I have a website where people can interact with different objects to view specific content. I would like to know which objects get the most interactions by real people. For example there are thumbnails of images and I would like to know when a user clicks on a thumbnail to view an image.
To do this I thought I would create a psql table with thumbnail_id and an IP address, where every single view is stored (to ensure every combination of thumbnail and ip is only counted once and people can't just spam click it).
And so every time a click happens, a post request on a /views endpoint with the thumbnail id attached is made in the background.
The proplem is, some people may be incentivized to create bots to auto click certain images with many different IPs.
So I was wondering if I could use recaptcha v3 to identify real users as opposed to bots which would include a token with every view request.
But I was wondering, would is this too much for my backend to handle (since it would have to talk to googles servers every time anybody views an image, which might be every few seconds for each user and I would be billed while the server waits for a response) or be too expensive, since I have to pay google on every request? Or is there some other obvious problem with this?
I'm asking since I have only ever found recaptcha used for single form validation and never for traffic measurements, even though that seems like a pretty obvious use case.
Related
I'm making a custom tab app of MS Teams with ASP.NET, however, the tab doesn't seem to pass a same cookie between requests on MS Teams. So the ASP.NET app behind the tab generates a new Session.SessionID on every request.
I've checked the following question, and tried some settings according to that page, but nothing helped me. Actually my web site works nicely if I navigate it via Chrome or Edge.
ASP.NET: Session.SessionID changes between requests
How do I get a same cookie between requests on MS Teams?
I've not tested this specifically so haven't seen it, but basically the broad idea of session is to have to uniquely "remember" a user, and then restore State for them from a location (e.g. database). From your question, it seems like the out of box "Session" object is giving trouble, but at any rate you should probably avoid using it because it won't "remember" the user even across devices.
However, Teams provides you a way to achieve the same thing yourself quite easily. Remember that the Teams 'Context' object provides a userObjectId property that is unique and valid for the same user on all sessions on all devices (it's actually their Azure Active Directory id). You can simply store whatever you want in your own database, key'ed by this id, and request it on page load. It's also possible to get this from the querystring for a static (personal) tab if you want to handle the behaviour server-side (e.g. C#).
I have about 1 million URI logs of user activity on my network, I want to know how many of those 1 million are for Facebook, how many are for Twitter, and so on..
It's easy to link URIs like cdn.xyz.twitter.com , platform.twitter.com to Twitter
However, the problem I'm facing is that I'm not able to link no more than 40% of the URLs captured to real websites, a URL like xys.1234.com can be something in facebook for example, but there isn't a link between that URL and facebook.com domain, thus will just be listed as a stand-alone website, which is wrong (or not what I want).
Also, all API calls won’t also be easily linked to their domains because some websites are maybe using amazon web services and that's what is being logged.
And Many of the URIs are generated from ad services, I want to know where this ad is generated from ( on what website or mobile application did the user click on the ad? ).
Snapshots of URIs so you would understand the whole picture.
https://imgur.com/a/2Ocqi
https://imgur.com/a/bmhNv
So you're trying to match up outgoing requests? How do you expect to know that a user who accessed xyz.1234.com did it through Facebook rather than independently by typing the URL into the address bar? Or by clicking a link from some other page? Your log doesn't contain information that tells you which URLs are linked from which page. Without another source of information, you can't be sure.
You could examine the requests for multiple users and infer relationships. That is, if you notice that all (or a majority of) requests to xyz.1234.com occur after a Facebook request, you can infer that the request occurred as a result of a click on a Facebook page. Doing so will require some interesting pattern matching. How well it works will depend on how much data you have to work with, how well you write the pattern matching, and how much time you're willing to let the algorithm run.
There's no simple answer, though. If you don't have data that explicitly says, "this request was made by clicking on a link from Twitter," then you have to either get another source of information or you have to write code that will infer that information.
