Survey or phishing?


log in

Advanced search

Message boards : SETI@home Science : Survey or phishing?

Author Message
Jörg
Send message
Joined: 10 Dec 02
Posts: 51
Credit: 1,547,286
RAC: 0
Germany
Message 979146 - Posted: 15 Mar 2010, 21:43:00 UTC
Last modified: 15 Mar 2010, 21:47:24 UTC

Good evening,

I got an invitation to participate in a survey regarding BOINC.

I could not find a message in this forum about it and I was surprised to find a request to edit my account details before participating in the survey.

Is this an official survey or is someone trying to get my account details?

<<<<<<<<<<<<<<<
Dear SETI@home participant:

We're conducting a survey of SETI@home users to better understand why people participate in volunteer computing and contribute computer resources.
We'd be extremely grateful if you could help us by filling out a questionnaire.
If you're not interested, ignore this email.

The survey is at http://boinc.berkeley.edu/survey/ It should take no more than 10-15 minutes.
Your responses will be used for research purposes and to improve BOINC.
We'll be happy to share our findings with you, and they'll be made available once we complete the data collection and analysis.

With many thanks -

Dr. David P. Anderson
Director, SETI@home and BOINC
University of California, Berkeley
email: davea at ssl.berkeley.edu

Prof. Oded Nov
Polytechnic Institute of New York University
email: onov at poly.edu
----------------------------
To opt out of emails from SETI@home, visit:
http://setiathome.berkeley.edu
>>>>>>>>>>>>>>>>>>>>>>
____________
Am Ende ist nur Verwirrung

OzzFan
Volunteer tester
Avatar
Send message
Joined: 9 Apr 02
Posts: 13664
Credit: 31,500,985
RAC: 7,981
United States
Message 979204 - Posted: 15 Mar 2010, 23:41:10 UTC - in response to Message 979146.

The survey site is located right off the Berkeley.edu domain, and is in fact a real survey. The username and password are required to ensure the person taking the survey is in fact an actual BOINC user.

http://boinc.berkeley.edu/survey
____________

Norwich Gadfly
Avatar
Send message
Joined: 29 Dec 08
Posts: 100
Credit: 488,414
RAC: 0
United Kingdom
Message 979882 - Posted: 17 Mar 2010, 10:31:44 UTC - in response to Message 979204.

I did not complete the survey because the questions were multiple choice which did not include my answer. For example "which is your main project ?" - I could not give my answer which is that I run 3 projects and give the same time to each.

I also got a bit fed up with being badgered to give tax-deductible donations to SET@Home. As I live in the UK, only donations to charities registered in the UK attract tax relief.
____________

Profile ML1
Volunteer tester
Send message
Joined: 25 Nov 01
Posts: 8574
Credit: 4,234,167
RAC: 808
United Kingdom
Message 979930 - Posted: 17 Mar 2010, 13:08:16 UTC - in response to Message 979204.
Last modified: 17 Mar 2010, 13:11:07 UTC

The survey site is located right off the Berkeley.edu domain, and is in fact a real survey. The username and password are required to ensure the person taking the survey is in fact an actual BOINC user.

http://boinc.berkeley.edu/survey

That still very suspiciously looks like "phishing". It also lowers people's guard to expect to give away their user name and password to a 3rd party site.

Note: "boinc.berkeley.edu/survey" is NOT the home site for the account details being asked for! Is that not called "phishing"?


Regardless, that is very bad practice, and sets a very bad example.

Also, those login details are not encrypted. There is no https connection.


If the goal is to verify that the person filling in the survey is the boinc participant, then do that by sending a verify email to their email address and OK the results if they reply from that.

Regards,
Martin
____________
See new freedom: Mageia4
Linux Voice See & try out your OS Freedom!
The Future is what We make IT (GPLv3)

OzzFan
Volunteer tester
Avatar
Send message
Joined: 9 Apr 02
Posts: 13664
Credit: 31,500,985
RAC: 7,981
United States
Message 979949 - Posted: 17 Mar 2010, 13:50:17 UTC - in response to Message 979930.

The survey site is located right off the Berkeley.edu domain, and is in fact a real survey. The username and password are required to ensure the person taking the survey is in fact an actual BOINC user.

http://boinc.berkeley.edu/survey

That still very suspiciously looks like "phishing". It also lowers people's guard to expect to give away their user name and password to a 3rd party site.

Note: "boinc.berkeley.edu/survey" is NOT the home site for the account details being asked for! Is that not called "phishing"?


Regardless, that is very bad practice, and sets a very bad example.

Also, those login details are not encrypted. There is no https connection.


If the goal is to verify that the person filling in the survey is the boinc participant, then do that by sending a verify email to their email address and OK the results if they reply from that.

Regards,
Martin


I never answered whether it looks like phishing or not, I only said that this particular URL was not a phishing site. I made no comments whether the site practiced good form.
____________

Profile ML1
Volunteer tester
Send message
Joined: 25 Nov 01
Posts: 8574
Credit: 4,234,167
RAC: 808
United Kingdom
Message 980605 - Posted: 18 Mar 2010, 19:28:46 UTC - in response to Message 979949.

I never answered whether it looks like phishing or not, I only said that this particular URL was not a phishing site. I made no comments whether the site practiced good form.

Has this been raised with the Boinc devs?

I strongly feel that the Boinc devs should be setting and showing a good example.

Hosting a page that looks like phishing and that is in effect phishing is very sloppy.

There are better ways.

Regards,
Martin


____________
See new freedom: Mageia4
Linux Voice See & try out your OS Freedom!
The Future is what We make IT (GPLv3)

Profile David Anderson
Volunteer moderator
Project administrator
Project developer
Avatar
Send message
Joined: 13 Feb 99
Posts: 42
Credit: 381,119
RAC: 0
Message 980651 - Posted: 18 Mar 2010, 22:17:44 UTC

I agree that asking for the password is not optimal. However, it's needed for getting certain info that is not public (such as # of hosts) and that we need to complement the survey.

-- David

Profile kinhull
Volunteer tester
Avatar
Send message
Joined: 3 Oct 03
Posts: 1029
Credit: 636,475
RAC: 0
United Kingdom
Message 980893 - Posted: 19 Mar 2010, 14:07:10 UTC - in response to Message 980651.

.... we need to complement the survey.

-- David


I don't understand what this means?

____________
Join TeamACC

Sometimes I think we are alone in the universe, and sometimes I think we are not. In either case the idea is quite staggering.

OzzFan
Volunteer tester
Avatar
Send message
Joined: 9 Apr 02
Posts: 13664
Credit: 31,500,985
RAC: 7,981
United States
Message 982208 - Posted: 21 Mar 2010, 18:27:38 UTC - in response to Message 980893.

.... we need to complement the survey.

-- David


I don't understand what this means?


I'm guessing they want to group the responses by how serious the cruncher is. E.g. someone with more computers will be more "serious" than someone with just one machine crunching.
____________

Message boards : SETI@home Science : Survey or phishing?

Copyright © 2014 University of California