A Tudás Fájdalom ('knowledge is a pain')
Knowledge is a pain Power
Oh, yes, knowledge is power ('a tudás hatalom'). It's also a pain. It's a pain, because you have to wield power responsibly. And let's face it, all the alternatives are more fun. So for about 20 minutes this morning I was put in a quandary. Do I use my knowledge responsibly, or just have fun? Now, in everyday life I don't have a choice, my conscience and upbringing reign me in, but I've got a suspicion that given enough space and anonymity I'd be a Jack type (from Lord of the Flies), perhaps even like Roger.
Normally, normally I just don't have to worry about what shape my ID takes, but today it just went haywire, because some fool has placed me in two categories of 'The Satin Pajama Awards' over at 'A Fistful of Euros'.
I then had a problem. I knew I could win. It would be so, so easy. I could trounce the opposition with just a few bits of Java code and a list of anonymous IPs.
OK, so how was I going to win? Well, the voting system relies on collecting enough information about each voter to make sure they don't vote more than once in each category. The information that the poll tries to collect is...
Information people collect
1. Your IP (the web address that you are viewing the internet from)2. Cookie information (those hidden things that website use to remember who you are)
3. Computer information (if you don't have a firewall, you may be transmitting lots of information about yourself to the world, try Zone Alarm for a good free firewall).
So, to get round the voting system all I have to do is make sure that they don't get this information, or if they do I quickly get rid of it and vote again. So here is my step by step guide to internet
(If you'd prefer not to know, or you come out in spots at anything vaguely technical you should skip to the end bit "Where is this all going?")
Simple Anonymiser
1. You get access to the internet via an ISP. Some ISPs have multiple addresses. When you sign on to use the internet you are assigned one of these addresses or IPs. You need this IP address to that servers know where to send back the information you request when you click on a link in a web browser.So, just by logging off and back on again, you may be given a new IP address by your ISP. You can check what your IP is by going to What is my IP. So check this before you log off and after and if they are different then you have solved the first problem.
Better still, if you have a laptop and wireless access, then roam around signing up to various services available. Make sure you do step 2 and 3 in between each hook-up and you can vote at will.
2. You can clear your cookie cache by looking in the Tools->Options menu on your browser. If you know how to delete just the cookie set by 'a Fistful of Euros', otherwise you may lose some important information, or have to remember passwords/usernames for sites.
3. Make sure that your computer is not visible to the outside world. If this doesn't work (which it does by the way) then you need to step up a gear.
Medium Strength Anonymiser
1. You have two options, use a web-based service or downloadable program that integrates with your browser. So, for the first option, using a web based anonymiser service. With these the website you visit will be the web address that is seen by your real target. You request a web page through the anonymous proxy, which is why it's called a proxy. There are hundreds of these sites, so try a few (dozen).Otherwise you can use the desktop versions JAP short for Java Anonymous Proxy. This is a program that integrates with your browser and redirects all your web requests via a choice of servers. Both of these work, I've tried them (voting on a few underdogs). I'd also note that in using some of these proxies they were showing me that I had already voted! There is only one explanation for this, other people nominated in the poll are using these services to bolster their votes.
2 and 3. Just make sure you take the same precautions as in the Simple anonymiser.
High Strength Anonymiser
There are hundreds, if not thousands of open and perhaps insecure servers around the world that will let you direct your traffic through their server. Most of these probably don't know that you are doing this, but as long as what you are requesting is legal you are probably safe (though using anyone elses property without their consent is clearly theft and would be seen as such in most countries).When you vote, your choice is sent to the website as either a POST or GET request. Your voting preference is attached to your request. With GET requests the information is visible in the browser address bar. With POST requests the voting information is hidden. This is why most people use POST requests, it stops people seeing sensitive information too easily.
So, to vote, you don't even have to go to the website, you can just simulate voting by mimicking the web form request. First you have to look at the source of the webpage you want to emulate. This tells us the information we need to know to fake a real request. What we need to know is what is the form name, and what parameters do we need to attach to make our request. In this case the form name is given as <form method="post" action="afoeawards.php">So the webpage for voting is "afoeawards.php". Then we need the parameters to attach our vote. For option 10 of the first poll this would be:
<form method="post" action="afoeawards.php">. So we need to convert that into a request. First add the website address (the URL), which is "http://fistfulofeuros.net/". Add the webform "afoeawards.php". The add each of the parameters to this address, which is "?" followed by each parameter, followed by "&". The parameters for option 10 of the first poll are: "option_id=10", "action=vote" and "poll_ident=15".
Putting that all together, a crafted vote request would look something like this:http://fistfulofeuros.net/afoeawards.php?option_id=10&action=vote&poll_ident=15
But that still isn't enough, because if you just submit this, the server sees this as a GET request and it only accepts POST requests. To convert this into a POST request you need to know a bitabout programming and there just isn't space or time here to take you over that hurdle. Search on the internet for "simulating POST requests" and there is tons of information. There's bound to be something in your favorite programing language. Or perhaps some other tools you can use.
If you have Java, then you could just download JMeter to set up the request using this. Using Jmeter, you can also randomise the time of your requests to make them harder to detect. You could even set this up on a number of machines so that you have a whole army of drones voting for you.
Undetectable Anonymiser
There are many, many more ways, but this is my secret. Knowledge is power and I just don't trust you. Also, it's irresponsible to put knowledge into the minds of people that may not use it wisely or legally. It's taken me more than 10 solid years to become a programmer and gain my knowledge and in that time I've realised how fragile the internet democracy is. Only a fool would undermine that democracy.Where is this all going?
So, have I been a fool to tell you all this? No. This stuff is simple stuff, it's obvious for those who know just a little about the internet. And it's clear that these services (only the most obvious I might add) are already being used by people to cheat. Internet polls are not democratic, but they are fun. I don't approve of cheating, so this way we all have a level playing field. If you vote for me, do it once within the rules they publish. I would be honored with any votes.
Also note that Andy over Csikszereda musings needs your support.
I am certainly honored to be nominated, if only for the fact I am so lazy I never get round to dumping my mind much. Also, I love the fact that Catfish and I have been described as 'various' blogging contributors.
