Money for nothing but the choc’s for free

// 16 April 2008

This year’s Information Security Awareness week starts on 21st April and to highlight its approach, the organisers of a corresponding IT industry trade show, Infosecurity Europe, have carried out their annual survey and once again found that a lot of people really couldn’t care less about their computer passwords – or, as The Inquirer helpfully puts it, "Women give out passwords for chocolate – Just imagine what they’ll do for jewellery"…


Office workers outside Liverpool Street Station in London were "asked to give strangers, posing as market researchers, their email password, in return for a chocolate bar". And apparently 45% of the women quizzed were happy to oblige, as opposed to 10% of men.

Once you get past the cliched headlines, and the fact that this seems to have been more of a straw poll than any particular piece of scientific research, there is actually a serious underlying point – although it applies regardless of gender – which is that giving away personal information to strangers who look respectable, regardless of what it’s in exchange for, leaves one exposed to the risk of identity theft.

But I’ll tell you this for nothing: I’d want a huge bar of really good quality chocolate for my password. About the size of the Isle of Wight, I reckon…

Comments From You

Mary // Posted 16 April 2008 at 5:11 pm

But surely any clear thinking person would just give a false password and nab the chocolate! Not a very conclusive bit of research…

Jess // Posted 16 April 2008 at 6:07 pm

So. annoying! Why do people even do this ‘research’?!

Anne Onne // Posted 16 April 2008 at 7:36 pm

Heh. People DO find it harder to say no to anybody with an air of authority, but giving out passwords to random researchers? I can’t quite believe it.

I’m trying to work out whether I’d be dishonest enough to five a fake password to nab free chocolate. Nah, I’m not that into freebies given away on the street (too paranoid, I guess), and I would be VERY suspicious of anybody asking for passwords.

Besides, since it doesn’t look like they checked if the passwords are genuine, can they really draw ANY conclusions from this?

Yeah, educating people about internet safety is very important, but this research is pretty useless.

Helen G // Posted 16 April 2008 at 7:45 pm

I agree that the methodology leaves much to be desired, but the point is valid. People generally are far too relaxed about giving out this kind of information.

The web came into being as a way of sharing information, and implementing and maintaining data security is hard enough for any organisation without users handing out passwords to random strangers on the street.

I wonder how many of those interviewed would have told the interviewer the PIN of their credit/debit cards…


Cruella // Posted 16 April 2008 at 8:02 pm

Did anyone bother to check whether the women gave their ACTUAL passwords. I know would instantly go “Oh sure, it’s Tuesday24 thanks very much” and head along eating choccie. I suspect very few gave their actual password.

painless // Posted 16 April 2008 at 9:33 pm

question: if the people who gave their password didn’t also give out their email address – or information that could lead the questioner to their email address – (which might be quite hard if it’s not then maybe the people who shared were thinking, well, what will they do with it?

betsy // Posted 16 April 2008 at 9:46 pm

I probably would be dishonest enough to make up a password to get chocolate, especially since (in such a situation) my mind immediately thinks “they’re trying to steal my emails, and my paypal, and my ebay, and get onto my FACEBOOK”.

Somehow the facebook thing is the most worrying…

Helen G // Posted 16 April 2008 at 9:50 pm

The Register adds that “[the] researchers also asked for workers’ names and telephone numbers, ostensibly so they could be entered into a draw to go to Paris”. Dates of birth were also requested.

In my view, it is not so much a question of the researchers scurrying off to the nearest Starbucks, laptops and password lists in hand, to try and hack somebody’s Gmail account; it is about pointing out how much personal information people will give away without thinking – information which could be potentially very useful indeed to anyone planning ID fraud.

Bearing in mind the amount of data lost by various government departments on laptops and CDs, etc – and the amount of personal information posted on social networking sites like FaceBook, one might have hoped that people would be a little more circumspect – but maybe it was just really nice chocolate on offer…

Helen G // Posted 16 April 2008 at 9:55 pm

So you wouldn’t trust them with your password – but you would trust them not to have tampered with the chocolate?

Yeah, I know, I’m completely paranoid…

Lindsey // Posted 17 April 2008 at 8:59 am

I would totally fake it for freebies!

Which sounds awful out of context. But many years of freshers fairs with clubs asking for email addresses in exchange for goody bags and me going ‘yes and I’ll just add my five friends too’ and making up a load seems to have trained me into this habit.

Catherine Redfern // Posted 17 April 2008 at 12:10 pm

Just had to say that this post has the greatest title ever.

Samara Ginsberg // Posted 17 April 2008 at 2:08 pm

A few years ago a marketing guy with a clipboard offered me a free packet of Maltesers in return for my mobile number. I gave him a fake number and bagged the chocolate. It was particularly delicious for having been obtained by devious means.

Cara // Posted 17 April 2008 at 5:52 pm

I would definitely have made up the password. And any other details – name, phone number, date of birth – any or all of those could be made up.

I got one of those coupons in a magazine for a discount on shoes…filled it in with fake e-mail address as I didn’t want constant spam…no problem, 20% off shoes. Yay. (Not that I am obsessed with shoes or anything).

Cruella // Posted 17 April 2008 at 5:57 pm

I have been advised when the marketers come round your local pub/club handing out free cigarettes – in return for a signature confirming you are a smoker aged over 18 – don’t sign these with your real name.

I heard from suitably paranoid sources that often people who don’t smoke sign up thinking they’ll get free ciggies and give them to their smoker friends, but that then the lists are sold on to health insurance companies who increase your premiums because they think you smoke…?!

Maybe just paranoia. But I’m paranoid enough to put a false name and signature.

Feminist Avatar // Posted 19 April 2008 at 7:12 pm

Having spent the last eight years on a uni campus where giveaways for email addresses are de rigeur, I quite happily create my ‘personal details’ for each promo.

Have Your say

Comments are closed on this post

Further Reading

Has The F-Word whet your appetite? Check out our Resources section, for listings of feminist blogs, campaigns, feminist networks in the UK, mailing lists, international and national websites and charities of interest.

Write for us!

Got something to say? Something to review? News to discuss? Well we want to hear from you! Click here for more info

  • The F-Word on Twitter
  • The F-Word on Facebook
  • Our XML Feeds