So, time to own up then, it seems the cat is firmly out of the bag, apparently icey thinks the chances of success are better than I do ;)
The evil part in me could not help but wonder about how everybody seems to be so psyched about receiving a chrome notebook that they throw caution to the wind and enter anything and everything in to a form on some server somewhere allowing the google marketing department to significantly update their profiles with all that data they supply, and all that for the chance of getting a laptop.
This sort of action is a very common marketing tactic, but I was actually quite surprised to see how popular it was on HN. Also, the fact that google was happy to collect your information even when you can't receive the notebook was an interesting detail, and lots of people only realized that after filling out the form.
Then the other day a second thing happened, someone solved the contest that was embedded in the video that was used for the launch of the product.
The evil part of me again thought wow, what a large amount of work that was done here, I wonder how people would respond to a second contest, with a much larger number of notebooks to be won?
So, within a few minutes a plan was hatched, a simple idea to see how susceptible a security conscious community is to stuff like this. The domain is plainly in my name and just about all the tell tale signs of a phishing scam are present. Over the course of the last couple of days the text was polished to make it more clear what the intent is.
Since I'm the main 'driver' behind this little prank I take full responsibility for it and for the fall-out if any, the other co-conspirators would have never done this without me asking for it.
I hope you'll forgive me for having a devious side to me, but I intended for nothing but good to come out of this, and I hope that even if the project never got underway that you will take these words to heart, please be very careful with what you fill out in online forms, even if the page looks genuine and it is google that is giving you a chance to win some laptop you have to wonder if the collective value of the information given up does not exceed greatly the value of the goods they are shipping.
"I hope you'll forgive me for having a devious side to me, but I intended for nothing but good to come out of this ..."
People don't like being duped, even if it's for their own good. You're likely to get more "f--k you's" than "thank you's".
If you want to teach someone a lesson, you don't start out by telling them they are stupid.
To create some real, lasting value you could have created the app and then said something like, "Hey everybody! I made this fake marketing web app that will steal your information and show you how it's done step-by-step. If you want to see how web scams are done, follow this link: ..." Then make some fake Google accounts for people to use (instead of their own).
"... you have to wonder if the collective value of the information given up does not exceed greatly the value of the goods they are shipping."
+1 for that sentiment. If your info wasn't more valuable, they wouldn't be doing it.
If you want to teach someone a lesson, you don't start out by telling them they are stupid.
I think it depends on the person. Let's consider two scenarios.
1. "Never fill in your details on suspicious sites."
2. "You recently filled in your details on xyz.com. Now I know that your credit card number is 1234."
In response to (1) I would nod, but would it register deep enough? Not so sure. Now if someone actually shows me that he duped me into giving out sensitive details, I would be way more impressed and remember the lesson for longer.
I agree some HN users are overconfident, and education and even demonstration can be valuable. But, your experiment is quite literally a crime in many jurisdictions: obtaining identity information using false pretenses. You could be fined or jailed for such an educational 'prank'.
If i were to save the info in a useable form, then yes, but identifying information (names and email) was only saved as a hash, not as plaintext.
That of course makes it impossible to see if people enter fake information or not but I'd hate to give a bad guy the opportunity to hack the server and walk out with the info.
The evil part in me could not help but wonder about how everybody seems to be so psyched about receiving a chrome notebook that they throw caution to the wind and enter anything and everything in to a form on some server somewhere allowing the google marketing department to significantly update their profiles with all that data they supply, and all that for the chance of getting a laptop.
This sort of action is a very common marketing tactic, but I was actually quite surprised to see how popular it was on HN. Also, the fact that google was happy to collect your information even when you can't receive the notebook was an interesting detail, and lots of people only realized that after filling out the form.
Then the other day a second thing happened, someone solved the contest that was embedded in the video that was used for the launch of the product.
The evil part of me again thought wow, what a large amount of work that was done here, I wonder how people would respond to a second contest, with a much larger number of notebooks to be won?
So, within a few minutes a plan was hatched, a simple idea to see how susceptible a security conscious community is to stuff like this. The domain is plainly in my name and just about all the tell tale signs of a phishing scam are present. Over the course of the last couple of days the text was polished to make it more clear what the intent is.
The url of the site is http://www.freechromelaptop.com/ , the url of the payoff page is http://www.freechromelaptop.com/process.html
Since I'm the main 'driver' behind this little prank I take full responsibility for it and for the fall-out if any, the other co-conspirators would have never done this without me asking for it.
I hope you'll forgive me for having a devious side to me, but I intended for nothing but good to come out of this, and I hope that even if the project never got underway that you will take these words to heart, please be very careful with what you fill out in online forms, even if the page looks genuine and it is google that is giving you a chance to win some laptop you have to wonder if the collective value of the information given up does not exceed greatly the value of the goods they are shipping.