Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Privacy Security

Want Someone's Personal Data? Give Them a Free Donut (betanews.com) 114

Technology services provider Probrand has carried out a study at a cyber expo attended by UK security professionals, where attendees voluntarily shared sensitive data including their name, date of birth and favourite football team -- all to get their hands on a free donut. From a report: "We wanted to put this theory to the test and see just how willing people were to give up their data," says Mark Lomas, technical architect at Probrand. "We started by asking conversational questions such as 'How are you finding the day? Got any plans for after the event?' If someone happened to mention they were collecting their kids from school, we then asked what their names and ages were. One individual even showed a photograph of their children." As part of the task, Probrand also asked more direct questions such as, 'Which football team do you support?', 'What type of music are you into?' and 'What is your favourite band?' Whether asking questions transparently as part of a survey, or trying to adopt more hacker-type methods, they were alarmed to find how easy it was to obtain personal data -- which many people may be using as the basis of their passwords.
This discussion has been archived. No new comments can be posted.

Want Someone's Personal Data? Give Them a Free Donut

Comments Filter:
  • This has been done many times. Or just blast out friend requests on Facebook...
    • Comment removed based on user account deletion
    • Re:Old news (Score:5, Funny)

      by tsa ( 15680 ) on Friday June 07, 2019 @02:31PM (#58726864) Homepage

      Yes, or just post a "Where do you live?" question on FB.

      Here in the Netherlands we have many offline/online lotteries where you get a voucher with a rub-off part in a shop or with a bottle of peanut butter or whatever, you have to rub off the stuff on it, then type the code underneath into some website together with everything you know about yourself, and the you can click a button that sends all that data to the manufacturer and tells you that you didn't win anything.

      • by zifn4b ( 1040588 )

        Yes, or just post a "Where do you live?" question on FB.

        Anytime someone asks me where I live online, I typically answer with any of the following, all of which are true, depending on how snarky I'm feeling that day:

        - Earth
        - In a house
        - In a house on a street
        - In a house on a street on top of a tectonic plate floating on molten rock
        - On a big rock floating through the vast emptiness of space

        • by tsa ( 15680 )

          That reminds me of this joke:

          Some people are flying in a helicopter low over the city. It gets misty and they can't see the ground anymore and not much around them either. They see a skyscraper coming towards them, and when they reach it they hover next to it. The people in the skyscraper look at them, and one of the people in the helicopter scribbles "Where are we?" on a piece of paper and holds it up to the window. Great consternation in the skyscraper follows, until one of its inhabitants finally holds a

  • by Anonymous Coward on Friday June 07, 2019 @01:53PM (#58726618)

    I know a good deal when I see one. My fake data for a free donut? I support the Cityname Sportsball team. I have 2.5 kids and a spouse. Whatever fake data is needed to get that sweet, sweet donut.

    • Why give out fake data? The kind of stuff they asked is 100% benign. I'm completely perplexed that they thing which football team you support is a "personal" question. Normally you can tell that just be what shirt people are wearing.

  • Oh good grief (Score:5, Insightful)

    by 93 Escort Wagon ( 326346 ) on Friday June 07, 2019 @01:58PM (#58726648)

    ""We wanted to put this theory to the test and see just how willing people were to give up their data," says Mark Lomas, technical architect at Probrand. "We started by asking conversational questions such as 'How are you finding the day? Got any plans for after the event?' If someone happened to mention they were collecting their kids from school, we then asked what their names and ages were. One individual even showed a photograph of their children." As part of the task, Probrand also asked more direct questions such as, 'Which football team do you support?', 'What type of music are you into?' and 'What is your favourite band?'"

    Most of this just sounds like normal people engaging in friendly conversation - this is how most people have interacted for a long, long time.

    • Re:Oh good grief (Score:5, Insightful)

      by PopeRatzo ( 965947 ) on Friday June 07, 2019 @02:03PM (#58726690) Journal

      Most of this just sounds like normal people engaging in friendly conversation - this is how most people have interacted for a long, long time.

