UK government petition site has small flaw
A petition to scrap the planned vehicle tracking and road pricing policy on 10 Downing Street's "e-petition" web site has garnered an astonishing 349,577 "signatures" and is the undisputed number one petition. But all may not be as it seems.
The e-petition site - which is still in beta - shows that there appears to be a way to "sign a petition" but which doesn't mean you have to enter tedious details like your email address to clock up the numbers.
When you sign a petition, you are asked for your name, address, post code and email and to confirm you're British. When you've submitted these, you are sent an email which asks you to confirm the link. We tested this by signing a petition about music and dance.
When you click on the email link in your inbox, it then takes you to a page which shows you've signed the petition.
But emails are doing the rounds for the number one petition on the site which appear to indicate you've joined the petition without actually having to go through the tiresome routine of entering name, address and post code, and waiting for an email to confirm it. You just merely enter a line in your browser and hey presto you appear to have endorsed the petition.
http://petitions.pm.gov.uk/traveltax/?signed=1
Which perhaps explains why, when we clicked on that address rather than fill in a form, the number magically clicked up to 349,578. The site is still in beta, and this page explains changes that have already been made.
At first site, there appears to be no check on IP addresses that send a message to the signed=1 page bypassing a citizen's details.
But a representative came back with the following comments: "Fetching the ?signed=1 URL that you give there doesn't actually add a signature to the site (it can't, because the user hasn't supplied enough details to add a signature). The reason you saw the number of signers increase when you fetched the page was simply that there are people signing that petition all the time! You will have noticed that the list of the most recent signers on the petition had changed between your two requests for the page."
However, he added: "There is a flaw here (which is that a URL of the type you describe can be distributed and might mislead people into believing they'd signed when they hadn't) but it certainly doesn't allow you to increase the signer count without giving your personal details. Fixing the bug I describe has been on the to-do list for a while but I guess we'll have to get on with it immediately now you've written it up".
Reproduced from an article published by The Inquirer
© The Inquirer
The original article can be viewed here:
http://www.theinquirer.net/default.aspx?article=36946
Permalink Bookmark Digg this story
