1 / 23

A User Study of Visualizing Privacy

A User Study of Visualizing Privacy. February 27, 2007 HyeEun You. Overview. Week7: Visualizing privacy A user study of visualizing privacy From one of the optional reading materials, “ Stopping Spyware at the Gate: A User Study of Privacy, Notice and Spyware ”,

cato
Download Presentation

A User Study of Visualizing Privacy

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. A User Study of Visualizing Privacy February 27, 2007 HyeEun You

  2. Overview • Week7: Visualizing privacy • A user study of visualizing privacy • From one of the optional reading materials, “Stopping Spyware at the Gate: A User Study of Privacy, Notice and Spyware”, by N. Good, R. Dhamija, J. Grossklags, D. Thaw, S. Aronowitz, D. Mulligan, and J. Konstan. • A user experiment of privacy notice about spyware

  3. References • [1] Abrams, M., Eisenhauer, M. and Sotto, L. (2004) “Response to the FTC request for public comments in the Advance Notice of Proposed Rulemaking on Alternative Forms of Privacy Notices under the Gramm-Leach-Bliley Act”, Center for Information Policy Leadership, March 2004. Available at: http://www.hunton.com/files/tbl_s47Details/FileUpload265/685/CIPL_Notices_ANPR_Comments_3.29.04.pdf • [2] Ackerman, M., and Cranor, L. (1999) “Privacy Critics: UI components to safeguard users' privacy,” Proceedings of CHI '99, extended abstracts. • [3] Acquisti, A. and Grossklags, J. (2005) Privacy and Rationality in Individual Decision Making, IEEE Security and Privacy, IEEE Computer Society, Vol. 3, No. 1, January/February 2005, pp. 26-33. • [4] Acquisti, A. and Grossklags, J. (2005) “Uncertainty, Ambiguity and Privacy,” Fourth Annual Workshop Economics and Information Security (WEIS 2005), MA, 2-3 June, 2005. • [5] AOL/NSCA Online Safety Study, America Online and National Cyber Security Alliance, October 2004. Available at: http://www.staysafeonline.info/news/safety_study_v04.pdf • [6] Bartram, L., Ware, C., Calvert, T., (2003) “Moticons: detection, distraction and task”, International Journal of Human-Computer Studies 58: 515-545, Issue 5 (May 2003).

  4. References • [7] Berthold, O., Köhntopp, M. (2000) “Identity Management based on P3P”, in: Federrath, H. “Designing Privacy Enhancing Technologies”, Proceedings of the Workshop on Design Issues in Anonymity and Unobservability, Springer, pp. 141-160. • [8] Cranor, L., Reagle, J., and Ackerman, M. (1999) "Beyond Concern: Understanding Net Users' Attitudes About Online Privacy”, AT&T Labs-Research, April, 1999. • [9] Dourish, P. and Redmiles, D. (2002) "An approach to usable security based on event monitoring and visualization,” Proceedings of the 2002 workshop on New security paradigms, September 2002. • [10] Earthlink (2005) “Results complied from Webroot's and EarthLink's Spy Audit programs”. Available at: http://www.earthlink.net/spyaudit/press/ (last accessed February 25, 2005) • [11] Gilbert, D., Morewedge, C., Risen, J. and Wilson, T. (2004) “Looking Forward to Looking Backward: The Misprediction of Regret”, Psychological Science, Vol. 15, No. 5, pp. 346-350. • [12] Good, N.S., Krekelberg, A.J. (2003) “Usability and Privacy: A study of Kazaa P2P file-sharing”, in: Proceedings of CHI 2003.

