Would You Trade Your Identity For A Cookie?

“You have zero privacy anyway. Get over it.” —Scott McNealy, co-founder of Sun Microsystems

In A Nutshell

We’re often warned that we need to work on keeping our personal information secret. While it might seem pretty obvious that you shouldn’t be just giving out things like your social security number to complete strangers, one experiment shows that that’s just what people will do—as long as they’re offered a tasty, tasty cookie. It’s a surprising amount of people that will be willing to tell strangers just about anything and even to allow their pictures and fingerprints to be taken, as long as you give them a cookie in the end.

The Whole Bushel

In an age when pretty much anything about us can be found out online, we’re constantly reminded to keep our passwords safe and suitably cryptic. We’re told to be careful what we post online, keep our virus software updated and our most valuable personal information someplace extra safe.

There are many lists of the worst passwords you could possibly have, and a similar survey done by Imperva compiled the most common of 32 million hacked passwords. On the list? Things like “123456,” “abc123,” and (of course) “password.”

But surely, after now decades of warnings to keep creative with our passwords and to keep our information secure, people can’t possibly be using things like, “qwerty” for their passwords . . . can they?

They absolutely are, and even if they aren’t, it’s easier than you think it would be to get some incredibly personal information from people. All you have to do is offer them a cookie for it. An artist named Risa Puno took to the streets at the Brooklyn Arts Festival, wanting to see just what sort of value people were putting on their most personal information. She was armed with some pretty delicious-looking cookies, all decorated with an appropriate, technology-related theme. All people had to do to get a cookie was give her a piece of personal information.

Most of the information that she asked for were things that are often used for password recovery—your mother’s maiden name, your first pet’s name, what street you grew up on. She also asked for social security numbers, phone and drivers’ license numbers, and even requested people let her take their photographs and fingerprints.

Not only were many, many people willing to give up this information without a second thought, but many requested that they get to pose with the cookies in their pictures.

Over the course of the experiment, she approached 380 people. More than half agreed to have their pictures taken, and 162 divulged the last four digits of their social security number. Again, they did this for a cookie.

Whenever anyone asked what she was going to do with the information, she presented them with a page-long Terms of Service that included giving her the right to share and distribute the information she collected.

Still, people were more than happy to give up their information for one of her cookies and some even took to social media afterward to boast that they’d just gotten this amazing cookie, and all they’d had to do was give up some personal information.

It’s a pretty non-scientific (albeit delicious) experiment, but the question of the value of privacy has become an increasingly important one. In a 2009 study by Carnegie Mellon privacy experts, it was found that there are a massive amount of variables when it comes to deciding just what privacy is actually, monetarily worth.

Participants in their study were offered gift cards, along with the stipulation that their purchases would or wouldn’t be tracked. Results were so varied that researchers came to the conclusion that a big part of getting someone to divulge personal information was how they felt about the situation they were in. This could account for, perhaps, people’s likeliness to give up personal details to a friendly cookie-seller.

Show Me The Proof

ProPublica: How Much of Your Data Would You Trade for a Free Cookie?
What is privacy worth?
25 “Worst Passwords” Of 2011 Revealed