Survey or phishing?

Message boards : SETI@home Science : Survey or phishing?

Author	Message
Jörg Send message Joined: 10 Dec 02 Posts: 51 Credit: 1,547,286 RAC: 0	Message 979146 - Posted: 15 Mar 2010, 21:43:00 UTC Last modified: 15 Mar 2010, 21:47:24 UTC
	Good evening, I got an invitation to participate in a survey regarding BOINC. I could not find a message in this forum about it and I was surprised to find a request to edit my account details before participating in the survey. Is this an official survey or is someone trying to get my account details? <<<<<<<<<<<<<<< Dear SETI@home participant: We're conducting a survey of SETI@home users to better understand why people participate in volunteer computing and contribute computer resources. We'd be extremely grateful if you could help us by filling out a questionnaire. If you're not interested, ignore this email. The survey is at http://boinc.berkeley.edu/survey/ It should take no more than 10-15 minutes. Your responses will be used for research purposes and to improve BOINC. We'll be happy to share our findings with you, and they'll be made available once we complete the data collection and analysis. With many thanks - Dr. David P. Anderson Director, SETI@home and BOINC University of California, Berkeley email: davea at ssl.berkeley.edu Prof. Oded Nov Polytechnic Institute of New York University email: onov at poly.edu ---------------------------- To opt out of emails from SETI@home, visit: http://setiathome.berkeley.edu >>>>>>>>>>>>>>>>>>>>>> ____________ Am Ende ist nur Verwirrung
	ID: 979146 ·

Volunteer tester Send message Joined: 9 Apr 02 Posts: 11987 Credit: 18,014,610 RAC: 55,449	Message 979204 - Posted: 15 Mar 2010, 23:41:10 UTC - in response to Message 979146.
	The survey site is located right off the Berkeley.edu domain, and is in fact a real survey. The username and password are required to ensure the person taking the survey is in fact an actual BOINC user. http://boinc.berkeley.edu/survey ____________
	ID: 979204 ·

Norwich Gadfly Send message Joined: 29 Dec 08 Posts: 100 Credit: 488,414 RAC: 0	Message 979882 - Posted: 17 Mar 2010, 10:31:44 UTC - in response to Message 979204.
	I did not complete the survey because the questions were multiple choice which did not include my answer. For example "which is your main project ?" - I could not give my answer which is that I run 3 projects and give the same time to each. I also got a bit fed up with being badgered to give tax-deductible donations to SET@Home. As I live in the UK, only donations to charities registered in the UK attract tax relief. ____________
	ID: 979882 ·

ML1 Volunteer tester Send message Joined: 25 Nov 01 Posts: 7123 Credit: 3,684,129 RAC: 959	Message 979930 - Posted: 17 Mar 2010, 13:08:16 UTC - in response to Message 979204. Last modified: 17 Mar 2010, 13:11:07 UTC
	The survey site is located right off the Berkeley.edu domain, and is in fact a real survey. The username and password are required to ensure the person taking the survey is in fact an actual BOINC user. http://boinc.berkeley.edu/survey That still very suspiciously looks like "phishing". It also lowers people's guard to expect to give away their user name and password to a 3rd party site. Note: "boinc.berkeley.edu/survey" is NOT the home site for the account details being asked for! Is that not called "phishing"? Regardless, that is very bad practice, and sets a very bad example. Also, those login details are not encrypted. There is no https connection. If the goal is to verify that the person filling in the survey is the boinc participant, then do that by sending a verify email to their email address and OK the results if they reply from that. Regards, Martin ____________ Mandriva Linux A user friendly OS! See new freedom Mageia2 The Future is what We make IT (GPLv3)
	ID: 979930 ·

Volunteer tester Send message Joined: 9 Apr 02 Posts: 11987 Credit: 18,014,610 RAC: 55,449	Message 979949 - Posted: 17 Mar 2010, 13:50:17 UTC - in response to Message 979930.
	The survey site is located right off the Berkeley.edu domain, and is in fact a real survey. The username and password are required to ensure the person taking the survey is in fact an actual BOINC user. http://boinc.berkeley.edu/survey That still very suspiciously looks like "phishing". It also lowers people's guard to expect to give away their user name and password to a 3rd party site. Note: "boinc.berkeley.edu/survey" is NOT the home site for the account details being asked for! Is that not called "phishing"? Regardless, that is very bad practice, and sets a very bad example. Also, those login details are not encrypted. There is no https connection. If the goal is to verify that the person filling in the survey is the boinc participant, then do that by sending a verify email to their email address and OK the results if they reply from that. Regards, Martin I never answered whether it looks like phishing or not, I only said that this particular URL was not a phishing site. I made no comments whether the site practiced good form. ____________
	ID: 979949 ·

ML1 Volunteer tester Send message Joined: 25 Nov 01 Posts: 7123 Credit: 3,684,129 RAC: 959	Message 980605 - Posted: 18 Mar 2010, 19:28:46 UTC - in response to Message 979949.
	I never answered whether it looks like phishing or not, I only said that this particular URL was not a phishing site. I made no comments whether the site practiced good form. Has this been raised with the Boinc devs? I strongly feel that the Boinc devs should be setting and showing a good example. Hosting a page that looks like phishing and that is in effect phishing is very sloppy. There are better ways. Regards, Martin ____________ Mandriva Linux A user friendly OS! See new freedom Mageia2 The Future is what We make IT (GPLv3)
	ID: 980605 ·

David Anderson Volunteer moderator Project administrator Project developer Send message Joined: 13 Feb 99 Posts: 34 Credit: 381,044 RAC: 0	Message 980651 - Posted: 18 Mar 2010, 22:17:44 UTC
	I agree that asking for the password is not optimal. However, it's needed for getting certain info that is not public (such as # of hosts) and that we need to complement the survey. -- David
	ID: 980651 ·

kinhull Volunteer tester Send message Joined: 3 Oct 03 Posts: 1029 Credit: 636,475 RAC: 0	Message 980893 - Posted: 19 Mar 2010, 14:07:10 UTC - in response to Message 980651.
	.... we need to complement the survey. -- David I don't understand what this means? ____________ Join TeamACC Sometimes I think we are alone in the universe, and sometimes I think we are not. In either case the idea is quite staggering.
	ID: 980893 ·

Volunteer tester Send message Joined: 9 Apr 02 Posts: 11987 Credit: 18,014,610 RAC: 55,449	Message 982208 - Posted: 21 Mar 2010, 18:27:38 UTC - in response to Message 980893.
	.... we need to complement the survey. -- David I don't understand what this means? I'm guessing they want to group the responses by how serious the cruncher is. E.g. someone with more computers will be more "serious" than someone with just one machine crunching. ____________
	ID: 982208 ·

Message boards : SETI@home Science : Survey or phishing?