Friday 17 November 2006

Government exposing petition creators personal details

Interesting article just popped up on The Register :

http://www.theregister.co.uk/2006/11/17/downing_street_e-petitions/

That links to the new beta Government e-petition site @

http://petitions.pm.gov.uk/

Look at the source of one of the forms (such as http://petitions.pm.gov.uk/Help-Sally-B/) and you can find a Base64 encoded string in one of the hidden form fields (called "ser"). Decode the string using one of the many online tools (such as this one) and you can find out the name, postal address, email address and telephone number of the person who set the petition up!

*sigh*

Update

Just had the following email from mysociety.org:

Thanks very much for bringing this to our attention; I've hopefully now fixed this so the ser field only contains the public parts of the petition.
Thanks again.

Nice to see someones on the ball!

Posted by Daniel Gray at 16:11

Labels:

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)