Stopping spyware at the gate: a user study of privacy, notice and spyware

Symposium On Usable Privacy and Security Pub Date : 2005-07-06 DOI:10.1145/1073001.1073006

Nathaniel Good, Rachna Dhamija, Jens Grossklags, D. Thaw, S. Aronowitz, D. Mulligan, J. Konstan

{"title":"Stopping spyware at the gate: a user study of privacy, notice and spyware","authors":"Nathaniel Good, Rachna Dhamija, Jens Grossklags, D. Thaw, S. Aronowitz, D. Mulligan, J. Konstan","doi":"10.1145/1073001.1073006","DOIUrl":null,"url":null,"abstract":"Spyware is a significant problem for most computer users. The term \"spyware\" loosely describes a new class of computer software. This type of software may track user activities online and offline, provide targeted advertising and/or engage in other types of activities that users describe as invasive or undesirable.While the magnitude of the spyware problem is well documented, recent studies have had only limited success in explaining the broad range of user behaviors that contribute to the proliferation of spyware. As opposed to viruses and other malicious code, users themselves often have a choice whether they want to install these programs.In this paper, we discuss an ecological study of users installing five real world applications. In particular, we seek to understand the influence of the form and content of notices (e.g., EULAs) on user's installation decisions.Our study indicates that while notice is important, notice alone may not be enough to affect users' decisions to install an application. We found that users have limited understanding of EULA content and little desire to read lengthy notices. Users found short, concise notices more useful, and noticed them more often, yet they did not have a significant effect on installation for our population. When users were informed of the actual contents of the EULAs to which they agreed, we found that users often regret their installation decisions.We discovered that regardless of the bundled content, users will often install an application if they believe the utility is high enough. However, we discovered that privacy and security become important factors when choosing between two applications with similar functionality. Given two similar programs (e.g. KaZaA and Edonkey), consumers will choose the one they believe to be less invasive and more stable. We also found that providing vague information in EULAs and short notices can create an unwarranted impression of increased security. In these cases, it may be helpful to have a standardized format for assessing the possible options and trade-offs between applications.","PeriodicalId":273244,"journal":{"name":"Symposium On Usable Privacy and Security","volume":"47 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2005-07-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"143","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Symposium On Usable Privacy and Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/1073001.1073006","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 143

Abstract

Spyware is a significant problem for most computer users. The term "spyware" loosely describes a new class of computer software. This type of software may track user activities online and offline, provide targeted advertising and/or engage in other types of activities that users describe as invasive or undesirable.While the magnitude of the spyware problem is well documented, recent studies have had only limited success in explaining the broad range of user behaviors that contribute to the proliferation of spyware. As opposed to viruses and other malicious code, users themselves often have a choice whether they want to install these programs.In this paper, we discuss an ecological study of users installing five real world applications. In particular, we seek to understand the influence of the form and content of notices (e.g., EULAs) on user's installation decisions.Our study indicates that while notice is important, notice alone may not be enough to affect users' decisions to install an application. We found that users have limited understanding of EULA content and little desire to read lengthy notices. Users found short, concise notices more useful, and noticed them more often, yet they did not have a significant effect on installation for our population. When users were informed of the actual contents of the EULAs to which they agreed, we found that users often regret their installation decisions.We discovered that regardless of the bundled content, users will often install an application if they believe the utility is high enough. However, we discovered that privacy and security become important factors when choosing between two applications with similar functionality. Given two similar programs (e.g. KaZaA and Edonkey), consumers will choose the one they believe to be less invasive and more stable. We also found that providing vague information in EULAs and short notices can create an unwarranted impression of increased security. In these cases, it may be helpful to have a standardized format for assessing the possible options and trade-offs between applications.

查看原文本刊更多论文

阻止间谍软件在门口:隐私，通知和间谍软件的用户研究

间谍软件对大多数计算机用户来说是一个严重的问题。“间谍软件”一词宽泛地描述了一类新的计算机软件。这种类型的软件可以在线和离线跟踪用户活动，提供有针对性的广告和/或从事用户描述为侵入性或不受欢迎的其他类型的活动。虽然间谍软件问题的严重性有案可查，但最近的研究在解释导致间谍软件扩散的广泛用户行为方面只取得了有限的成功。与病毒和其他恶意代码不同，用户自己通常可以选择是否安装这些程序。在本文中，我们讨论了用户安装五个真实世界的应用程序的生态研究。特别是，我们试图理解通知(例如，eula)的形式和内容对用户安装决策的影响。我们的研究表明，虽然通知很重要，但通知本身可能不足以影响用户安装应用程序的决定。我们发现用户对EULA内容的理解有限，并且很少有意愿阅读冗长的声明。用户发现简短的通知更有用，并且更经常地注意到它们，但它们对我们的用户的安装没有显著影响。当用户被告知他们同意的eula的实际内容时，我们发现用户经常后悔他们的安装决定。我们发现，不管捆绑的内容是什么，如果用户认为实用程序足够高，他们通常会安装一个应用程序。然而，我们发现，在两个功能相似的应用程序之间进行选择时，隐私和安全性成为重要因素。如果有两个类似的程序(比如KaZaA和Edonkey)，消费者会选择他们认为侵入性更小、更稳定的那个。我们还发现，在eula和简短通知中提供模糊的信息可能会给人一种毫无根据的安全感增强的印象。在这些情况下，使用标准化的格式来评估应用程序之间可能的选项和权衡可能会有所帮助。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Symposium On Usable Privacy and Security

自引率

0.00%

发文量