I wrote another Ghost in the Shellcode story up on twitter thread[0], but I'd like to share it here also.<p>In 2013, I wrote a GitS challenge called "hackerbook". It was a "misc" challenge where I presented you with a series of photos of prominent hackers at the time and asked you their name. It worked on the same principle as reCaptcha, I only knew the names of about 30 of the hackers and put those into the database. For the remaining ones, I accepted any answer but logged it to the database. If you correctly named all the 30 that I knew, you got the flag.<p>I wrote it because I thought it'd be funny to get people to give up the real names of their friends. I also thought it might be a good way to harvest the names of hackers[1] who are opsec thought leaders. For the remaining photos, I went to every CTF team's twitter, facebook, flickr, etc and sliced out random people.<p>The challenge worked pretty well at de-anonymizing a few folks. One player even sent me a photo of his friend's passport, claiming my challenge was broken and not accepting the correct name.<p>I think we already knew most people would give away all their personal details for a chance to win a free ice cream but they'll also give away their friends details for made up internet points.<p>[0] <a href="https://twitter.com/withzombies/status/1529145520027054081" rel="nofollow">https://twitter.com/withzombies/status/1529145520027054081</a><p>[1] <a href="https://twitter.com/thegrugq" rel="nofollow">https://twitter.com/thegrugq</a>