Unless you live on a desert island with a volleyball named Wilson, you’ve probably seen more than a few political petitions in the wake of the 2016 election. The issues are as various as the people circulating them, which is why I began to wonder: Are they safe?
The answer: Yes and no.
It doesn’t matter the cause, or whether or not you agree with it, your level of exposure is the same.
If you stop reading here, at least do this: Check out any website that offers a petition and before adding your name to the list, take the time to do some research. Make sure it’s not on the receiving end of complaints about scams, email spam or shoddy data security.
Finally, no legitimate petition site will ever ask you for your Social Security number, a bank account number or credit card number simply to sign their petition. If they do, log off. It’s likely a scam site.
If you think petitions are only launched for liberal causes, think again. Stand United is a petition site for conservative causes. It is one of many such sites where, for instance, you can find citizens demanding FBI Director James Comey release the 650,000 emails found on Anthony Weiner’s laptop.
Whether you are looking at Susan Sarandon’s petition on Care2, which includes a call to “[withdraw] your money until [your bank agrees] to: 1. Divest from Energy Transfer Partners, the parent company of the Dakota Access Pipeline, etc;” the conservative call to Congress to require the Veterans Affairs Mental Health Crisis Hotline to answer all calls; or you’re thinking about joining the more than 4 million people who have signed the Change.org petition for the Electoral College to name Hillary Clinton president on December 19, there are some basic security considerations associated with signing a public petition.
First of all, content is not necessarily an indicator of threat level. Some of the most outlandish petitions are real, and some pretty normal-seeming ones are fake. There are blogs that focus on the issue of fake petitions and provide a list of sites associated with them as well as sites which are considered safe.
Bear in mind these lists are only as good as the blogger who compiled them, so do your homework and click through a few sites before making a decision about signing any petition that comes your way — regardless of whether the issue is Right, Left or Center.
What Could Possibly Go Wrong?
The biggest issue you face, and this stands true for all stripes of petition, legitimate or fake, is email harvesting and spam.
While most petition sites go to great lengths to keep your email from getting abused, it pays to check their privacy policies regarding the use of your email address by third parties. Many of these sites allow third parties to use your email address (for a fee — your email is valuable in their possession), but most sites stipulate that those third parties are unable to sell your email address to yet another party.
There are systems used by petition sites to keep that from happening, but read up on your site of choice to see if there have been any complaints about spam. At the end of the day, it’s a quality-of-life issue.
You Can Get Scammed
Spam isn’t only a nuisance. It can lead to identity theft through phishing. Phishing scams sink or swim on your clicking agility. Speed is the name of the game. The faster a scammer can get you to click, the better. If they know what interests you, they have an advantage.
Remember, scams are essentially confidence games. Since you are their day job, the fraudster’s goal is to make you feel comfortable about the mistake they need you to make in order to cash in or take control of your device.
There are two issues here. Petition sites are only anonymous if you uncheck the box that allows them to display your name, and your comment, if you left one. This means that a scammer can know what moves you, and write to you. The better the bait, the better the phishing.
I cannot stress enough that it doesn’t matter if your email address is not visible to the public. It’s available for a penny or two. (You heard that correctly.) Chances are quite good that your email has been in one of the billion (you heard that correctly too) leaked files currently for sale on the dark web.
Without naming names, more than one major petition site has suffered a security compromise, so it is not impossible that your personal information — what causes you support, your home address, email address, birthday (i.e., more than enough data points to scam you) — can be used as well.
When doing anything online, never forget that less is more. The first and last thing you need to do to protect your identity from fraud is share only what you must. As I outline in my book Swiped, the strategies for keeping yourself safe are simple if you are consistent about deploying them. The cardinal rule is to be stingy about who you tell what, because you never know when they are going to get breached.
If you suspect you’ve been the victim of a scam, be sure to check your credit for the warning signs: mysterious accounts being opened in your name, a sudden dip in your score and strange addresses.
You Can Do More
Some say signatures are the laziest form of activism. A letter to a lawmaker, interested party or company can be more powerful, and a phone call is even better. So if you care enough about an issue to sign a petition (making sure it’s a legitimate one on a legitimate web site), you can also take the time to send an email, write a letter or make a phone call — but beware that when those viral social media messages go out to make calls to lawmakers or companies, chances are good the voicemail box will be full.