a user study of visualizing privacy n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
A User Study of Visualizing Privacy PowerPoint Presentation
Download Presentation
A User Study of Visualizing Privacy

Loading in 2 Seconds...

play fullscreen
1 / 23

A User Study of Visualizing Privacy - PowerPoint PPT Presentation


  • 139 Views
  • Uploaded on

A User Study of Visualizing Privacy. February 27, 2007 HyeEun You. Overview. Week7: Visualizing privacy A user study of visualizing privacy From one of the optional reading materials, “ Stopping Spyware at the Gate: A User Study of Privacy, Notice and Spyware ”,

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

A User Study of Visualizing Privacy


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
a user study of visualizing privacy

A User Study of Visualizing Privacy

February 27, 2007

HyeEun You

overview
Overview
  • Week7: Visualizing privacy
  • A user study of visualizing privacy
  • From one of the optional reading materials,

“Stopping Spyware at the Gate: A User Study of Privacy, Notice and Spyware”,

by N. Good, R. Dhamija, J. Grossklags, D. Thaw, S. Aronowitz, D. Mulligan, and J. Konstan.

  • A user experiment of privacy notice about spyware
references
References
  • [1] Abrams, M., Eisenhauer, M. and Sotto, L. (2004) “Response to the FTC request for public comments in the Advance Notice of Proposed Rulemaking on Alternative Forms of Privacy Notices under the Gramm-Leach-Bliley Act”, Center for Information Policy Leadership, March 2004. Available at: http://www.hunton.com/files/tbl_s47Details/FileUpload265/685/CIPL_Notices_ANPR_Comments_3.29.04.pdf
  • [2] Ackerman, M., and Cranor, L. (1999) “Privacy Critics: UI components to safeguard users' privacy,” Proceedings of CHI '99, extended abstracts.
  • [3] Acquisti, A. and Grossklags, J. (2005) Privacy and Rationality in Individual Decision Making, IEEE Security and Privacy, IEEE Computer Society, Vol. 3, No. 1, January/February 2005, pp. 26-33.
  • [4] Acquisti, A. and Grossklags, J. (2005) “Uncertainty, Ambiguity and Privacy,” Fourth Annual Workshop Economics and Information Security (WEIS 2005), MA, 2-3 June, 2005.
  • [5] AOL/NSCA Online Safety Study, America Online and National Cyber Security Alliance, October 2004. Available at: http://www.staysafeonline.info/news/safety_study_v04.pdf
  • [6] Bartram, L., Ware, C., Calvert, T., (2003) “Moticons: detection, distraction and task”, International Journal of Human-Computer Studies 58: 515-545, Issue 5 (May 2003).
references1
References
  • [7] Berthold, O., Köhntopp, M. (2000) “Identity Management based on P3P”, in: Federrath, H. “Designing Privacy Enhancing Technologies”, Proceedings of the Workshop on Design Issues in Anonymity and Unobservability, Springer, pp. 141-160.
  • [8] Cranor, L., Reagle, J., and Ackerman, M. (1999) "Beyond Concern: Understanding Net Users' Attitudes About Online Privacy”, AT&T Labs-Research, April, 1999.
  • [9] Dourish, P. and Redmiles, D. (2002) "An approach to usable security based on event monitoring and visualization,” Proceedings of the 2002 workshop on New security paradigms, September 2002.
  • [10] Earthlink (2005) “Results complied from Webroot's and EarthLink's Spy Audit programs”. Available at: http://www.earthlink.net/spyaudit/press/ (last accessed February 25, 2005)
  • [11] Gilbert, D., Morewedge, C., Risen, J. and Wilson, T. (2004) “Looking Forward to Looking Backward: The Misprediction of Regret”, Psychological Science, Vol. 15, No. 5, pp. 346-350.
  • [12] Good, N.S., Krekelberg, A.J. (2003) “Usability and Privacy: A study of Kazaa P2P file-sharing”, in: Proceedings of CHI 2003.
outline
Outline
  • Introduction
  • User Experiment
  • Results
  • Conclusion
  • Questions (Discussion & Questions)
introduction spyware
Introduction - Spyware
  • Spyware?
    • Software which may track user activities online and offline providing targeted advertising or engaging other undesired, invasive activities
    • The lack of a standard definition to distinguish spyware clearly
    • Limited agreement on the legitimacy of spyware
    • Spyware reside on up to 90% of all Internet-connected computers [10]
  • Spyware is often installed by users' choice

Introduction

Experiment

Results

Conclusion

Questions

introduction notices
Introduction - Notices
  • During installation, notices are shown.
    • ex) End User Licensing Aggrements(EULA), Terms Of Service(TOS), and security warnings
  • Notice alone does not have a significant effect on installation decision
    • Users’ limited understanding of EULA content
    • Little desire to read lengthy notices
    • Satisfaction from high functionality
  • However, privacy and security become important when similar functionality is given

