I tested to see if I could game the system regarding credits in the Guest Access of our PickAxes.
I opened an incognito window in Chrome and Safari to hide my IP address and use guest access on one of my PickAxes. I was only allotted one credit, and the good news is that if I stay in the window, I have to upgrade.
The minute I close out the window and open a new incognito window, I can bypass the IP system and not be recognized as being in a new session, and I get another credit to use.
To solve this, can you program Pickaxe so we can block this behavior with incognito mode and block people browsing the web using VPNs?
Writing IF logic, for example, if an IP address can’t be identified, then block that particular user from using guest mode and only show the sign-up buttons.
@admin_mike Let me know if this can be done; otherwise, the only solution I can think of is to switch back to email registration so that each user gets one test credit.
They can still game the system, but it is more complicated. They would have to delete their email, lose their previous outputs, enter their email again, and verify it to get an extra credit. It’s very tedious to get one credit each time.
Once we see the abusers using the same email or duplicate emails, can we block those emails to mitigate risk?
Just to clarify how we catch the abusers, when they delete their email, it gets deleted on the back end, so we wouldn’t see who is gaming the system.
However, if we have notifications turned on to send us an email to notify us when a new user signs up, that is when we will have a pile of new users sign up for the same email user. The next step would be to block that particular email if you allow us to do this?
Following up on this to see if there is a solution yet.
It’s a good question.
We recently moved away from using IP address, which is how this problem cropped up. We found that IP address had other problems, and decided to make the switch to a browser based cookie instead.
An example of the problem of IP address, if multiple users are in the same room, you’ll have trouble and confusion.
One question, do you actually suspect this is being taken advantage of thusfar? Since we made the switch we’ve been monitoring, and haven’t noticed an big spikes.
We’ll consider some more options/fixes, but do you think you’re currently facing abuse?
3 Likes
I haven’t launched my studios to the public yet, but I was hoping there was a way to prevent this before they go live very soon.
Ok, I am more reassured since you haven’t seen any spikes on your end.
Until you implement more safeguards, I will opt out of Guest Access and Go with Free Member Sign Up to at least implement some safeguards to prevent abuse.
I assume most people won’t take the time to keep signing up, verifying their email, and then deleting themselves, losing their data outputs for one credit each time.
This makes sense and we understand your concerns. We’re planning to add some more fingerprinting soon, but in the meantime requiring sign up and email verification is a great solution. It’s what most of the big guys do as well!
2 Likes