1 / 67

Evil Interfaces: Violating the User

Evil Interfaces: Violating the User. Bagus Nurcahyo bagus@staff.gunadarma.ac.id Programme of Study of Marketing Management Undergraduate Programme of Business & Entrepreneurship, Gunadarma University. In an Ideal World Interfaces. aid efficiency reduce task completion time reduce errors

bcharlotte
Download Presentation

Evil Interfaces: Violating the User

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Evil Interfaces:Violating the User Bagus Nurcahyo bagus@staff.gunadarma.ac.id Programme of Study of Marketing Management Undergraduate Programme of Business & Entrepreneurship, Gunadarma University

  2. In an Ideal World Interfaces... • aid efficiency • reduce task completion time • reduce errors • easy to learn • and are satisfying to use http://smg.media.mit.edu/papers/images/ChatCircles/5_circles.gif http://en.wikipedia.org/wiki/Usability

  3. Evil Interfaces “Evil interfaces are deliberately malicious, often designed to mislead or trick, and act counter to the goals of the user in an adversarial relationship” http://www.allheadlinenews.com/articles/7009823469

  4. Not bad design... http://www.hampsterdance.com/classorig.html http://bestanimations.com/Humans/Skulls/Skulls5.html

  5. The Problem is Evolving... http://upload.wikimedia.org/wikipedia/en/1/1a/Pop-up_ads.jpg

  6. Motivators • Profit • Make sales • Register software • Advertising revenue • Protect IP • Brand recognition • including political candidates • Disclose Information • (Sick) Humor • Legal Your definition of “evil” may vary

  7. Attacker’s Problem • Users aren’t paying attention to advertisements. • “Generation MySpace is Getting Fed Up” • Banner Ad Blindness • Occurs on and off desktop • Attacker’s solution... Evil Interfaces http://www.useit.com/eyetracking/

  8. So What? • The problem is ubiquitous • Minimal countermeasures exist • This is a hard problem • Raising awareness increases resistance • Places most vulnerable user populations at risk

  9. Outline • A little background • Threat model and attacker motivations • Taxonomy • Measuring evil

  10. Threat Model • Attacker is often designer of interface • or Third-parties able to influence interface • sources of embedded content • ISPs • Assets: user’s time, attention, and money • Environment: Problem exists everywhere. Gas stations, casinos, grocery stores, software, hardware, the web.

  11. Taxonomy of Evil Usability • Attention • Attract • Avoid • Demand • Error Exploitation • Work • Deceive • Manipulating Navigation • Manipulating Controls

  12. Attract Attention

  13. Preattentive Processing • Orientation • Length • Width • Size • Shape • Curvature • Color • Spatial Positioning http://www.intelligententerprise.com/print_article.jhtml;jsessionid=XB1PNVUT0OMAOQSNDLOSKH0CJUNN2JVN?articleID=31400009

  14. Preattentive Processing

  15. Color

  16. Color

  17. Ads Inline With Content

  18. Crowding Out Content

  19. Autoplay Video & Audio • This is a limited time offer so act now • Forbes.com • contrast this with people who play music when you visit their site

  20. Motion(jitter) Demo

  21. Animation(hover ads)

  22. Multiple Animations

  23. Make it Egregious Demo

  24. Avoid Attention

  25. Subtle

  26. We don’t want you to read the policy

  27. Constrained Viewing of Content 10 Pages

  28. Demand Attention

  29. Random Updates

  30. Take a Survey(We Value Your Opinion)

  31. Advertisement Splash Screens(Interstitial)

  32. Insert Ad before playing

  33. Exploit Errors

  34. Mistyped Movie Name • What would you like to have happen? a. see a list of movies with similar names b. stare at a spiked animated blowfish

  35. Capture Errors “a type of slip where a more frequent and more practiced behavior takes place when a similar, but less familiar, action was intended. ” http://www.usabilityfirst.com/glossary/main.cgi?function=display_term&term_id=654

  36. Mistyped URL

  37. Misplaced Clicks

  38. Make the User Work

  39. Pay With Time

  40. Complete CAPTCHAs http://rs76.rapidshare.com

  41. Leave trash around From an iTunes update, you only had the option to install the update and Quick Time

  42. Bad Defaults / No unselect all

  43. Deceive

  44. Fake (Text) Hyperlinks

  45. Fake Forms

  46. Bait and Switch

  47. Make Advertisement Look Like Content

  48. Spoof YouTube Video Links http://www.betanews.com/article/Google_Talk_Opens_to_Other_IM_Services/1137530175

  49. Manipulate Navigation

  50. Rollover Minefield(pseudo-hyperlink)

More Related