Survey or phishing?

Message boards : SETI@home Science : Survey or phishing?

To post messages, you must log in.

AuthorMessage
Jörg

Send message
Joined: 10 Dec 02
Posts: 51
Credit: 1,547,286
RAC: 0
Germany
Message 979146 - Posted: 15 Mar 2010, 21:43:00 UTC
Last modified: 15 Mar 2010, 21:47:24 UTC

Good evening,

I got an invitation to participate in a survey regarding BOINC.

I could not find a message in this forum about it and I was surprised to find a request to edit my account details before participating in the survey.

Is this an official survey or is someone trying to get my account details?

<<<<<<<<<<<<<<<
Dear SETI@home participant:

We're conducting a survey of SETI@home users to better understand why people participate in volunteer computing and contribute computer resources.
We'd be extremely grateful if you could help us by filling out a questionnaire.
If you're not interested, ignore this email.

The survey is at http://boinc.berkeley.edu/survey/ It should take no more than 10-15 minutes.
Your responses will be used for research purposes and to improve BOINC.
We'll be happy to share our findings with you, and they'll be made available once we complete the data collection and analysis.

With many thanks -

Dr. David P. Anderson
Director, SETI@home and BOINC
University of California, Berkeley
email: davea at ssl.berkeley.edu

Prof. Oded Nov
Polytechnic Institute of New York University
email: onov at poly.edu
----------------------------
To opt out of emails from SETI@home, visit:
http://setiathome.berkeley.edu
>>>>>>>>>>>>>>>>>>>>>>


Am Ende ist nur Verwirrung

ID: 979146 · Report as offensive
OzzFan
Volunteer tester
Avatar

Send message
Joined: 9 Apr 02
Posts: 15112
Credit: 45,328,203
RAC: 43,401
United States
Message 979204 - Posted: 15 Mar 2010, 23:41:10 UTC - in response to Message 979146.

The survey site is located right off the Berkeley.edu domain, and is in fact a real survey. The username and password are required to ensure the person taking the survey is in fact an actual BOINC user.

http://boinc.berkeley.edu/survey


ID: 979204 · Report as offensive
Norwich Gadfly
Avatar

Send message
Joined: 29 Dec 08
Posts: 100
Credit: 488,414
RAC: 0
United Kingdom
Message 979882 - Posted: 17 Mar 2010, 10:31:44 UTC - in response to Message 979204.

I did not complete the survey because the questions were multiple choice which did not include my answer. For example "which is your main project ?" - I could not give my answer which is that I run 3 projects and give the same time to each.

I also got a bit fed up with being badgered to give tax-deductible donations to SET@Home. As I live in the UK, only donations to charities registered in the UK attract tax relief.


ID: 979882 · Report as offensive
Profile ML1
Volunteer tester

Send message
Joined: 25 Nov 01
Posts: 9201
Credit: 5,930,867
RAC: 1,905
United Kingdom
Message 979930 - Posted: 17 Mar 2010, 13:08:16 UTC - in response to Message 979204.
Last modified: 17 Mar 2010, 13:11:07 UTC

The survey site is located right off the Berkeley.edu domain, and is in fact a real survey. The username and password are required to ensure the person taking the survey is in fact an actual BOINC user.

http://boinc.berkeley.edu/survey

That still very suspiciously looks like "phishing". It also lowers people's guard to expect to give away their user name and password to a 3rd party site.

Note: "boinc.berkeley.edu/survey" is NOT the home site for the account details being asked for! Is that not called "phishing"?


Regardless, that is very bad practice, and sets a very bad example.

Also, those login details are not encrypted. There is no https connection.


If the goal is to verify that the person filling in the survey is the boinc participant, then do that by sending a verify email to their email address and OK the results if they reply from that.

Regards,
Martin
See new freedom: Mageia5
See & try out for yourself: Linux Voice
The Future is what We all make IT (GPLv3)

ID: 979930 · Report as offensive
OzzFan
Volunteer tester
Avatar

Send message
Joined: 9 Apr 02
Posts: 15112
Credit: 45,328,203
RAC: 43,401
United States
Message 979949 - Posted: 17 Mar 2010, 13:50:17 UTC - in response to Message 979930.

The survey site is located right off the Berkeley.edu domain, and is in fact a real survey. The username and password are required to ensure the person taking the survey is in fact an actual BOINC user.

http://boinc.berkeley.edu/survey

That still very suspiciously looks like "phishing". It also lowers people's guard to expect to give away their user name and password to a 3rd party site.

Note: "boinc.berkeley.edu/survey" is NOT the home site for the account details being asked for! Is that not called "phishing"?


Regardless, that is very bad practice, and sets a very bad example.

Also, those login details are not encrypted. There is no https connection.


If the goal is to verify that the person filling in the survey is the boinc participant, then do that by sending a verify email to their email address and OK the results if they reply from that.

Regards,
Martin


I never answered whether it looks like phishing or not, I only said that this particular URL was not a phishing site. I made no comments whether the site practiced good form.

ID: 979949 · Report as offensive
Profile ML1
Volunteer tester

Send message
Joined: 25 Nov 01
Posts: 9201
Credit: 5,930,867
RAC: 1,905
United Kingdom
Message 980605 - Posted: 18 Mar 2010, 19:28:46 UTC - in response to Message 979949.

I never answered whether it looks like phishing or not, I only said that this particular URL was not a phishing site. I made no comments whether the site practiced good form.

Has this been raised with the Boinc devs?

I strongly feel that the Boinc devs should be setting and showing a good example.

Hosting a page that looks like phishing and that is in effect phishing is very sloppy.

There are better ways.

Regards,
Martin


See new freedom: Mageia5
See & try out for yourself: Linux Voice
The Future is what We all make IT (GPLv3)

ID: 980605 · Report as offensive
Profile David Anderson
Volunteer moderator
Project administrator
Project developer
Avatar

Send message
Joined: 13 Feb 99
Posts: 61
Credit: 384,807
RAC: 0
Message 980651 - Posted: 18 Mar 2010, 22:17:44 UTC

I agree that asking for the password is not optimal. However, it's needed for getting certain info that is not public (such as # of hosts) and that we need to complement the survey.

-- David

ID: 980651 · Report as offensive
Profile kinhull
Volunteer tester
Avatar

Send message
Joined: 3 Oct 03
Posts: 1029
Credit: 636,475
RAC: 0
United Kingdom
Message 980893 - Posted: 19 Mar 2010, 14:07:10 UTC - in response to Message 980651.

.... we need to complement the survey.

-- David


I don't understand what this means?

Join TeamACC

Sometimes I think we are alone in the universe, and sometimes I think we are not. In either case the idea is quite staggering.

ID: 980893 · Report as offensive
OzzFan
Volunteer tester
Avatar

Send message
Joined: 9 Apr 02
Posts: 15112
Credit: 45,328,203
RAC: 43,401
United States
Message 982208 - Posted: 21 Mar 2010, 18:27:38 UTC - in response to Message 980893.

.... we need to complement the survey.

-- David


I don't understand what this means?


I'm guessing they want to group the responses by how serious the cruncher is. E.g. someone with more computers will be more "serious" than someone with just one machine crunching.

ID: 982208 · Report as offensive

Message boards : SETI@home Science : Survey or phishing?


 
©2016 University of California
 
SETI@home and Astropulse are funded by grants from the National Science Foundation, NASA, and donations from SETI@home volunteers. AstroPulse is funded in part by the NSF through grant AST-0307956.