Introduction

Experiment

Results

Conclusion

Questions

introduction user study
Introduction – User study
  • Many anti-spyware vendors inform users about possible threats, but ultimately give the user control over what is to be removed.
  • Studies have focused on only in explaining the user behaviors contributing to the proliferation of spyware
  • The paper focuses on understanding the factors of notices such as the form and content affecting user's decisions and user’s decision making process in installation spyware

Introduction

Experiment

Results

Conclusion

Questions

introduction related work 1
Introduction – Related work 1
  • User behavior
    • Lack of knowledge about risks and modes of technical and legal protection
    • Different level of privacy sensitivity

ex) privacy fundamentalists, privacy pragmatists, and the marginally concerned

    • Not stated privacy preferences

ex) trade off privacy or security for small monetary gains like a free program

Introduction

Experiment

Results

Conclusion

Questions

introduction related work 2
Introduction – Related work 2
  • Notices
    • Complex notices inhibit understandability of agreements
    • The Platform for Privacy Preferences Project (P3P) as an attempt to improve users' ability to make informed decisions
    • Notification systems such as instant messaging, user status updates, and email alerts
    • Visualization techniques to increase information availability without distracting users' focus on primary tasks

Introduction

Experiment

Results

Conclusion

Questions

user experiment
User Experiment
  • Goal:
    • to examine the factors that contribute to users' installation decisions
    • to understand how the form and content of notices affects users' installation decisions and cognition of the privacy and security consequences
  • The benefits of an ecological study
    • obtain sufficient data
    • observe all interactions with the software
    • gather qualitative data about the decision-making process

Introduction

Experiment

Results

Conclusion

Questions

user experiment1
User Experiment
  • Applications used in the experiment
    • Users could download five applicationscontaining bundled software or functionality monitoring users
    • The criteria in selecting programs of the experiment:

1) A legitimate and desirable function;

2) Included or bundled functionality that may be averse to a given user's privacy/security preferences;

3) A pre-installation notice of terms that the user must consent to in order to install the application

    • The program to reflect the range of behavior, functionality and reputation

Introduction

Experiment

Results

Conclusion

Questions

user experiment2
User Experiment
  • Experiment Scenario
  • 3 different notice conditions
    • EULA only
    • Microsoft SP2 short notice + EULA
    • Customized short notice + EULA

Introduction

Experiment

Results

Conclusion

Questions

user experiment3
User Experiment
  • Creating the short notices
    • should be easy to understand
    • should include:

1) The name of the company

2) The purpose of the data processing

3) The recipients or categories of recipients of the data

4) Whether replies to questions are obligatory orvoluntary, as well as the possibleconsequences of failure to reply

5) The possibility of transfer to third parties

6) The right to access, to rectify and oppose

  • Surveys and post study interview

Introduction

Experiment

Results

Conclusion

Questions

results installation decisions
Results – Installation Decisions
  • Participant demographics
    • 31 participants (14 males and 17 females)
    • all experienced Windows operation system
    • various reasons for installing
      • Install first, ask questions later
      • Once Bitten, Twice shy
      • Curious, feature-based
      • Computer-Phobic

Introduction

Experiment

Results

Conclusion

Questions

results installation decisions1
Results – Installation Decisions
  • Installation Concerns
    • Functionality (>80%)
    • Popups (~60%)
    • Crashing their machine, computer performance (~30%)
    • Installing additional software (~15%)
    • Monetary cost (~10%)
    • Sends information (<5%)

Introduction

Experiment

Results

Conclusion

Questions

results
Results

Introduction

Experiment

Results

Conclusion

Questions

results1
Results

Introduction

Experiment

Results

Conclusion

Questions

results2
Results

Introduction

Experiment

Results

Conclusion

Questions

results3
Results

Introduction

Experiment

Results

Conclusion

Questions

results4
Results

Introduction

Experiment

Results

Conclusion

Questions

conclusion
Conclusion
  • Notice alone does not have a strong effect on users’ installation decision
  • Users generally know they are agreeing to a contract by clicking through a EULA screen
  • Users have limited understanding of EULA content and little desire to read lengthy notices
  • Short notices improve users’ understanding
  • Users consider functionality as the most important factor
  • Users still consider privacy and security are also important

Introduction

Experiment

Results

Conclusion

Questions

questions
Questions
  • Discussion
    • Providing transparency to users is required
    • Research of trade-offs between software features and privacy preferences is needed
  • Questions ?

Introduction

Experiment

Results

Conclusion

Questions