Hacking Rhetoric

Sandbox Hack

“Sandbox Hack” // Hacking the Course Blog

In this assignment, each student in the class will both hack and be hacked. The hacking activity is limited to the course blog and the parameters were agreed upon as a class. Part of the goal here is to feel ‘productively uncomfortable’, but not unsafe–you should embrace and learn from the discomfort.


  • Everyone will change their BLOG passwords (and only their blog passwords!) to something that can be figured out through social engineering — targeted conversation, Facebook/social media “stalking”, etc — and phishing. The goal here is to use the human skills that we all have, not the technical skills that only some of the class have.

    • Your password should be an answer to one of the five questions below. You should write your answer in all lower case, no numbers, and the answer must be both truthful and something that’s possible, if challenging, to figure out. You should choose your question on the same basis–if the answer is something that you know isn’t out there somewhere, pick something else. Basically, operate in good faith.

  • Each student will be randomly assigned one other student in the classroom to hack

    • First, figure out your peer’s blog password

    • Second, hack one (or more) of their blog posts

      • Save a copy of the original text before you compose your replacement piece (copy the existing text and post it as a comment to the initial post; this preserves both the initial text and connects the two versions)

      • Your hack should be thoughtful and composed; it should make some kind of rhetorical point (whether that is responding to or transforming your peer’s original blog post, or engaging with an external issue)

      • Sign your work–i.e., put your name at the bottom of the edited post/s. It’s not going to be anonymous due to the blog posts required (see below), but this requirement is designed to ensure, for lack of a better word, niceness (all the evidence is that people who are anonymous online behave more badly). Keep in mind that one of the core principles of our class is ‘No trolling’–please don’t set out to deliberately upset, belittle, endanger, etc, one of your colleagues here.

  • After you perform your hack, post an extended (800ish words) blog post which explains your hacking process, the hack itself, what rhetorical effect it was designed to have, and why you made the rhetorical choices you did. You might also like to reflect on how this performance influences your thoughts on the hack/ers you’ve researched over the semester, your ethical decisions, etc–additional content is open, as long as you hit the core points outlined in the sentence above. This blog post replaces the short assignments required earlier in the course; it should be a polished piece of writing rather than an informal/conversational style, as has been the norm for earlier blog posts.

  • After you ARE hacked, post a still-extended-but-shorter response (400-500 words) to / reflection on your experience of being hacked. You might want to assess the hack’s effectiveness, reflect on your own security, discuss your emotional response or respond directly to your hacker. Like the ‘artist’s statement’ above, this should be a polished piece of writing.

Password prompt questions:

  • What city (city name only, not state) were you born in?

  • What was your high school mascot?

  • What is your favourite sport?

  • Who is your favourite superhero?

  • What is your favourite colour (select from: red; orange; yellow; green; blue; indigo; violet; black; white)?

Your answer should be limited to true information, written in all lowercase with no numbers. Change your password by noon on October 17. When deciding what question you want to use as your prompt, pick something that your hacker will be able to locate the answer to, even if it takes them a bit of work. Basically … act how you hope the person you’re hacking does!


By noon on October 17 — change your password

October 17 to November 18 — Hacking Open Season

October 31, Hallowe’en — if you haven’t yet been hacked, post a clue for your hacker publicly on the course blog or your class-affiliated Twitter feed.

November 25 — hacker: last date for ‘Artist’s Statement’

December 2 — hackee: last date to respond to being hacked


  • Perform as a hacker

  • Analyse an existing conversation (within or outside the course)

  • Compose an intervention in that conversation

  • Analyse the success of your intervention

  • Experience being hacked