Monday, June 01, 2009

Email validation isn't difficult is it?

Last week, as reported elsewhere, a new site appeared called 38 Degrees appeared, which apparently has an intention to be a British version of Move On. The site hopes to be a progressive campaigning tool, and currently has a petition on having recall laws in the wake of the expenses row.

The problem is, whilst the petition may well be calling for something worthwhile, the number of signatures on it - however many it is up to now - are going to be pretty dubious as to their validity. This is because anyone appears to be able to sign anyone else up for the petition without any validation. I know this because last week I received the following email,
Thanks for signing the petition and helping us send a message to Parliament

Thank you for adding your voice to our call to party leaders to let voters choose whether to sack disgraced MPs. Together we can build the pressure to clean up politics.

You can tell your friends about the campaign here: Don’t worry – we won’t keep their e-mail addresses. We’ll just let them know about the campaign so they can decide whether or not to join us.

Thank you,
The 38 Degrees Team
Awfully nice that they don't intend to keep people's email addresses, but not so good that they have mine because think I signed their petition when I didn't.

You'd think they might have some sort of validation step in the petition. You know, like an email saying "you signed this petition, click the link below to confirm that it really was you". I mean, even Downing Street manages that, and Government IT is notoriously rubbish. They also want a postcode for some reason too.

If 38 Degrees is serious about mirroring the success of Move On then they need to start by not letting anyone sign anyone else up for their petitions without validation - otherwise their petitions can be too easily rigged.

And on that point, off you go and sign up all your friends to the petition just for fun!

8 comments:

Letters From A Tory said...

What is it with the Left and rubbish technology?! I posted this morning about Nick Clegg's appalling website, and then I read your post.

Scary Mary said...

postcode is so they can verify you are on the electoral roll and hence eligible I would guess.

Michael Heaver said...

Lets take down the politicians!!!!!!!!

(with two-bob technology.)

Morus said...

Postcode is useful for any number of reasons - voter segmentation, or targetted mail shots, or localised campaigning materials.

Lack of verification is silly if what you care about is being able to definitively prove your campaign has support. If this petition is (as most petitions are) a data harvesting exercise, then why worry whether the person who owns the account was the person who gave you the data?

Watching Them, Watching Us said...

Their Privacy Statement is also misleading.

"5. International data transfers

We do not and have no plans transfer data to countries outside the EEC and will change our privacy policy should this situation change. "
N.B. "EEC" not the European Union or the European Economic Area i.e. what are normally considered to be relatively "good" Data Protection law zones, at least compared with the USA, which is where, Blue State Digital, Google, PayPal etc. are based and which comprise the 38 Degrees web and email infrastructure.

They certainly are transferring your personal data to the USA i.e. outside of the "EEC", right from the start.

There are no SSL / TLS Digital Certificates to encrypt your personal details in transit, on the various web forms.

Blue State Digital also have "email tools" to try to track the people to whom campaigners have forwarded on their emails to, without prior, informed consent. This borders on email spam tactics, perhaps legal in the USA, but unethical and probably illegal in the UK (although unlikely to be prosecuted by the Information Commissioner).

See Spy Blog: 38 Degrees - will the data protection issues inhibit sign up ?

Chris Paul said...

Whereas the Number 10 website you're all so enthusiastic about can be signed using nay number of pseudonyms and any number of times? There is not even the basic ration of one vote per declared email address. And people are even gaming that to write clever messages over several lines of the Brown Must Go petition ...

dizzy said...

Errr I never said the Number 10 petition site was nay better. Stop talking bullshit, you;re worse than Tim Ireland for making shit up.

Anonymous said...

On the Chris Huhne website of prominent supporters for his election campaign, they didn't have any real vetting for the people who said they supported him. I managed to get one Edward Hitler of bottom fame put on the list.