The Slovenian TMIA collective invites you to give away your password to a public online gallery. Apparently, it’s all about privacy and trust

What will it take to put your online accounts’ passwords out in the open? Would you have to be tortured? Or would you just give them away, aware that those huge Internet corporations out there check your every move online anyway? No, I don’t think you would gladly grant a stranger an access to your passwords. It’s just too painstakingly hard to trust anyone these days. I wouldn’t have done it for the world. But I changed my mind and did it anyway. I gave my password to a bunch of guys I’ve never even heard of before, complete strangers, and now everyone can see it. And it feels nice, in a weird melancholic way. Would you like to try it as well? If that’s the case, you most certainly can, and here’s how it works.

Created a few days ago by a trio from Slovenia, TMIA is an online password gallery with an aim to explore trust and privacy issues, as well as to question online users’ behaviour. The TMIA’s website is inviting everybody to contribute their passwords and share them with the world. When entering the password of your choice into a neat box, it becomes publicly available, while at that same instance you’re granted an access to a vast gallery of passwords contributed by previous users. “It’s a common knowledge that most people use the same password for most of their online accounts,” the authors said, “so it’s exactly these passwords that we had in mind.”

Well, doesn’t it seem a bit too naive to expect from users to enter their actual passwords into the box? They could as easily type in a hate speech blah, name of a corporation exploiting child labour or a plain insult to the authors. The TMIA collective claims it’s not a least of their concern whether or not people are contributing their authentic passwords and, taking themselves not so seriously, they find it funny when entries mention their names. “It was clear to us from the start that a certain percentage of the passwords will be incorrect. In a way, our aim is not necessarily to accumulate the true passwords. It’s rather to see what happens when you ask a person for his or her authentic password.”

But still, are there any authentic passwords in there? Wait, let me rephrase that. I know there’s at least one, but what are the odds of actually obtaining loads of authentic passwords?

“There is a far greater number of authentic passwords in the gallery than one would imagine” the trio explains. “For example, 123456 [which, by the way, was banned by Microsoft Hotmail in 2011] seems like a fail, while in reality it’s our friend’s password.” Moreover, when they first tested the site with 100 randomly generated words a bizarre thing happened – one of the words in the bunch was the authentic password which one of the TMIA guys had been using for most of his online accounts.

There were more than 400 unique password entries gathered in the first week following the launch of the website. A few days after the site went live: Klemen Ilovar, Jure Martinec and Nejc Prah presented their baby at Zagreb’s D-Day festival, trying hard to recruit fresh password donors. After several on site discussions with potential contributors, the TMIA’s impression was that “older” people had been far less eager to share their passwords with them than the rest of the crowd. However, it’s one thing analysing the demographic results of your persuasion skills offline and quite another to ascertain what’s going on the actual website. Will the guys try to make some sense out of the online entries? They say their next step involves finding out what exactly to do with all those passwords.

“When enough of them accumulates, we’ll probably analyse them a bit, in order to see what the most frequent passwords are and what’s up with that etc. It’s not clear yet.” Not clear yet? Well, there’s many who’d like these guys to be very clear about that.

As their site rightfully points out, a “password is our most private and intimate possession on the internet.” True. Without it, our online activities are rather impaired, right? Having someone else’s password in your pocket, makes invading their privacy a walk in the park. The TMIA now obtained at least one authentic password, as well as hundreds of potentially usable ones. So, are we to be feared? Are they to be trusted?

Answering Bturn’s inquiry, the TMIA crew said they possess “a pile of entries of which some are actually passwords that can be used to access all kinds of places”. At the same time, they ensured us that they “don’t have a clue who do these entries belong to, nor which of all these are the accurate ones.” Their website disclaimer states that they “promise not to abuse user’s trust.” But, hey, it doesn’t take a real effort to figure out which computers generated those entries, does it? So, will they give it a go?

Well, I decided to trust them, nevertheless. Offering myself on a plate to googles and facebooks, I don’t really see these guys causing me any serious harm. No matter how they analyse the data and what they come up with in the end, this brilliant project is already achieving its goals. Those many relevant privacy issues addressed by TMIA are matched only by as many seriously pressing surveillance questions the project is raising.

And you know what, you can’t help but feel overwhelmingly touched and somewhat saddened seeing your own password floating, all alone and vulnerable, in that virtual gallery space, frequented by lost souls of other world wide web citizens. A huge part of me is just sitting there, in that minimalistic chamber, devoid of warmth and solace. A vital piece of me dropped into the unknown. Bare naked. Seemingly calm and dignified. Although on the verge of being grabbed and taken advantage of.

All of you can see it and you haven’t got a clue it’s me.

Or do you?

To become a password donor visit TMIA website:

trustmeitsart.com