Artists explore trust by asking users for passwords, then publishing them

Summary:A group of graphic design students were curious, if they simply asked people to hand over their passwords would they do it. And "Trust Me, It's Art" was born.

Trust is a scary concept when you’re giving up your password to a trio of strangers. Who just happen to be in Slovenia, and have already admitted they will publish your secret on their public Web site, “Trust Me, It’s Art.”

Online since June, the site has collected 2,000 entries that may or may not be the true passwords of those who chose to test the bounds of trust and give up perhaps their most private data.

“It’s about trust in two ways,” says Nejc Prah, who created the site along with fellow graphic design students Jure Martinec and Klemen Ilovar. “Does the visitor trust the project and give his password to some random strangers, and on the other hand, can we trust the visitor that his entry is really a password and not just a random mixture of letters and numbers?”

Given the recent rash of hacks and the resulting consequences, passwords lately have become the poster child for poor security.

“We were interested in passwords,” said Prah. “It is a fact that our web identities have become as important as our physical one. All of these web based identities and accounts are protected with passwords. That is why a password is our most private and intimate possession on the Internet.”

The Trust Me, It’s Art web site seeks that intimacy with a simple black and white site that contains some text and a field to enter your password next to a submit button.

Submitted passwords are instantly posted to a gallery of passwords, some obscene, some laughable, but none verified.

The trio says they were motivated by pure curiosity. They just wanted to see if people would willingly give up their passwords if simply asked to do so.

It’s a theory that has been tested before, but not in a climate that has seen the sort of major password hacks that have hit in the past six months on LinkedIn, Yahoo , and other sites.

In 2004, British researchers found that 70% of commuters at a train station would gladly exchange their password for a chocolate bar.

Responses and feedback have met the group’s expectations and they do not plan to take down their site any time soon. In fact, they have yet to decide if it will ever come down.

Prah said the trio has received some negative responses such as ‘why would you do this “ and “hackers will use these.”

The group is fine with the fact hackers might leverage the list of passwords, but they won't support hackers that exploit the project even though they say such as act would validate that the Internet can be an unsafe place.

As far as Trust Me, It’s Art, the site is not tracking or logging any personal data beyond the password. On the other hand, they are not accepting any responsibility for problems that may occur for those giving up their passwords.

Juxtaposed to the Trust Me, It’s Art site, also this week in Slovinia a hacker alleged to have created the Mariposa botnet that infected up to 12.7 million PCs, including 40 major banks, went on trial.

Topics: Privacy, Security

About

John Fontana is a journalist focusing on access control, identity, privacy and security issues. Currently, he is the Identity Evangelist for strong authentication vendor Yubico, where he writes and edits a blog, as well as, directs several social media channels and represents Yubico at the FIDO Alliance. Prior to Yubico, John spent five y... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.