I don't rant too often, but today something happen that made me both a little pissed of and disappointed.TL;DR; +Change.org petitions are basically opt-out rather than opt-in in case someone decides to sign a petition with your email.
I just got an email that I had gotten a Russian name all of a sudden... Someone had signed a change.org
petition using my email and with a Russian name and it seems it was counted as a completely legit "vote" without me having to confirm anything?
So I reset the password, login, change the language to English and unsigned some random Russian petition, then I think hey this is not my account, let's delete it. Then the delete page says if I delete it this email can never be used to signup again? Not knowing if I ever might want to sign something important they half force me to just keep this random account that now is mine... I guess in a way that might be their way of "protecting me" from this happening again, or protecting me from their badly designed system, by forcing me to prevent someone else from signing up again using my email instead of them just doing it right from the beginning... That just wrong... They should not have accepted that an account and vote was done using my email in the first place without me verifying it?+Linus Torvalds
wrote a similar post about this in 2014:https://plus.google.com/+LinusTorvalds/posts/DPY7H4a9Ma5
It's 2016 now... I don't know if they do this to get more users, some "growth hacker" has probably concluded that not having an email verification step raises their signup/signing by X percentage, but yeah... While that's true it's also true that you can signup using other peoples emails and frankly as Linus stated it is a dickish way
to handle things and I think it lowers the credibility of their site as a whole.
Why? Well first off it's irritating and confusing when it happens to you, second most people just ignore emails like the ones I got. Add to that the fact that I had to use Google to figure out how to unsign the damn thing even after I had resetted the password and logged in. Most people would not have bothered enough and I'm sure there is a fair share of people on that petition right now that don't even know that "they" have signed it... They don't know that they have a fake Russian name either..
So... I guess that means anyone can just write a bot if they want their petition to get lots of names... You probably need to make it a little smart to avoid the obvious filters, but if you spread out the request ip's, don't signup too fast, add in some random delays and so on and so forth you could probably create if not thousands at least a couple of hundreds "votes" without getting detected...
Fix your broken system +Change.org
, you just piss people off and lower the credibility of your own site...