Are people that have been banned able to some how return under different accounts and continue to cheat?
yes. no website can stop multi-accounting if the person uses a vpn
Sometimes lichess banned the adress IP and you can't reopen an account on your computer
@FT-Chess VPN
ip addresses aren't people.
where I live, domestic internet services have dynamic ip addresses that change, (unless people pay extra) and, my isp has many homes share the same ip. so not only does banning an ip not ban a person because they can reboot their router and get a new ip, banning an ip could affect many innocent people.
where I live, domestic internet services have dynamic ip addresses that change, (unless people pay extra) and, my isp has many homes share the same ip. so not only does banning an ip not ban a person because they can reboot their router and get a new ip, banning an ip could affect many innocent people.
when a website you regularly use wants to uniquely identify you, they don't need your ip for that. an ip is just helpful, but not necessary.
edit: read this for example www.cs.utexas.edu/~shmat/shmat_oak08netflix.pdf and consider how much data websites would have about you. login times, preferences, languages and so on.
edit: read this for example www.cs.utexas.edu/~shmat/shmat_oak08netflix.pdf and consider how much data websites would have about you. login times, preferences, languages and so on.
I used brave browser, privacy badger, ublock origin, and I have a separate brave browser for google, I only log into google on that one browser. same for facebook but I rarely use it. I use a vpn for everything I can and where speed doesn't matter.
after all of that, I'm not confident I'm not being tracked using browser finger printing (mine is probably unique), email address or something else I'm not aware of, and my phone is a big leak. But I've done what I'm willing to do. so I'm happy.
lichess doesn't have ads or social media buttons, etc, they have a cookie for keeping you logged in and I believe a cookie for the size of the chess board. No idea if they try to fingerprint browsers, it's easy to change your browser's fingerprint (I should get around to it one day), and change it to something that's common.
I can't see a way for lichess to keep slightly knowledgeable people from creating new accounts. I kind of feel like finding out for the challenge, but I don't want to be any more of a pest than I already am.
I'm not sure what de-anonymising datasets has to do with anything.
after all of that, I'm not confident I'm not being tracked using browser finger printing (mine is probably unique), email address or something else I'm not aware of, and my phone is a big leak. But I've done what I'm willing to do. so I'm happy.
lichess doesn't have ads or social media buttons, etc, they have a cookie for keeping you logged in and I believe a cookie for the size of the chess board. No idea if they try to fingerprint browsers, it's easy to change your browser's fingerprint (I should get around to it one day), and change it to something that's common.
I can't see a way for lichess to keep slightly knowledgeable people from creating new accounts. I kind of feel like finding out for the challenge, but I don't want to be any more of a pest than I already am.
I'm not sure what de-anonymising datasets has to do with anything.
@glbert said in #6:
> when a website you regularly use wants to uniquely identify you, they don't need your ip for that. an ip is just helpful, but not necessary.
>
> edit: read this for example www.cs.utexas.edu/~shmat/shmat_oak08netflix.pdf and consider how much data websites would have about you. login times, preferences, languages and so on.
if a website only has like 10 users that might work. if a website has 1,000,000 suddenly there will be way too many false flags
another thing they absolutely could do is look at the cookies on your browser to identify you, but then people would just play chess with an incognito window + VPN
Some websites try to maintain a database of VPN IP addresses to detect if someone is a VPN user. the problem with this is there are special decentralized VPNs out there. Centralized servers that people route traffic thru can be "remembered" a decentralized VPN allows you to swap ip addresses with other random people around the world.
> when a website you regularly use wants to uniquely identify you, they don't need your ip for that. an ip is just helpful, but not necessary.
>
> edit: read this for example www.cs.utexas.edu/~shmat/shmat_oak08netflix.pdf and consider how much data websites would have about you. login times, preferences, languages and so on.
if a website only has like 10 users that might work. if a website has 1,000,000 suddenly there will be way too many false flags
another thing they absolutely could do is look at the cookies on your browser to identify you, but then people would just play chess with an incognito window + VPN
Some websites try to maintain a database of VPN IP addresses to detect if someone is a VPN user. the problem with this is there are special decentralized VPNs out there. Centralized servers that people route traffic thru can be "remembered" a decentralized VPN allows you to swap ip addresses with other random people around the world.
@bufferunderrun I'm curious if it's against ToS to discuss this type of stuff since it could be applied to Lichess
> if a website only has like 10 users that might work. if a website has 1,000,000 suddenly there will be way too many false flags
sure, if they wanted to do it for *every* user, because they want to automatically serve them ads, then it wouldn't work. at least not currently, to the best of my knowledge. (it might in the future though.)
but if they wanted to do it for a couple of pesky users, because they share illegal stuff on the site for example, then they could absolutely do it.
people are way too hung up on ip addresses as an identifying tool. they underestimate how many peculiarities there are about their habits when interacting with websites.
sure, if they wanted to do it for *every* user, because they want to automatically serve them ads, then it wouldn't work. at least not currently, to the best of my knowledge. (it might in the future though.)
but if they wanted to do it for a couple of pesky users, because they share illegal stuff on the site for example, then they could absolutely do it.
people are way too hung up on ip addresses as an identifying tool. they underestimate how many peculiarities there are about their habits when interacting with websites.
This topic has been archived and can no longer be replied to.