      The difference between data collection and friendly conversation is that we can count on most people forgetting our friendly conversation about five minutes after we're done. Data collection is weaponized against you.

      • I dunno, it just seems like a case where they're trying to game a situation to make an eye-catching headline out of it.

        If they wanted to really test it, see if people would tell them what websites they'd visited in the last 24 hours, their annual salary, and what they'd purchased. Although I'm sure there are at least a few people who would do that for a donut, too (people who volunteer such information in casual conversation have generally been referred to as "boorish").

      • by Anonymous Coward

        Data collection is weaponized against you.

        So? Fight back.

        Q: What street did you grow up on?
        A: Vypik708wb

        Q: What was the first album you bought?
        A: HycBs9JidN

        Q: What is your dream job?
        A: MaJ8rEprMY

        I don't care if it's the secret questions for your bank login or your just chatting with the cute person next to you in line. Works equally well in both contexts.

      • Sadly most of the information is publicly available for any given address.
      • The obvious answer, don't be nice to strangers.

      • Data collection is weaponized against you.

        The point remains unchanged. What a lot of people consider "private" many don't and are happy to share. What football team do people support? A had a funny the other day in the office. I walked into our room and one of my colleagues said "someone was looking for you". Well great not very helpful.
        "What's his name?"
        "Don't know."
        "What did he want?"
        "Didn't say"
        "Which department is he in?"
        "No idea ... oh but he was a BVB (opposition to the local team) supporter"

        I instantly knew exactly who they were talking abou

        • The point remains unchanged. What a lot of people consider "private" many don't and are happy to share.

          Of course you're right, but the difference is that there is now a lot of very powerful predators that only exist to turn all that stuff you're happy to share against you. Drove out to the roadhouse to drink some shots with the boys last night after the Raptors game? Your insurance company is interested. Etcetera.

          When we chat with our friends and colleagues, we benefit from the fact that they really don'

    • So true, this whole genre of "people told us X for some treat" is ridiculous. Since these were "security professionals" how many of them would use these items for identity verification? There is a whole world of difference between talking to someone at a vendor table at a conference and some stranger offering you a doughnut on the street. What is the advice in this report? Don't discuss your favorite sports team with fellow professionals?
      • So true, this whole genre of "people told us X for some treat" is ridiculous.

        I find myself curious. Did anyone bother to verify that the info they got for the donuts were true and correct? Or is this a case of "a bunch of people made up shit about themselves for a free donut"?

    • by ceoyoyo ( 59147 )

      The real conclusion that should be drawn from this experiment is that people who use passwords based on personal information that is casually given away are idiots.

  • "Sensitive" Data (Score:5, Insightful)

    by slinches ( 1540051 ) on Friday June 07, 2019 @02:01PM (#58726674)

    Wow, what an amazing finding. People were willing to give up such closely held personal info like their interests and taste in entertainment for a donut?

    If the people conducting the "study" had a halfway decent personality, I bet they wouldn't have even had to bribe people with a donut to talk to them.

  • I'm pretty sure a lot of people will happily supply completely fake information (throwaway email addresses are available for a few clicks) for a doughnut with those pink sprinkles on it.

    • I'm pretty sure a lot of people will happily supply completely fake information (throwaway email addresses are available for a few clicks) for a doughnut with those pink sprinkles on it.

      Exactly. I am sure my local chain grocery store didn't realize that Attila T. Hun was a customer and tried to reach him at 555 3454.

  • Ooh, I'd sell my soul for a dount!

  • Why not get at least something in return?
  • Favorite sports team. Kids names. Birth date. Why not ask what color shirt they are currently wearing?

    All of those questions can likely very easily be found on any number of public information and records available through any number of sources of you are interested in looking.

  • Simple question... (Score:5, Insightful)

    by divide overflow ( 599608 ) on Friday June 07, 2019 @02:11PM (#58726748)
    Did anyone confirm that the shared information wasn't just made up? If you believe people will give you personal information for a donut, dontcha think they'd also lie for that donut?
    • But what would you do for a Klondike bar?

