Trust is a scary concept when you’re giving up your password to a trio of strangers. Who just happen to be in Slovenia, and have already admitted they will publish your secret on their public Web site, “Trust Me, It’s Art.”
Online since June, the site has collected 2,000 entries that may or may not be the true passwords of those who chose to test the bounds of trust and give up perhaps their most private data.
“It’s about trust in two ways,” says Nejc Prah, who created the site along with fellow graphic design students Jure Martinec and Klemen Ilovar. “Does the visitor trust the project and give his password to some random strangers, and on the other hand, can we trust the visitor that his entry is really a password and not just a random mixture of letters and numbers?”
Given the recent rash of hacks and the resulting consequences, passwords lately have become the poster child for poor security.
“We were interested in passwords,” said Prah. “It is a fact that our web identities have become as important as our physical one. All of these web based identities and accounts are protected with passwords. That is why a password is our most private and intimate possession on the Internet.”
The Trust Me, It’s Art web site seeks that intimacy with a simple black and white site that contains some text and a field to enter your password next to a submit button.
Submitted passwords are instantly posted to a gallery of passwords, some obscene, some laughable, but none verified.
The trio says they were motivated by pure curiosity. They just wanted to see if people would willingly give up their passwords if simply asked to do so.
It’s a theory that has been tested before, but not in a climate that has seen the sort of major password hacks that have hit in the past six months on LinkedIn, , and other sites.
In 2004, British researchers found that 70% of commuters at a train station would gladly exchange their password for a chocolate bar.
Responses and feedback have met the group’s expectations and they do not plan to take down their site any time soon. In fact, they have yet to decide if it will ever come down.
Prah said the trio has received some negative responses such as ‘why would you do this “ and “hackers will use these.”
The group is fine with the fact hackers might leverage the list of passwords, but they won't support hackers that exploit the project even though they say such as act would validate that the Internet can be an unsafe place.
As far as Trust Me, It’s Art, the site is not tracking or logging any personal data beyond the password. On the other hand, they are not accepting any responsibility for problems that may occur for those giving up their passwords.
Juxtaposed to the Trust Me, It’s Art site, also this week in Slovinia a hacker alleged to have created the Mariposa botnet that infected up to 12.7 million PCs, including 40 major banks, went on trial.