I'm trying to find a way to have Square not forcefully redirect my web application on a Connect payment. Right now, I've registered my url in https://connect.squareup.com/apps as https://example.com/square_callback (or whatever), and I pass along my own metadata that tell my application where to redirect back to so our users don't have to drill all the way down to where they were when they first jumped in.
So two questions.
One, is there a way to have that URI be dynamic? They're taking payments from https://example.com/customer/1351743, and that's where I want them to return to, so is there a way to have a wildcard redirect uri, something like https://example.com/customer/*?
Second, is there a way to not have the page refresh at all? These particular pages take a while to load, our users are out in the field with spotty connections, so while I want the square response to go to the server, I'd rather have their page not refresh at all. Possibly by using # in the URI?
To answer your first question, you can not register a wildcard domain or specify the the url in the request. This is mostly a security measure to prevent someone from skimming your information by hijacking your javascript. You can specify multiple urls in the developer portal and dynamically pick between them with your request.
I'm not 100% sure I understand your second question, but I'm going to interpret it as you want to switch back from the point of sale application to your webpage without "refreshing" the page. This isn't possible, since the app switch isn't as much of a switch back, as it is opening a new url. If you didn't load a new page, it wouldn't be possible to use the GET parameters that Square sends you back in the response from the transaction.
Sorry, both No :(
I am developing a user-generated content site. The goal is that users are rewarded if their content is viewed by a certain number of people. Whereas a user account is required to post content, an account is not required to view content.
I am currently developing the algorithm to count the number of valid views, and I am concerned about the possibility that users create bots to falsely increase their number of views. I would exclude views from the content generator’s IP, but I do not want to exclude valid views from other users with the same external IP address. The same external IP address could in fact account for a large amount of valid views in a college campus or corporate setting.
The site is implemented in python, and hosted on apache servers. The question is more theoretical in nature, as how can I establish whether or not traffic from the same IP is legitimate or not. I can’t find any content management systems that do this, and was just going to implement it myself.
You cannot reliably do this. Any method you create can be automated.
That said, you can raise the bar. For instance every page viewed can have a random number encoded into a piece of JavaScript that will submit an AJAX request. Any view where you have that corresponding AJAX request is probably a real browser, and is likely to be a real human since few bots handle JavaScript correctly. But absolutely nothing stops someone from having an automatic script to drive a real browser.
Well... you can make them login (through facebook or google id etc, if you don't want to create your own infrastructure). This way it is much easier to track ratings.
I am new to webOS development. I have one app in the app store and in the next update to the app I would like to be able to identify the age of users, their location, how long they use the app, which features they use the most/least and then store that data in a database. How do I do this? Many thanks in advance for your help.
Well, that's a pretty big question. Here's an outline of what to do, with some notes.
First, you're probably not going to be able to get age unless you ask the user directly and they tell you. Also, you're only going to get location if the application is location-aware and the user permits you to collect that data (when you install a location-aware application, it asks the user if they're okay with the fact that the application will be able to get their location).
As for how long they use the app and which features they use, that's easier. Depending on the granularity you need/want to capture, you can just record time stamps when a user starts and stops using a particular feature, such as when scene activate and deactivate methods fire. As long as you store feature name and timestamp, that should give you what you're looking for.
Then comes to question of collection. However you store it in the app, you have a couple of choices for how to get it out of the app. Unless you can get your users to just email the data to you, probably the easiest thing to do would be to create a web app (possibly with no user facing output, since you're just using it to collect data) using something like Google App Engine that gives you a URL you can send a POST request to using an HTTP request. Depending on how you set it up, it could do the request every time you collect a timestamp (bad for battery use, though), just occasionally, or only when the app is doing cleanup (possibly a problem if you don't get the request off in time).
I'd recommend taking a look online at how people do this type of thing in iPhone apps to get a good sense of how to do this type of thing. If you hit problems getting particular things to work, you can of course come here to StackOverflow with specific coding questions.