Stopping spyware at the gate: a user study of privacy, notice and spyware

Authors:
Nathaniel Good;Rachna Dhamija;Jens Grossklags;David Thaw;Steven Aronowitz;Deirdre Mulligan;Joseph Konstan
Affiliations:
School of Information Management and Systems, UC Berkeley, Berkeley, CA;School of Information Management and Systems, UC Berkeley, Berkeley, CA;School of Information Management and Systems, UC Berkeley, Berkeley, CA;School of Information Management and Systems, UC Berkeley, Berkeley, CA;UC Berkeley, Berkeley, CA;UC Berkeley, Berkeley, CA;University of Minnesota, Minneapolis, MN
Venue:
SOUPS '05 Proceedings of the 2005 symposium on Usable privacy and security
Year:
2005

Citing 9
Cited 27

E-privacy in 2nd generation E-commerce: privacy preferences versus actual behavior

Proceedings of the 3rd ACM conference on Electronic Commerce
Privacy critics: UI components to safeguard users' privacy

CHI '99 Extended Abstracts on Human Factors in Computing Systems
Usability and privacy: a study of Kazaa P2P file-sharing

Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Moticons: detection, distraction and task

International Journal of Human-Computer Studies - Notification user interfaces
Preparing to resume an interrupted task: effects of prospective goal encoding and retrospective rehearsal

International Journal of Human-Computer Studies - Notification user interfaces
An approach to usable security based on event monitoring and visualization

Proceedings of the 2002 workshop on New security paradigms
Privacy policies as decision-making tools: an evaluation of online privacy notices

Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Privacy and Rationality in Individual Decision Making

IEEE Security and Privacy
Scope: providing awareness of multiple notifications at a glance

Proceedings of the Working Conference on Advanced Visual Interfaces

The battle against phishing: Dynamic Security Skins

SOUPS '05 Proceedings of the 2005 symposium on Usable privacy and security
Secrecy, flagging, and paranoia: adoption criteria in encrypted email

Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Doppelganger: Better browser privacy without the bother

Proceedings of the 13th ACM conference on Computer and communications security
Noticing notice: a large-scale experiment on the timing of software license agreements

Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
End-user privacy in human-computer interaction

Foundations and Trends in Human-Computer Interaction
Automated Spyware Collection and Analysis

ISC '09 Proceedings of the 12th International Conference on Information Security
Malicious interface design: exploiting the user

Proceedings of the 19th international conference on World wide web
WSKE: web server key enabled cookies

FC'07/USEC'07 Proceedings of the 11th International Conference on Financial cryptography and 1st International conference on Usable Security
Empirical studies on software notices to inform policy makers and usability designers

FC'07/USEC'07 Proceedings of the 11th International Conference on Financial cryptography and 1st International conference on Usable Security
Textured agreements: re-envisioning electronic consent

Proceedings of the Sixth Symposium on Usable Privacy and Security
A billion keys, but few locks: the crisis of web single sign-on

Proceedings of the 2010 workshop on New security paradigms
Enhancing the social issues components in our computing curriculum: computing for the social good

ACM Inroads
Enhancing the Social Issues Components in our Computing Curriculum: Computing for the Social Good

Proceedings of the 2010 ITiCSE working group reports
ConsentCanvas: automatic texturing for improved readability in End-User License Agreements

HLT-SS '11 Proceedings of the ACL 2011 Student Session
A survey on privacy in mobile participatory sensing applications

Journal of Systems and Software
A new look at software piracy: Soft lifting primes an inauthentic sense of self, prompting further unethical behavior

International Journal of Human-Computer Studies
The security cost of cheap user interaction

Proceedings of the 2011 workshop on New security paradigms workshop
It's all about the benjamins: an empirical study on incentivizing users to ignore security advice

FC'11 Proceedings of the 15th international conference on Financial Cryptography and Data Security
Measuring user confidence in smartphone security and privacy

Proceedings of the Eighth Symposium on Usable Privacy and Security
Expectation and purpose: understanding users' mental models of mobile app privacy through crowdsourcing

Proceedings of the 2012 ACM Conference on Ubiquitous Computing
How to ask for permission

HotSec'12 Proceedings of the 7th USENIX conference on Hot Topics in Security
Accepting the inevitable: factoring the user into home computer security

Proceedings of the third ACM conference on Data and application security and privacy
An online experiment of privacy authorization dialogues for social applications

Proceedings of the 2013 conference on Computer supported cooperative work
Categorised ethical guidelines for large scale mobile HCI

Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Privacy as part of the app decision-making process

Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Taking data exposure into account: how does it affect the choice of sign-in accounts?

Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Creepy but inevitable?: the evolution of social networking

Proceedings of the 17th ACM conference on Computer supported cooperative work & social computing

Quantified Score

Hi-index	0.00

Visualization

Abstract

Spyware is a significant problem for most computer users. The term "spyware" loosely describes a new class of computer software. This type of software may track user activities online and offline, provide targeted advertising and/or engage in other types of activities that users describe as invasive or undesirable.While the magnitude of the spyware problem is well documented, recent studies have had only limited success in explaining the broad range of user behaviors that contribute to the proliferation of spyware. As opposed to viruses and other malicious code, users themselves often have a choice whether they want to install these programs.In this paper, we discuss an ecological study of users installing five real world applications. In particular, we seek to understand the influence of the form and content of notices (e.g., EULAs) on user's installation decisions.Our study indicates that while notice is important, notice alone may not be enough to affect users' decisions to install an application. We found that users have limited understanding of EULA content and little desire to read lengthy notices. Users found short, concise notices more useful, and noticed them more often, yet they did not have a significant effect on installation for our population. When users were informed of the actual contents of the EULAs to which they agreed, we found that users often regret their installation decisions.We discovered that regardless of the bundled content, users will often install an application if they believe the utility is high enough. However, we discovered that privacy and security become important factors when choosing between two applications with similar functionality. Given two similar programs (e.g. KaZaA and Edonkey), consumers will choose the one they believe to be less invasive and more stable. We also found that providing vague information in EULAs and short notices can create an unwarranted impression of increased security. In these cases, it may be helpful to have a standardized format for assessing the possible options and trade-offs between applications.