      Would you kill someone?

      • But what would you do for a Klondike bar?

        Would you kill someone?

        OK, but I want the Klondike bar in advance this time... Fool me once, shame on you, fool me twice shame on me...

      • But what would you do for a Klondike bar?

        Would you kill someone?

        An Original Klondike, or a New Klondike?

    • by Tablizer ( 95088 )

      Did anyone confirm that the shared information wasn't just made up?

      Surveyor: "Mam, I'll give you a free donut if you tell me your favorite sports team."

      Mam: "The Bulls!"

      Surveyor: "Great, here's your donut."

      Mam: "Thanks! [takes a bite], by the way, I gave you a fake answer."

      Surveyor: "That's okay, I gave you a fake donut. Sawdust."

    • Why would they? Seriously why? A random conversational piece? This isn't you trying to make others feel bad at a highschool reunion, and contrary to popular Slashdot belief most people don't consider their name, date of birth, or football team private. Hell you go into a restaurant and people start singing happy birthday in public to anyone listening while the birthday person may even be wearing a football jersey.

      The *only* reason I don't give you my real name now for nothing at all (much less a donut) is I

  • What's the point of this? We already know people are dumb.
  • by QuietLagoon ( 813062 ) on Friday June 07, 2019 @02:19PM (#58726792)
    ... when you sit down for a haircut, you get bombarded with personal questions. Some of the ones I have been asked... how long have you lived in town? Do you have any siblings? Where do they live? Are they married? For how long? How many kids? What are the kids' ages? Where did you grow up? Where are your parents from? etc., etc., etc.

    .
    At first I just chalked it up to the regular innocent barber conversation starters, but the personal information is the only thing the barber ever wanted to talk about.

    • by PPH ( 736903 )

      but the personal information is the only thing the barber ever wanted to talk about.

      I suppose the weather or how the local football team is doing must get kind of old what with the same answers from all of his/her clients.

    • by guruevi ( 827432 )

      Your barber is an eeeeevil hacker

    • by DRJlaw ( 946416 )

      At first I just chalked it up to the regular innocent barber conversation starters, but the personal information is the only thing the barber ever wanted to talk about.

      Because people like to talk about themselves.

      Because, just as in dinner conversation etiquette, talking about politics, religion, or sex is good way to stir up trouble and ensure that your customer is not coming back.

      Because softball questions only require softball answers rather than background knowledge, substantial analysis, and crafted a

      • In my world I think I'm a sports fan, but then a lot of people don't know chess is a sport.

      • }}} Because people like to talk about themselves. {{{ --- I repeatedly asked to change to topic, even during the same sitting. But he always came back to the personal info. At times I thought he must have been writing a book or something....
    • You have to sit exceptionally still to hypnotize the barber into cutting quietly.

  • There is a HUGE difference between two humans socializing one-on-one in person, acting as... well... normal humans.

    Vs large corporations creating massive data warehouses that are then sold on the open market (or leaked via unsecured AWS accounts)

  • We started by asking conversational questions 'How are you finding the day? Got any plans for after the event?'

    This isn't conversational questions, this is small talk/breaking the ice.

    If someone happened to mention they were collecting their kids from school, we then asked what their names and ages were. One individual even showed a photograph of their children."

    Do these people not have kids? There is nothing odd about this. Damn near anyone who has kids are glad to talk about them. Unless they hate them, or are really paranoid. But I can't say I've ever met anyone who even paused to answer when asked about their kids. If the kids are young most parents will be happy to show you pictures of them. Unless the person asking looks and acts like some kind of skeevy pedophile.

    As part of the task, Probrand also asked more direct questions such as, 'Which football team do you support?', 'What type of music are you into?' and 'What is your favourite band?'

    I must be getting old.

