1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Brexit Discussion - The new thread

Discussion in 'Speaker's Corner' started by Feek, Sep 5, 2019.

  1. GizF1

    Gangster

    Joined: Jun 21, 2016

    Posts: 403

    Location: Worcestershire

    So each of the 1000 people only did it for 125 hours or 5 days solid then?

    And finding 1000 people actually bothered to do that for a petition that could have benefits for either side for a vote that hadn't even happened yet?
     
  2. doodah

    Capodecina

    Joined: Oct 18, 2002

    Posts: 20,766

    Location: London

    The UK is asking for their papers to be kept from the other 27 member states for review. My Spidey sense is definitely tingling.
     
  3. GizF1

    Gangster

    Joined: Jun 21, 2016

    Posts: 403

    Location: Worcestershire

    Wouldn't any decent petition site have flags lit up for 1000s of requests from random@alsorandombutallthesame.com?

    And like I said the petition could have helped either side and was for a vote that hadn't happened so why would anyone bother?
     
  4. GordyR

    Mobster

    Joined: Dec 1, 2003

    Posts: 4,955

    Location: Essex

    You're quite right, it would. I edited my post to include the fact that we know it checks for foreign and duplicate IP addresses shortly after posting it :p
     
  5. Mr Jack

    Capodecina

    Joined: May 19, 2004

    Posts: 17,305

    Location: Kiel, Germany

    Uniquesness of email addresses usually only relies on part of the email, so that mrjack@google_mail.com and drjack@google_mail.com would be treated as different emails. You only need to vary the part in front of the @ symbol to be considered different email. It has to be this way because that's exactly how many big email providers format their email addresses.

    You don't have to do any setting up of email addresses. Imagine my domain is mrjack.com, I can then set up the email so that any address of the form anythingyoulike@mrjack.com goes to a single email address. Now I can enter emails of george.russell@mrjack.com, GordyR@mrjack.com, or whatever and they'll end up in the same place. This isn't theoretical, it's actually how I have my email set up (not with mrjack.com though, obvs.). I don't have to make up a new email account, I just use the email and if ends in mrjack.com then it ends up in my mailbox. Every webhost I've used provides this as an option.
     
  6. Nasher

    Capodecina

    Joined: Nov 22, 2006

    Posts: 14,103

    Because years ago when it was released I took a look at the live data stream and most of the signatures weren't even coming from within the UK...

    They have probably fixed it since then. But there are always ways to cheat these online polls and being such high profile ones you can pretty much guarantee people are messing with it.
     
    Last edited: Sep 20, 2019
  7. Mr Jack

    Capodecina

    Joined: May 19, 2004

    Posts: 17,305

    Location: Kiel, Germany

    This old canard, hey?

    The number of signatures from outside the UK is commensurate with the number of British Citizens (like me) who live outside the UK. You don't have to live in the UK to be British, to vote in British elections, or to sign these petitions.
     
  8. Bounce

    Wise Guy

    Joined: Dec 22, 2011

    Posts: 1,196

    Location: Stoke-on-Trent

    1000 people or 1 people, the fact is its easy to sign a petition more than once, as I demonstrated earlier.

    I have 2 unique email addresses ( One for work, One for personal), which will allow me 4 signatures, I can make a fake name up for all 4, and register a signature 4 times.

    So for a petition that receives 100,000 signatures how do we know that they are unique users? and not been made by the same 25,000 people?
     
  9. Nasher

    Capodecina

    Joined: Nov 22, 2006

    Posts: 14,103

    But when it's more non-UK locations poping up than UK ones. Also loads from the same location, with what look like randomly generated info based on UK postcodes...
     
  10. Demon

    Soldato

    Joined: Oct 22, 2002

    Posts: 6,637

    You don't need to setup and register 3000 email addresses, you just need a domain with an email catchall, you get an unlimited number of email addresses with zero setup..

    Then you just script up parsing all received emails and using the verification link to complete the process.

    A UK based VPN would allow the location to appear in the UK, and on top of that the number of VPNs available would allow you to do small batches and maybe even generate postcodes for the geographical location of the VPN's IP address.
     
  11. GordyR

    Mobster

    Joined: Dec 1, 2003

    Posts: 4,955

    Location: Essex

    I see so what you're saying is that you would create your own email domain and setup 1000's of unique email addresses on that domain.

    Fine, you're right. That would work.

