Would it be impossible to use bots ? Brexit petition?

Would it be possible to bot this petition in theory?


  • Total voters
    17

bl4ckh4tn00b

Newbie
Joined
Mar 19, 2019
Messages
10
Reaction score
2
I just read this article, see below for link.

The writer argues it would be impossible to bot 3 million signatures.

Thoughts? Possible? Not possible?

Just wanted some expert feedback. Just purely curiosity to be honest.

You can read the article here

htt p s://ww w.bb c.co .uk /ne ws/techn ology-47668946

Sorry wouldn't let me post a link, so you'll have to remove spaces.
 
Pretty stupid idea to be honest. You can legit register with a disposable email.
 
Wasnt it also in the media this morning that over 100k signatures where outside of the UK... (I know VPNs etc) but that sort of thing is always going to be open to abuse. I've signed things before with 4-5 emails..
 
Of course its possible, all you need is a rotating proxy around the UK, some disposable eMails and a good spinner. And there you go.
I won't go into details of how much it would cost but its pretty a good amount of money.
 
Absolute bollocks - if I put 12 hours into this, I'd be able to drop 100,000 fake signatures onto that easy.

I wouldn't, because it's highly illegal, but just saying, it can easily be done.
 
All the people saying that the numbers on this revokeart 50 petition are true are delusional! I've been trying to educate people and tell them how it's possible to use a bot to sign multiple times.
Even the Governments petitions committee haven't a clue - twit ter. com/HoCpetitions/status/1109153735509532679
Doesn't need to be from a foreign IP to be a bot!

As far as I can see the Gov petition site just checks IP addresses and postal address - is there even a Captcha?

and here is someone requesting such a bot on this very site ... /seo/need-a-bot-to-sign-online-petition.1099213/
 
Last edited:
Pretty stupid idea to be honest. You can legit register with a disposable email.

Exactly, plus no captcha and only a postcode verification.

Wasnt it also in the media this morning that over 100k signatures where outside of the UK... (I know VPNs etc) but that sort of thing is always going to be open to abuse. I've signed things before with 4-5 emails..

I think they investigated a previous petition and decided that a proportion were illegitimate. However according to the bbc article I mentioned it said that this recent petition is legit. However the website appears to be exactly the same, still no captcha. The only justification for it being completely legitimate is that some "IT security specialist" said that the email validation makes it too difficult. That sparked my question here.

Of course its possible, all you need is a rotating proxy around the UK, some disposable eMails and a good spinner. And there you go.
I won't go into details of how much it would cost but its pretty a good amount of money.

I figured it wouldnt be cheap, I guessed $500 per 100k ??? so it would be a quite expensive task generating 3 million. $15,000 area . Having said that, for any entity spending millions on campaigning /marketing it isn't a huge amount.

Absolute bollocks - if I put 12 hours into this, I'd be able to drop 100,000 fake signatures onto that easy.

I wouldn't, because it's highly illegal, but just saying, it can easily be done.

This is purely a discussion. nobody intends to actually do anything. I just suspected that the journalist in this case had done a bad job. I tend to believe you when you say you could crack this nut! I suspected that some geniuses would be able to outsmart such a simple system. Also people doing this may not be UK based thus not subject to UK law. Im not even sure manipulating an online petition is even illegal. Its not official voting.

All the people saying that the numbers on this revokeart 50 petition are true are delusional! I've been trying to educate people and tell them how it's possible to use a bot to sign multiple times. Even the Governments petitions committee haven't a clue - twit ter. com/HoCpetitions/status/1109153735509532679 Doesn't need to be from a foreign IP to be a bot!
As far as I can see the Gov petition site just checks IP addresses and postal address - is there even a Captcha?

so true, very valid points. Possibly the only way to educate them would be to show them. Alternatively they choose not too know because it suits them to be oblivious.
 
Seems the whole argument here is that since the activity is from the UK then it must be legitimate.

ht tp s: //brito rbot.or g/2019/03/22/revoke-article-50-petition/
 
Yes happens all the time in modern society. Politics will always has a corrupt card to play with nearly no background check.
 
They went spoke to three cyber security experts according to the article. Come on, let's be real. How many did they really ask?
Three people who agreed sounds better then one.

Like when advertising campaign have 78% of 5 people agreed. Okay then, that's an amazing figure for us to buy your product.

It's like when somebody is trying to beat a court case and a doctor takes the stand for both prosecution and defence. How many doctors would have the same opinion? How many doctors would be swayed by the publicity and pay day on both sides?

They all agreed that the petition's email validation process would be a deterrent.

The keyword is 'deterrent' - a thing that discourages or is intended to discourage someone from doing something.

"They would have to make a bot that signs up with unique email addresses, then clicks the unique link to sign," he said.

Well we all know those bots are easy to exist based on signing up to social media, captcha can be broken. Pair this easily created bot and a fake uk address generator.

So is it really that hard?

Yes, they seem to think that all fake activity must have a Russian ip address

That's because of the mail.ru spamfest.
 
ere illegitimate. However according to the bbc article I mentioned it said that this recent petition is legit. However the website appears to be exactly the same, still no captcha. The only justification for it being completely legitimate is that some "IT security specialist" said that the email validation makes it too difficult. That sparked my question here.

LOL because the BBC is known for using great sources not to mention always presents a clear and unbias view.
 
The whole brexit debacle is tedious. Why you'd want to get involved is beyond me.
 
Again, not to get into the politics of it but I've read a few different things about the verification methods. The statement about the email validation being a deterrent is absolute nonsense, clearly but they do have other methods of sorting and validating the data which seems more efficient, using the postcode entry.

There's a variable population density calculation used which defines the maximum number of people resident in an area defined by one postcode. The petition list will only 'count' entries submitted for any specific postcode up to the estimated population amount. So, if they receive 1000 petitions from a postcode which should only have 100 people living there, 900 of the submissions aren't counted in the final tally. For a manual check, they'll use local government electoral register details and carry out random cross checks that the name and postcode matches a resident's details.

Although, 3.8% of the votes come from overseas which is where the postcode system falls down. Technically, they're supposed to come from ex-pat citizens who have the right to vote but, again, the captcha and email verification isn't going to weed that out- I was wondering if they may have done something similar by allocating numbers of emigrants to country IP's?

Be interesting to see if there's a way of dealing with the postcode check, though. Something that occurred to me was that new housing developments are being built all the time and allocated brand new postcodes. Anyone who's lived in a new development in the UK will know the pain of the post office or automated systems not validating your address due to the inefficiency of the postcode information being propagated. So, maybe something could be done by using postcodes that don't yet exist but are numerically consistent with other postcodes in the same area, making it look like votes were coming from several new developments?
 
Back
Top