  • Krispy Kreme is EVIL! You can't stop with one. I stay far, far away from Krispy Kreme.
  • by kiehlster ( 844523 ) on Friday June 07, 2019 @02:40PM (#58726912) Homepage
    I tend to pass on these personal info for free stuff trades. I'd really like to know why we still ask for exact date of birth rather than a relative date of birth. The only time you'd need exact date of birth for a general inquiry is if the person's age was within days of a age-restricting threshold. Can't we just enter our year of birth or year/month and consider that sufficient?
    • I'd really like to know why we still ask for exact date of birth rather than a relative date of birth.

      What?? You answer those questions honestly? I usually get to the closest 3 years, that'd good enough. Jan 1 was a REALLY busy day. Also 1890, or 1919, 1940, or however far back they go if they have absolutely no reason for asking.

      You can ask for ANYTHING; the only people who's getting my SSN or true birth date are government entities or banks (or someone who directly checks against either.) The only thing Western Sizzler can be sure of is that the date I gave is NOT my birthday.

  • ... and sharing some personal information is one of the ways the do it.

    What's changed in this country (hell, the world) is the, IMHO, craven attitude that personal information is now something to be used for making money. I'm not talking about someone SSN. That's not normally something that an individual voluntarily gives out, or--if they do--it's expected it'll be kept confidential. It's that knowing that I'm into a particular music genre, or a particular TV show--you name it, any personal preference--is

  • Take them to a bar and buy the drinks.

    Many many years ago I had a boss who told me whenever I went to dinner, lunch, or a bar with a client or partner to always pay for everything. About three months after that I took a couple people out from another company we were working with. After dinner and a couple of pitchers beer they were telling me about everything that was wrong with their current products, what was going to be released in the next couple of years etc. It was a very interesting learning exper

  • Can't find the corresponding slashdot article, but it was this very similar 2004 study done in a London tube station [bbc.co.uk] in which it was found that "More than 70% of people would reveal their computer password in exchange for a bar of chocolate"

  • gotta give me two free donuts if you want my personal info. If you want the truth, give me three :-)

  • This doesn't scale such that it shouldn't be extrapolated. One donut gets the surveyor one piece of semi-personal info.

    That's not likely to have side-effects. But if the same surveyor had 100 pieces of such info, then they could find really annoying ways to troll, spam, or trick you.

    The Network Effect also applies to information, not just people.

  • Camel held a promotion at a concert I attended and you just had to give up your name, address and DOB and you got 2 or 3 packs right on the spot. Of course they checked IDs so you couldn't lie. There probably were a few survey questions as well but this was nearly 30 years ago.

    This was fine with me because that was my brand anyway and I didn't mind the direct mail coupons I got for years afterwards.

    I was with a friend who had recently quit smoking and I tried to get him to sign up too and just give me the

  • When you're a hammer, everything looks like a nail.
    When you're a security expert, everything looks like an attack vector.

    Look, while it's true that this could be used as a springboard to steal someone's identity, these scare articles only really serve to spread unwarranted fear among the good people who we need to trust one another to keep society livable. MOST people are not thieves. MOST people do not have malicious intent. MOST of the time, ignorance is innocent.

    So ya, people will make nice conversation

  • We've known for years that you can obtain personal data by serving cookies. And now we know it works with donuts too.

  • How many Ivana Tinkles have they accumulated?

    But seriously, how did they ensure that the information they got was actually real? I have been playing RPGs for long enough that I can make up a fake persona on the spot, complete with hobbies, quirks, ex-wife and a few overdrawn credit cards.

  • Ur info's worth 1.75... buy traffic for a nickel. Earn $1 a minute 24/7... :P
  • The data is only sensitive because technology companies assume no one will know your birth date, or your favorite football team, but you. Why would they use this kind of data to "protect" your account? Everybody in my family, and half my co-workers, know this information. Do I trust all of them? No! Why would an online retailer think this data is a good way to protect my account?

    The people in this study weren't "dumb" to share this information. It's the companies that treat this information as if it were a

The 11 is for people with the pride of a 10 and the pocketbook of an 8. -- R.B. Greenberg [referring to PDPs?]

Working...