Consider replace IP restriction with another mechanism

[lenaten]

IPv4 addresses are almost over, so a lot of ISPs provide a single IP to multiple users (NAT).
One possible and simple user validation could be a Github user account.

[scttcper]

Maybe have them sit on a landing page and complete a proof of work? https://github.com/indutny/proof-of-work
Edit: used here currently https://indutny.github.io/vote.wdgt/

[aleemb]

Another mitigation strategy is to expire IPs in the database after X minutes. This will let people vote once per X minutes which is enough to mitigate voter fraud and also sufficient to avoid collisions (two people behind same IP voting within X minutes of each other). Not sure if DynamoDB supports this but I have implemented something similar in Redis since features key expirations.

The proof-of-work concept is pretty cool too.

[aleemb]

DynamoDB supports it seems https://aws.amazon.com/about-aws/whats-new/2017/02/amazon-dynamodb-now-supports-automatic-item-expiration-with-time-to-live-ttl/

This will also keep the number of records to a minimum since you won't have to store millions of IP addresses.

[tj]

ahh I'm storing in a set right now, in the poll's doc, but could create a second doc for the ip set which expires as a whole