Team for Research in
Ubiquitous Secure Technology

Stopping Spyware at the Gate: A User Study of Privacy, Notice and Spyware
Nathaniel Good, Rachna Dhamija, Jens Grossklags, David Thaw, Steven Aronowitz, Deirdre Mulligan, Joseph Konstan

Citation
Nathaniel Good, Rachna Dhamija, Jens Grossklags, David Thaw, Steven Aronowitz, Deirdre Mulligan, Joseph Konstan. "Stopping Spyware at the Gate: A User Study of Privacy, Notice and Spyware". Symposium On Usable Privacy and Security (SOUPS) 2005, Lorrie Faith Cranor (ed.), Symposium On Usable Privacy and Security (SOUPS), July, 2005.

Abstract
Spyware is a significant problem for most computer users. The term 'spyware' loosely describes a new class of computer software. This type of software may track user activities online and offline, provide targeted advertising and/or engage in other types of activities that users describe as invasive or undesirable. While the magnitude of the spyware problem is well documented recent studies have had only limited success in explaining the broad range of user behaviors that contribute to the proliferation of spyware. As opposed to viruses and other malicious code, users themselves often have a choice whether they want to install these programs. In this paper, we discuss an ecological study of users installing five real world applications in an ecological study. In particular, we seek to understand the influence of the form and content of notices (e.g., EULAs) on user's installation decisions. Our study indicates that while notice is important, notice alone may not have a strong effect on users' decisions to install an application. We found that users have limited understanding of EULA content and little desire to read lengthy notices. When users were informed of the actual contents of the EULAs to which they agreed, we found that users often regret their installation decisions. We discovered that regardless of the bundled content, users will often install an application if they believe the utility is high enough. However, we also found that the relative privacy afforded by software programs is important to users. Given two programs with similar functionality (e.g, KaZaA and Edonkey), consumers will choose the one they believe to be less invasive and more stable. We also found that providing vague information in EULAs and short notices can create an unwarranted impression of increased security. Our results point to a new way to present and educate users about privacy. By providing users with a standard format for assessing the possible options and trade-offs between applications, we can help them to make choices that more adequately reflect their desires and privacy preferences.

Electronic downloads

Citation formats  
  • HTML
    Nathaniel Good, Rachna Dhamija, Jens Grossklags, David Thaw,
    Steven Aronowitz, Deirdre Mulligan, Joseph Konstan. <a
    href="http://www.truststc.org/pubs/63.html"
    >Stopping Spyware at the Gate:  A User Study of Privacy,
    Notice and Spyware</a>, Symposium On Usable Privacy
    and Security (SOUPS) 2005, Lorrie Faith Cranor (ed.),
    Symposium On Usable Privacy and Security (SOUPS), July, 2005.
  • Plain text
    Nathaniel Good, Rachna Dhamija, Jens Grossklags, David Thaw,
    Steven Aronowitz, Deirdre Mulligan, Joseph Konstan.
    "Stopping Spyware at the Gate:  A User Study of
    Privacy, Notice and Spyware". Symposium On Usable
    Privacy and Security (SOUPS) 2005, Lorrie Faith Cranor
    (ed.), Symposium On Usable Privacy and Security (SOUPS),
    July, 2005.
  • BibTeX
    @inproceedings{GoodDhamijaGrossklagsThawAronowitzMulliganKonstan05_StoppingSpywareAtGateUserStudyOfPrivacyNoticeSpyware,
        author = {Nathaniel Good, Rachna Dhamija, Jens Grossklags,
                  David Thaw, Steven Aronowitz, Deirdre Mulligan,
                  Joseph Konstan},
        title = {Stopping Spyware at the Gate:  A User Study of
                  Privacy, Notice and Spyware},
        booktitle = {Symposium On Usable Privacy and Security (SOUPS)
                  2005},
        editor = {Lorrie Faith Cranor},
        organization = {Symposium On Usable Privacy and Security (SOUPS)},
        month = {July},
        year = {2005},
        abstract = {Spyware is a significant problem for most computer
                  users. The term 'spyware' loosely describes a new
                  class of computer software. This type of software
                  may track user activities online and offline,
                  provide targeted advertising and/or engage in
                  other types of activities that users describe as
                  invasive or undesirable. While the magnitude of
                  the spyware problem is well documented recent
                  studies have had only limited success in
                  explaining the broad range of user behaviors that
                  contribute to the proliferation of spyware. As
                  opposed to viruses and other malicious code, users
                  themselves often have a choice whether they want
                  to install these programs. In this paper, we
                  discuss an ecological study of users installing
                  five real world applications in an ecological
                  study. In particular, we seek to understand the
                  influence of the form and content of notices
                  (e.g., EULAs) on user's installation decisions.
                  Our study indicates that while notice is
                  important, notice alone may not have a strong
                  effect on users' decisions to install an
                  application. We found that users have limited
                  understanding of EULA content and little desire to
                  read lengthy notices. When users were informed of
                  the actual contents of the EULAs to which they
                  agreed, we found that users often regret their
                  installation decisions. We discovered that
                  regardless of the bundled content, users will
                  often install an application if they believe the
                  utility is high enough. However, we also found
                  that the relative privacy afforded by software
                  programs is important to users. Given two programs
                  with similar functionality (e.g, KaZaA and
                  Edonkey), consumers will choose the one they
                  believe to be less invasive and more stable. We
                  also found that providing vague information in
                  EULAs and short notices can create an unwarranted
                  impression of increased security. Our results
                  point to a new way to present and educate users
                  about privacy. By providing users with a standard
                  format for assessing the possible options and
                  trade-offs between applications, we can help them
                  to make choices that more adequately reflect their
                  desires and privacy preferences.},
        URL = {http://www.truststc.org/pubs/63.html}
    }
    

Posted by Deirdre Mulligan on 17 Apr 2006.
For additional information, see the Publications FAQ or contact webmaster at www truststc org.

Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright.