Stopping Spyware at the Gate: A User Study of Privacy, Notice and Spyware

Stopping Spyware at the Gate: A User Study of Privacy, Notice and Spyware
Nathaniel Good, Rachna Dhamija, Jens Grossklags, David Thaw, Steven Aronowitz, Deirdre Mulligan, Joseph Konstan

Citation
Nathaniel Good, Rachna Dhamija, Jens Grossklags, David Thaw, Steven Aronowitz, Deirdre Mulligan, Joseph Konstan. "Stopping Spyware at the Gate: A User Study of Privacy, Notice and Spyware". Symposium On Usable Privacy and Security (SOUPS) 2005, Lorrie Faith Cranor (ed.), Symposium On Usable Privacy and Security (SOUPS), July, 2005.

Abstract
Spyware is a significant problem for most computer users. The term 'spyware' loosely describes a new class of computer software. This type of software may track user activities online and offline, provide targeted advertising and/or engage in other types of activities that users describe as invasive or undesirable. While the magnitude of the spyware problem is well documented recent studies have had only limited success in explaining the broad range of user behaviors that contribute to the proliferation of spyware. As opposed to viruses and other malicious code, users themselves often have a choice whether they want to install these programs. In this paper, we discuss an ecological study of users installing five real world applications in an ecological study. In particular, we seek to understand the influence of the form and content of notices (e.g., EULAs) on user's installation decisions. Our study indicates that while notice is important, notice alone may not have a strong effect on users' decisions to install an application. We found that users have limited understanding of EULA content and little desire to read lengthy notices. When users were informed of the actual contents of the EULAs to which they agreed, we found that users often regret their installation decisions. We discovered that regardless of the bundled content, users will often install an application if they believe the utility is high enough. However, we also found that the relative privacy afforded by software programs is important to users. Given two programs with similar functionality (e.g, KaZaA and Edonkey), consumers will choose the one they believe to be less invasive and more stable. We also found that providing vague information in EULAs and short notices can create an unwarranted impression of increased security. Our results point to a new way to present and educate users about privacy. By providing users with a standard format for assessing the possible options and trade-offs between applications, we can help them to make choices that more adequately reflect their desires and privacy preferences.

Electronic downloads

http://cups.cs.cmu.edu/soups/2005/2005proceedings/p43-good.pdf

Citation formats

HTML

Nathaniel Good, Rachna Dhamija, Jens Grossklags, David Thaw,
Steven Aronowitz, Deirdre Mulligan, Joseph Konstan. <a
href="http://www.truststc.org/pubs/63.html"
>Stopping Spyware at the Gate:  A User Study of Privacy,
Notice and Spyware</a>, Symposium On Usable Privacy
and Security (SOUPS) 2005, Lorrie Faith Cranor (ed.),
Symposium On Usable Privacy and Security (SOUPS), July, 2005.

Plain text

Nathaniel Good, Rachna Dhamija, Jens Grossklags, David Thaw,
Steven Aronowitz, Deirdre Mulligan, Joseph Konstan.
"Stopping Spyware at the Gate:  A User Study of
Privacy, Notice and Spyware". Symposium On Usable
Privacy and Security (SOUPS) 2005, Lorrie Faith Cranor
(ed.), Symposium On Usable Privacy and Security (SOUPS),
July, 2005.

BibTeX

@inproceedings{GoodDhamijaGrossklagsThawAronowitzMulliganKonstan05_StoppingSpywareAtGateUserStudyOfPrivacyNoticeSpyware,
    author = {Nathaniel Good, Rachna Dhamija, Jens Grossklags,
              David Thaw, Steven Aronowitz, Deirdre Mulligan,
              Joseph Konstan},
    title = {Stopping Spyware at the Gate:  A User Study of
              Privacy, Notice and Spyware},
    booktitle = {Symposium On Usable Privacy and Security (SOUPS)
              2005},
    editor = {Lorrie Faith Cranor},
    organization = {Symposium On Usable Privacy and Security (SOUPS)},
    month = {July},
    year = {2005},
    abstract = {Spyware is a significant problem for most computer
              users. The term 'spyware' loosely describes a new
              class of computer software. This type of software
              may track user activities online and offline,
              provide targeted advertising and/or engage in
              other types of activities that users describe as
              invasive or undesirable. While the magnitude of
              the spyware problem is well documented recent
              studies have had only limited success in
              explaining the broad range of user behaviors that
              contribute to the proliferation of spyware. As
              opposed to viruses and other malicious code, users
              themselves often have a choice whether they want
              to install these programs. In this paper, we
              discuss an ecological study of users installing
              five real world applications in an ecological
              study. In particular, we seek to understand the
              influence of the form and content of notices
              (e.g., EULAs) on user's installation decisions.
              Our study indicates that while notice is
              important, notice alone may not have a strong
              effect on users' decisions to install an
              application. We found that users have limited
              understanding of EULA content and little desire to
              read lengthy notices. When users were informed of
              the actual contents of the EULAs to which they
              agreed, we found that users often regret their
              installation decisions. We discovered that
              regardless of the bundled content, users will
              often install an application if they believe the
              utility is high enough. However, we also found
              that the relative privacy afforded by software
              programs is important to users. Given two programs
              with similar functionality (e.g, KaZaA and
              Edonkey), consumers will choose the one they
              believe to be less invasive and more stable. We
              also found that providing vague information in
              EULAs and short notices can create an unwarranted
              impression of increased security. Our results
              point to a new way to present and educate users
              about privacy. By providing users with a standard
              format for assessing the possible options and
              trade-offs between applications, we can help them
              to make choices that more adequately reflect their
              desires and privacy preferences.},
    URL = {http://www.truststc.org/pubs/63.html}
}

Posted by Deirdre Mulligan on 17 Apr 2006.
For additional information, see the Publications FAQ or contact webmaster at www truststc org.

Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright.