“Revoke Article 50 and remain in the EU” Petition
You’ve probably read about it; there’s a petition calling for the revocation of Article 50 of the Lisbon Treaty.
At the time of writing it has around 5.5 million signatures.
Of course, there are shouts all over Facebook, Twitter, Reddit etc… of “Russian Bots”, “Spoofed emails” etc..
Some are even posting news articles about the 2016 petition where bots were used in a co-ordinated attack by 4chan users. The site has since implemented a number of security measures, not least, the two-tier signature registration method.
Then there’s others that claim “Most of the signatures are from abroad” etc…
So, let’s explore that, shall we?
Of the 5,480,513 signatures, 223013 are from outside of the UK. That’s 4.3%. So, MOST of the signatures are not from abroad. They’re quite entitled to be in any case. British people move about. We move about freely within the 28 EU countries and currently our passport is one of the most powerful in the world, allowing us access to pretty much any country on Earth. There are 200,000 Brits living in France for example.
If you look at the graph, you can see flatlines in steady intervals. Ignoring the large one just after the 2 million mark (caused by the site crashing under the sheer weight of visits), you can see that these are largely after midnight. I’d offer that’s because the majority of UK citizens sleep around that time. Sure, you could program your bot to “sleep” or slowdown around that time, so we’ll just skip over that.
Each signature requires a UK address, and an email address to send the verification email to. The signature is not counted until the link in the email is clicked and then paired with the registration on the petition page.
You could program your bot to do this, assuming you had your own domain(s), and wrote a script to automate the creation of new email addresses, then have another program opening the email and either opening the link, or simply spoofing the browser headers and sending over http to simulate visiting the page. That’s how I’d do it.
Then, since the majority of emails are from providers like Apple, Microsoft and Google, there are filters there to stop spamming already. I know. In my first week at a new job, I had the task of writing a script to send emails to around 20,000 customers to inform them of a new trade show, with tickets attached. I cocked up. While testing, I used a Hotmail account instead of the company’s domain, and instead of looping around the customer database, I simply sent a “few” to my own Hotmail account…only I forgot to “move” to the next record in line, meaning that within minutes I had sent millions of emails from one Hotmail account to another. Only, I hadn’t. I was blocked by Microsoft very quickly. Like within a hundred or so emails being sent. It was 48 hours before I could use that Hotmail account again.
This is from the government’s website:
Since 90% of our emails are sent to large providers like Google, Apple and Microsoft that have their own anti-abuse measures, we are generally confident that these are valid accounts. This assurance allowed us to focus our search on emails coming from so called ‘disposable domains’, which are temporary email accounts that only exist for short periods before being discarded and can be created by scripts. We have a list of these domains but new ones are created constantly so it was just a matter of checking for these new domains.
Another warning sign is large numbers of signatures coming from the same IP address and this coupled with the domain checking allowed us to invalidate around 30,000 signatures that purportedly came from the Vatican.
So…could it be “bots”, yeah, maybe. With a lot of work and time. A lot of work and time that would be better spent elsewhere. If you have those kinds of skills, why would you waste your time hacking an online petition website for no gain?
If, as some have claimed, Putin himself is behind it, I’d ask him to make up his mind. Does he want Brexit, or doesn’t he?
He needs to decide soon; we don’t have long left.