Comments on: Facebook login

By: Really Can't Say

Really Can't Say — Wed, 03 Mar 2010 20:01:49 +0000

Five years ago, I was helping to run a large, but niche and scholarly, website which had multiple contributors. When someone sent in an article, I directed them to a page to create a “writer’s profile” to accompany their entry. I never thought about putting the page into my robots.txt

So Google or someone found it (I could never repeat the search pattern myself: the page sometimes came up on page 40 of a Google search, but mostly I couldn’t find it at all). I started to get 20 bizarre, unrelated profiles submitted a day, generally from people with a very, very tenuous grasp on the English language, let alone teh interwebs.

At first I amused myself by replying to these people and pointing out that the form they’d filled in had asked for some quite personal information, which they, as a random passer-by, had provided, and asking them to not do so in future as this was dangerous. The replies were all either abusive or, more often, telling me that they’d be calling the police, the internet police (?), AOL, Yahoo and others at random for knowing their email address.

And this is where it gets dark: and I’m not proud of this. I modified the form to include a request to give your email and your email account password. Above and below, in large, bold type, I put “DO _NOT_ PUT YOUR PASSWORD IN THIS BOX”. The number of profiles dropped from 20 a day to… 15. And those 15 all put their email address and their password in.

And I went in and read their email. For a coupe of them who didn’t deserve to have email, judging by the content of their inboxes, I scrambled their passwords.

A few days later, I modified the form again, this time asking for credit card numbers, and again adding the “DO _NOT_ FILL THIS IN” bit. At that point, the other people who worked on the site discovered what I was doing, and abolished the writer’s profiles entirely. A good thing. But I could’ve been very rich. (Although it’d've been a step too far for me, actually stealing…)

This is how phishing works: it doesn’t require any degree of cleverness or sophistication or talent. It just requires a form for people to put their information into. If you build it, they will come.

By: James

James — Wed, 24 Feb 2010 13:00:35 +0000

I think you’re right – people just aren’t aware there is a way of browsing the web other than Google.

My brother was the same – never typing websites into the address bar – until I introduced him to the joys of Firefox and its excellent ‘autocomplete’ feature.

To me, these people have got what they deserve for their laziness!

By: Robert

Robert — Sat, 13 Feb 2010 17:22:11 +0000

Whatever the reason, it shows that a significant number of people have a worrying lack of understanding of the web.

Do these people ring directory enquiries every time they need to call their friends?

By: Seb

Seb — Fri, 12 Feb 2010 15:12:58 +0000

You know who I blame for this line of thinking? AOL. They used to have a system whereby their own weird version of the internet worked via a system of keywords – you’d type in a word and instantly be taken to the page that they’d decided to associate with it. I remember having a nightmare trying to explain to my uncle, for whom I was building a site, that the internet as a whole didn’t work like that – he wanted it so that certain keywords, no matter what search engine you were using, were irrevocably associated with his site. He’d somehow got it into his head that these magic “keywords” were the only way people would find him. And all because AOL, which he was using at the time, did things so differently.

Now, I reckon a lot of the people who find themselves thinking that typing a phrase into Google will automatically bring you exactly the place you’re looking for first experienced the internet via AOL. And now, the Google Search has essentially become a replacement for AOL keywords…