Discussion in 'Speaker's Corner' started by Feek, Sep 5, 2019.
What evidence you haven't shown me any?
So are you saying you're unaware of how they guard against people signing it more than once by using another name and/or different email address?
Lets say that 3 of the 4 million votes were 'botted'.
Lets say that those 3 million votes came from 1000 dedicated leave (edited as it was quite a sensible idea so both remain and leave would have signed up) voters who wanted a second chance if the result was close.
Each one would have had to set up and register 3000 email address and votes.
Lets say each one takes 5 minutes.
That would take each person 250 hours or 10 days of dedication.
Is that realistic?
That would be my view as well, another referendum now with the three clearly defined deliverable options, no deal, the governments deal or no brexit.
Just so you know you can sign a Petition twice off one email address.
No you can't.
Oh, and before you say it didn't always use to be like that it's irrelevant as duplicate email addresses were removed from petitions in the past.
It amazes me that on a computer forum people act like this stuff can't be easily automated.
This is true, because the petitions site puts a fair amount of effort into minimising the number of fake votes, and removing them.
Yes you can
Nothing stopping me or my partner, having 2 signatures each instead of 1 quite easily using the same e-mail address.
'A House of Commons spokesperson told us “Many people share an email account with a partner or do not have access to email. To ensure that the petitions system is as accessible as possible, up to two people can sign from the same email address. An email address can only be used twice.'
Also most people will have more than one email address, usually a personal email address and a work email address, so there would be nothing stopping me from putting 4 signatures on one petition.
They act like that because it can't (see above link).
Yes, it can. It's harder than without email verification, but it's easy to write a script that automatically checks an email address and "clicks" on the verification links. It's easy to set up a domain so that any address of the form firstname.lastname@example.org goes to the same email account, and it's easy to write a bot that automatically enters data into a webpage. None of this is particularly hard to do.
Are you aware that the link you provided rebuts the implication that you've been making about people going to great effort just to be heard and that the petitions are full of duplicates?
You also seem to have ignored that those email addresses are checked against postcodes, and i would assume the electoral register, that happens to record how many people actually live at the address.
Can you describe how you would do it?
I run a software development company and the best I can think of is:
- Parsing the email and looking for an HTML link or a string beginning with "http(s)://".
- Extracting that link if found, and firing off an http request to trigger the petition to update it's database.
That's easy enough to write... But the problem would be in getting this script attached to 1000's of email accounts.
You would have to write custom software designed to receive emails from all of these accounts, and then fire the script upon receipt.
Furthermore, each email address would need it's credentials to be input manually for this hypothetical software to be able to receive them.
Doing so would require more work than checking each actual account and manually clicking the link, surely?
Granted I've only given the above about 1 minutes thought, perhaps I'm missing something?
So you disagree with those two security experts when they said that it is much harder and a bit of a pain?
This is where you're going wrong. You just need 1 email account, and a domain that transfers all email coming to that domain to that account. This is a standard feature of domain hosting, I use it for all my email so that I can give a different email address to every company I deal with.
Well unless there's four people all living at the same address all with the same name then three or all of them would be removed, do you really think the extent of their security starts and ends at looking for duplicate email address?
Which two security experts are you referring to?
And if they said that automatically verifying emails sent to automatically generated email addresses is hard then they're just plain wrong, so I suspect they actually said something a bit different to that.
The ones the BBC article that i linked to quoted.
That's not correct surely. The emails from the petition site are being sent to each individually unique email address; not to a domain under your control.
How are you proposing to set up all of these unique email addresses to automatically forward to a single account that has a script attached?
Furthermore, we know that the petitions site tracks the IP addresses of the confirmation response, and weeds out foreign or duplicate ones, so you would have to custom write another IP spoofing layer surely?
I get that all of this is technically doable. I'm just far from convinced that it would be even remotely time effective.
Again, maybe i'm missing something.
Then they have, at the very least, overstated their case. This is not a hard problem to solve. Which is why, of course, the petitions website takes multiple steps to limit false signatories.
Separate names with a comma.