There are a couple of interesting things about PhishTank, including the fact that it has an open API (application programming interface), as Paul Stamatiou notes, which means that anyone can design an application that makes use of the data in PhishTank in different ways. The service is also working on toolbar buttons for Thunderbird and Outlook that will allow users to send a suspected phish to the tank with a single click. There’s also a bit of community built in, with pages that rank the top submitters and verifiers.
In an interview with David last week, I asked why anyone would want to devote their time to verifying or submitting phishing attempts. It’s easy to see why someone would be attracted to uploading and sharing photos at Flickr or videos at YouTube, but phishing attacks? His response was that hundreds of people were already doing that even before there was a community — by sending emails to OpenDNS. In fact, he said that the PhishTank was in part a way of dealing with the volume of such submissions, by effectively outsourcing part of the job of verifying them.
That’s a smart use of Web 2.0, it seems to me, and could potentially kill two birds with one stone. Whether it actually becomes a community or not is almost irrelevant, since it has already taken a load off OpenDNS in a sense. And David definitely has some experience with a bottoms-up startup — his first venture, EveryDNS, was started “in college as a kind of beer fund, then it gradually became a college fund, and now it is much more.”
It may have a small set of about 100,000 users, he says, but “they are some of the very top geeks” including senior scientists at Microsoft and Sun. David himself is such an uber-geek that he is user number 18 on Slashdot, the venerable geek forum.