    Although I would expect 1000's of signatories from a single non high-profile domain (@gmail.com / @outlook.com etc) would get flagged and investigated pretty quickly.

    Regardless, even so you would still have to write the parsing script, write a random time responder, link it to up some kind of spoofer, and write a script create random email addresses.

    You can reduce the time spent on actually confirming the email addresses yes. But I'm genuinely not convinced that it's something that would ever save all that much time if you were to do it in a fashion that's not easily detectable.
     
    Last edited: Sep 20, 2019
  12. Mr Jack

    Capodecina

    Joined: May 19, 2004

    Posts: 17,305

    Location: Kiel, Germany

    It wasn't more non-UK than UK, it was around 3.8% for the biggest "Stop Brexit" petition. If you have an example where that's not true, please share it. I'm not sure what you mean by "randomly generated info based on UK postcodes", and how you distinguish it from real data?
     
  13. GizF1

    Gangster

    Joined: Jun 21, 2016

    Posts: 403

    Location: Worcestershire

    We don't but even though there is no way 25,000 peoole would do it saying 25,000 people voted 4 times is a lot more believable than saying a petition that amassed 4,000,000 votes is worthless because x amount of votes came from "bots"

    Either the total bot votes are a lot less in which case its still a popular and valid opinion that a lot of people chose to petition on or the number of individual rogue voters is a lot higher which then becomes almost farcical to imagine that many people bothered enough to vote several times over and over.
     
  14. Demon

    Soldato

    Joined: Oct 22, 2002

    Posts: 6,637

    You don't need to "create" any email addresses as such, just randomly make up some text in front of the @sign, any email coming in to a random word before the @ just goes to whichever email account you've assigned to catch-all..

    Sadly its fairly trivial for anyone who develops software to code this up fairly easily in a multitude of ways. I used PHP last time I had to do something similar (testing our holiday system) spoofing email addresses and rendering links within a received emails to test end to end every scenario and I'd say I only dabble on that side of things.
     
    Last edited: Sep 20, 2019
  15. Mercenary Keyboard Warrior

    Sgarrista

    Joined: Aug 4, 2007

    Posts: 9,844

    Location: Wilds of suffolk

    I am not even sure it matters anyway, the government response to most is laughable.
    There will always be the possibility for some fraud, but in this case literally who cares.

    I am sure they put some effort into eliminating clear massive abuses, but for normal petitions then its just indicative, is there a bit of feeling, a fair amount, loads etc.

    As these now go sort of viral then they all tend to get more than the point that requires a response, and you see basically a cut and paste response from the government.

    Its hardly worth worrying about, and if people literally want to waste their time trying to game it, good luck to them, I have better things to do personally ;)
     
  16. GordyR

    Mobster

    Joined: Dec 1, 2003

    Posts: 4,955

    Location: Essex

    I develop software for a living. Writing the scripts is indeed trivial, I covered that in my first post on the matter.
     
  17. Bounce

    Wise Guy

    Joined: Dec 22, 2011

    Posts: 1,196

    Location: Stoke-on-Trent

    The thing is, I'm sure they would be people out there that would game it, just for the sake of it.
     
  18. Mr Jack

    Capodecina

    Joined: May 19, 2004

    Posts: 17,305

    Location: Kiel, Germany

    Yes, as I said, the petition site doesn't just rely on these crude stops. I imagine they also pay particular attention to high profile petitions too.

    I would think I could knock out a script in a few hours. None of the individual steps are that complex. I'd think that it would be significantly faster than doing manually. To significantly influence a petition though, you'd need to upscale it to something like a botnet and then you'd need another level of complexity; although, again, quite doable. And I wonder whether the people with access to botnets are really going to waste their time on something like this.
     
  19. GordyR

    Mobster

    Joined: Dec 1, 2003

    Posts: 4,955

    Location: Essex

    Sorry... I edited my post to include the following straight after posting:

    Regardless... You're not wrong that it's technically doable. But the method you've described would be pretty easy to detect and account for.

    Given that security experts appear to take the view that it would be difficult, cumbersome and not particularly worthwhile, presumably they have take your method in to consideration and are of the understanding that it would immediately flag for review on the petition site.
     
    Last edited: Sep 20, 2019
  20. Bounce

    Wise Guy

    Joined: Dec 22, 2011

    Posts: 1,196

    Location: Stoke-on-Trent

    Yes the Petition form is very basic, no captcha at all to determine if they are human or a bot which is baffling.