers.
    >
    > The survey is anonymous. In other words, she doesn't ask the people who
    > complete the survey for any identifying information like name, Social
    > Security Number, phone number or anything else that might be uniquely
    > identifying. I'm not clear if she is not allowed to ask for such things by
    > her organization's policy or whether she simply doesn't want to but the
    > bottom line is that nothing is known about the person who completes the
    > survey. By the way, the survey is an administrative questionaire about
    > university policies, nothing to do with spam or marketing of any kind.
    >
    > She is concerned that some people will be tempted to complete the survey
    > multiple times to skew her analysis and asked me if there is some way that
    > she can ensure uniqueness of each response so that no person can complete
    > the survey more than once.
    >
    > My best guess was that a MAC address might do the trick. However, when I

    did
    > some research on this, I found information to the effect that:
    > a) not all computers have a MAC address
    > b) a computer can have multiple MAC addresses if it has multiple network
    > cards
    > c) the MAC address of many network cards can be changed, although it is

    not
    > something a typical user would normally do
    >
    > Please correct me if any of this information is wrong; I'm not a

    networking
    > guy so maybe I misunderstood!
    >
    > If all of the above information is correct, it would seem to eliminate the
    > MAC address as a solution. Therefore, I'm wondering if there are any other
    > solutions to this problem?
    >
    > I saw one post that said there was talk of burning unique serial numbers

    in
    > CPUs but I got the impression that this was only proposed (in 1999) and
    > would only apply to Intel chips. That clearly lets out older CPUs and
    > non-Intel ones as well, making this a useless approach.
    >
    > Can anyone suggest another approach? She doesn't want to know anything
    > secret about the people completing the survey that could harm them or

    raise
    > concerns about identity theft or whatnot; she only wants to ensure that a
    > given person only completes the survey once.
    >
    > --
    > Rhino
     
    Clemens Martin, Jun 18, 2004
    #3
  4. Rhino

    Roedy Green Guest

    On Thu, 17 Jun 2004 19:34:59 -0400, "Rhino"
    <> wrote or quoted :

    >
    >I'm trying to figure out if there is any reliable way to uniquely identify a
    >user or the computer that they are using WITHOUT asking them explicitly.


    Basically all the easy to get unique stuff is in the System
    properties.
    See http://mindprod.com/wassup.html


    Intel CPUs have a unique serial number. You can get it via
    http://mindprod.com/products.html#PENTIUM

    AMD CPUs do not. It is too open to Ashcroftian abuse.

    See http://mindprod.com/products2.html#SNIFF for other info you can
    get via DOS.

    Face IP is not permanent. See http://mindprod.com/jgloss/ip.html

    Mac address is unique, but requires JNI for each platform or exec
    fiddles to find it out in a different way on each platform.

    --
    Canadian Mind Products, Roedy Green.
    Coaching, problem solving, economical contract programming.
    See http://mindprod.com/jgloss/jgloss.html for The Java Glossary.
     
    Roedy Green, Jun 18, 2004
    #4
  5. Rhino

    Roedy Green Guest

    On Thu, 17 Jun 2004 19:34:59 -0400, "Rhino"
    <> wrote or quoted :

    >
    >Can anyone suggest another approach?


    You can take a disk profile or a hardware profile. you could note the
    sizes and dates of files that have not been modified in a long time.

    You could simply assign each machine a unique number and store it on
    the machine in the registry. see
    http://mindprod.com/jgloss/preferences.html

    --
    Canadian Mind Products, Roedy Green.
    Coaching, problem solving, economical contract programming.
    See http://mindprod.com/jgloss/jgloss.html for The Java Glossary.
     
    Roedy Green, Jun 18, 2004
    #5
  6. Rhino

    Sudsy Guest

    Rhino wrote:
    > I'm really not sure what the best place is to ask this question so please
    > forgive me if this isn't it - and redirect me to the right place, if you
    > know what that is ;-)
    >
    > I'm trying to figure out if there is any reliable way to uniquely identify a
    > user or the computer that they are using WITHOUT asking them explicitly.
    >
    > I am trying to help someone non-technical achieve something that it is out
    > of my area of expertise. She has created an HTML form that contains a
    > survey. She wants to collect responses and analyze the data so that she can
    > make certain decisions based on the answers.


    There's no absolute, guaranteed way to achieve this. I like the e-mail
    idea posed but people can have multiple addresses. Could you use a
    cookie in conjunction with the e-mail qualification?
    If the user is savvy enough to know how to purge cookies then you're
    SOL, however. Then again, a non-intrusive survey...
     
    Sudsy, Jun 18, 2004
    #6
  7. Rhino

    Hal Rosser Guest

    Have the app set a cookie on the users browser, then you can tell if the
    same machine was used more than once by getting the cookie - if it exists -
    then don't count the vote again.