  5. Outline • Introduction • User Experiment • Results • Conclusion • Questions (Discussion & Questions)

  6. Introduction - Spyware • Spyware? • Software which may track user activities online and offline providing targeted advertising or engaging other undesired, invasive activities • The lack of a standard definition to distinguish spyware clearly • Limited agreement on the legitimacy of spyware • Spyware reside on up to 90% of all Internet-connected computers [10] • Spyware is often installed by users' choice Introduction Experiment Results Conclusion Questions

  7. Introduction - Notices • During installation, notices are shown. • ex) End User Licensing Aggrements(EULA), Terms Of Service(TOS), and security warnings • Notice alone does not have a significant effect on installation decision • Users’ limited understanding of EULA content • Little desire to read lengthy notices • Satisfaction from high functionality • However, privacy and security become important when similar functionality is given Introduction Experiment Results Conclusion Questions

  8. Introduction – User study • Many anti-spyware vendors inform users about possible threats, but ultimately give the user control over what is to be removed. • Studies have focused on only in explaining the user behaviors contributing to the proliferation of spyware • The paper focuses on understanding the factors of notices such as the form and content affecting user's decisions and user’s decision making process in installation spyware Introduction Experiment Results Conclusion Questions

  9. Introduction – Related work 1 • User behavior • Lack of knowledge about risks and modes of technical and legal protection • Different level of privacy sensitivity ex) privacy fundamentalists, privacy pragmatists, and the marginally concerned • Not stated privacy preferences ex) trade off privacy or security for small monetary gains like a free program Introduction Experiment Results Conclusion Questions

  10. Introduction – Related work 2 • Notices • Complex notices inhibit understandability of agreements • The Platform for Privacy Preferences Project (P3P) as an attempt to improve users' ability to make informed decisions • Notification systems such as instant messaging, user status updates, and email alerts • Visualization techniques to increase information availability without distracting users' focus on primary tasks Introduction Experiment Results Conclusion Questions

  11. User Experiment • Goal: • to examine the factors that contribute to users' installation decisions • to understand how the form and content of notices affects users' installation decisions and cognition of the privacy and security consequences • The benefits of an ecological study • obtain sufficient data • observe all interactions with the software • gather qualitative data about the decision-making process Introduction Experiment Results Conclusion Questions

  12. User Experiment • Applications used in the experiment • Users could download five applicationscontaining bundled software or functionality monitoring users • The criteria in selecting programs of the experiment: 1) A legitimate and desirable function; 2) Included or bundled functionality that may be averse to a given user's privacy/security preferences; 3) A pre-installation notice of terms that the user must consent to in order to install the application • The program to reflect the range of behavior, functionality and reputation Introduction Experiment Results Conclusion Questions

  13. User Experiment • Experiment Scenario • 3 different notice conditions • EULA only • Microsoft SP2 short notice + EULA • Customized short notice + EULA Introduction Experiment Results Conclusion Questions

  14. User Experiment • Creating the short notices • should be easy to understand • should include: 1) The name of the company 2) The purpose of the data processing 3) The recipients or categories of recipients of the data 4) Whether replies to questions are obligatory orvoluntary, as well as the possibleconsequences of failure to reply 5) The possibility of transfer to third parties 6) The right to access, to rectify and oppose • Surveys and post study interview Introduction Experiment Results Conclusion Questions

  15. Results – Installation Decisions • Participant demographics • 31 participants (14 males and 17 females) • all experienced Windows operation system • various reasons for installing • Install first, ask questions later • Once Bitten, Twice shy • Curious, feature-based • Computer-Phobic Introduction Experiment Results Conclusion Questions

  16. Results – Installation Decisions • Installation Concerns • Functionality (>80%) • Popups (~60%) • Crashing their machine, computer performance (~30%) • Installing additional software (~15%) • Monetary cost (~10%) • Sends information (<5%) Introduction Experiment Results Conclusion Questions

  17. Results Introduction Experiment Results Conclusion Questions

  18. Results Introduction Experiment Results Conclusion Questions

  19. Results Introduction Experiment Results Conclusion Questions

  20. Results Introduction Experiment Results Conclusion Questions

  21. Results Introduction Experiment Results Conclusion Questions

  22. Conclusion • Notice alone does not have a strong effect on users’ installation decision • Users generally know they are agreeing to a contract by clicking through a EULA screen • Users have limited understanding of EULA content and little desire to read lengthy notices • Short notices improve users’ understanding • Users consider functionality as the most important factor • Users still consider privacy and security are also important Introduction Experiment Results Conclusion Questions

  23. Questions • Discussion • Providing transparency to users is required • Research of trade-offs between software features and privacy preferences is needed • Questions ? Introduction Experiment Results Conclusion Questions

More Related