There are several ways to detect multiple accounts:
- IP addresses including IPv6, IPs used at browsing and posting
- cookies
- evercookie for banned users
- browser fingerprinting
- mac address through javascript
An IP address detection alone is not enough to be certain that the accounts are operated by the same user. There are other factors that a script can consider:
- similar usernames
- similar email address
- similar username of one account as the email address in another account
- similar DoB
- similar user profile fields
- same email domain
- similar contact details
- posts in same forums
- visits or posts to the same threads
- accounts give likes to each other
- accounts do not have conversations with each other
- one or more accounts have warnings / bans
- IP address is dedicated or not.
- Email address is active or not (if the site requires active email to post)
The outcome of the above calculation allows a script to define users that have a very high probability to be duplicate accounts.
When a duplicate account is found there are various actions that can be taken:
- alert staff
- merge accounts
- send warning
- ban accounts
- make account discouraged user
- disallow registration
- ban IP
- ban browser fingerprint
- give evercookie
- remove likes traded between the accounts
- assign the report to a moderator
- ignore the report
- ignore reports about the user forever
Or any combination of the above. We should be able to define how duplicate accounts are handled for various types of users.
Mind that there is a significant difference between a malicious duplicate account and a genuine user with a duplicate account.
With the vbulletin MAD addon the process was inaccurate and very labor intensive. Staff needed to review all reports, review accounts, contact users, warn, merge, close the report. I have many thousands of reports on my site, so thats an insane amount of work.
With the above functions its possible to automate the whole process.
I would love to see a complete solution for multiple accounts.