    "Rhino" <> wrote in message
    news:CUpAc.34363$...
    > I'm really not sure what the best place is to ask this question so please
    > forgive me if this isn't it - and redirect me to the right place, if you
    > know what that is ;-)
    >
    > I'm trying to figure out if there is any reliable way to uniquely identify

    a
    > user or the computer that they are using WITHOUT asking them explicitly.
    >
    > I am trying to help someone non-technical achieve something that it is out
    > of my area of expertise. She has created an HTML form that contains a
    > survey. She wants to collect responses and analyze the data so that she

    can
    > make certain decisions based on the answers.
    >
    > The survey is anonymous. In other words, she doesn't ask the people who
    > complete the survey for any identifying information like name, Social
    > Security Number, phone number or anything else that might be uniquely
    > identifying. I'm not clear if she is not allowed to ask for such things by
    > her organization's policy or whether she simply doesn't want to but the
    > bottom line is that nothing is known about the person who completes the
    > survey. By the way, the survey is an administrative questionaire about
    > university policies, nothing to do with spam or marketing of any kind.
    >
    > She is concerned that some people will be tempted to complete the survey
    > multiple times to skew her analysis and asked me if there is some way that
    > she can ensure uniqueness of each response so that no person can complete
    > the survey more than once.
    >
    > My best guess was that a MAC address might do the trick. However, when I

    did
    > some research on this, I found information to the effect that:
    > a) not all computers have a MAC address
    > b) a computer can have multiple MAC addresses if it has multiple network
    > cards
    > c) the MAC address of many network cards can be changed, although it is

    not
    > something a typical user would normally do
    >
    > Please correct me if any of this information is wrong; I'm not a

    networking
    > guy so maybe I misunderstood!
    >
    > If all of the above information is correct, it would seem to eliminate the
    > MAC address as a solution. Therefore, I'm wondering if there are any other
    > solutions to this problem?
    >
    > I saw one post that said there was talk of burning unique serial numbers

    in
    > CPUs but I got the impression that this was only proposed (in 1999) and
    > would only apply to Intel chips. That clearly lets out older CPUs and
    > non-Intel ones as well, making this a useless approach.
    >
    > Can anyone suggest another approach? She doesn't want to know anything
    > secret about the people completing the survey that could harm them or

    raise
    > concerns about identity theft or whatnot; she only wants to ensure that a
    > given person only completes the survey once.
    >
    > --
    > Rhino
    > ---
    > rhino1 AT sympatico DOT ca
    > "There are two ways of constructing a software design. One way is to make

    it
    > so simple that there are obviously no deficiencies. And the other way is

    to
    > make it so complicated that there are no obvious deficiencies." - C.A.R.
    > Hoare
    >
    >



    ---
    Outgoing mail is certified Virus Free.
    Checked by AVG anti-virus system (http://www.grisoft.com).
    Version: 6.0.707 / Virus Database: 463 - Release Date: 6/15/2004
     
    Hal Rosser, Jun 18, 2004
    #7
  8. Rhino

    Andy Fish Guest


    > I am trying to help someone non-technical achieve something that it is out
    > of my area of expertise. She has created an HTML form that contains a
    > survey. She wants to collect responses and analyze the data so that she

    can
    > make certain decisions based on the answers.
    >


    I am guessing that if the person is non-technical and has developed an HTML
    form, she is intending to run the form from a web site and have users access
    it using a browser.

    in this case there is precious little information you can get about the
    user's PC or environment. The best way would probably be an HTTP cookie
    (this would require some programming on the web server but is not rocket
    science). however, there are many ways to defeat this if someone wanted to
    skew the results.

    think of the survey as like voting. the closest you can get to a fair result
    is by having a list of everyone registered to participate and have each
    person who does so authenticate themselves to the system.
     
    Andy Fish, Jun 18, 2004
    #8
  9. Rhino

    Rhino Guest

    Thank you all very much for your suggestions. I will pass them on and let
    the developer of the form see if there are any that she would like to try.

    She wasn't expecting a perfect solution but was hoping to get something that
    would quiet at least some of the people who might be concerned about
    security. I think you've given us some reasonable solutions.

    Rhino
     
    Rhino, Jun 18, 2004
    #9
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Goh
    Replies:
    4
    Views:
    7,922
    Steven Cheng[MSFT]
    Dec 16, 2005
  2. Bolin
    Replies:
    3
    Views:
    326
    Bengt Richter
    Nov 10, 2004
  3. ToshiBoy
    Replies:
    6
    Views:
    858
    ToshiBoy
    Aug 12, 2008
  4. Alexander
    Replies:
    9
    Views:
    537
    Jorgen Grahn
    Jan 12, 2011
  5. Token Type
    Replies:
    9
    Views:
    364
    Chris Angelico
    Sep 9, 2012
Loading...

Share This Page