Artists explore trust by asking users for passwords, then publishing them

Artists explore trust by asking users for passwords, then publishing them

Summary: A group of graphic design students were curious, if they simply asked people to hand over their passwords would they do it. And "Trust Me, It's Art" was born.

TOPICS: Privacy, Security

Trust is a scary concept when you’re giving up your password to a trio of strangers. Who just happen to be in Slovenia, and have already admitted they will publish your secret on their public Web site, “Trust Me, It’s Art.”

Online since June, the site has collected 2,000 entries that may or may not be the true passwords of those who chose to test the bounds of trust and give up perhaps their most private data.

“It’s about trust in two ways,” says Nejc Prah, who created the site along with fellow graphic design students Jure Martinec and Klemen Ilovar. “Does the visitor trust the project and give his password to some random strangers, and on the other hand, can we trust the visitor that his entry is really a password and not just a random mixture of letters and numbers?”

Given the recent rash of hacks and the resulting consequences, passwords lately have become the poster child for poor security.

“We were interested in passwords,” said Prah. “It is a fact that our web identities have become as important as our physical one. All of these web based identities and accounts are protected with passwords. That is why a password is our most private and intimate possession on the Internet.”

The Trust Me, It’s Art web site seeks that intimacy with a simple black and white site that contains some text and a field to enter your password next to a submit button.

Submitted passwords are instantly posted to a gallery of passwords, some obscene, some laughable, but none verified.

The trio says they were motivated by pure curiosity. They just wanted to see if people would willingly give up their passwords if simply asked to do so.

It’s a theory that has been tested before, but not in a climate that has seen the sort of major password hacks that have hit in the past six months on LinkedIn, Yahoo, and other sites.

In 2004, British researchers found that 70% of commuters at a train station would gladly exchange their password for a chocolate bar.

Responses and feedback have met the group’s expectations and they do not plan to take down their site any time soon. In fact, they have yet to decide if it will ever come down.

Prah said the trio has received some negative responses such as ‘why would you do this “ and “hackers will use these.”

The group is fine with the fact hackers might leverage the list of passwords, but they won't support hackers that exploit the project even though they say such as act would validate that the Internet can be an unsafe place.

As far as Trust Me, It’s Art, the site is not tracking or logging any personal data beyond the password. On the other hand, they are not accepting any responsibility for problems that may occur for those giving up their passwords.

Juxtaposed to the Trust Me, It’s Art site, also this week in Slovinia a hacker alleged to have created the Mariposa botnet that infected up to 12.7 million PCs, including 40 major banks, went on trial.

Topics: Privacy, Security


John Fontana is a journalist focusing on authentication, identity, privacy and security issues. Currently, he is the Identity Evangelist for strong authentication vendor Yubico, where he also blogs about industry issues and standards work, including the FIDO Alliance.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Absurd

    To call this "Art," is absurd.

    These days, just about anything could be called art. I could go into MoMA, take a crap in the corner, while on a paper plate; and folks would probably think it's a feature there.
    • Mo Ma Poo Poo?

      And—as long as you dropped it in front of some religious or right-leaning artifact—you'd soon get a grant to proliferate your poop and propound your art to public schools and pre-pubescents.
  • Anyone who fills out that form...

    ... is an idiot
    • Not really
    • let me fix that for you

      "anyone who fills out that form with their real password and also supplies their user ID, without which the password is useless, is an idiot"
  • Very interesting statistic

    83% of those who filled out that form were doing so from either OS X or iOS.
    • Nonsense

      More than 83% who filled out that form were probably telling the truth.

      And it doesn't matter how many uses OS X or iOS...
    • Oops, was a response to x21x

      Silly ZDNet forums.

      "Anyone who fills out that form...
      ... is an idiot"

      83% of those who filled out that form were doing so from either OS X or iOS.
  • I can do better than that

    Send me your bank account routing number. Or your cash. Hey, it's Art because I said so.
  • bullshit not art

    It looks like in Slovenia every kind of bullshit can be called art.
  • explore or exploit?

    Just curious