Article

Stopping spyware at the gate: a user study of privacy, notice and spyware

Authors:

Joseph KonstanAuthors Info & Claims

SOUPS '05: Proceedings of the 2005 symposium on Usable privacy and security

Pages 43 - 52

https://doi.org/10.1145/1073001.1073006

Published: 06 July 2005 Publication History

Get Access

Abstract

Spyware is a significant problem for most computer users. The term "spyware" loosely describes a new class of computer software. This type of software may track user activities online and offline, provide targeted advertising and/or engage in other types of activities that users describe as invasive or undesirable.While the magnitude of the spyware problem is well documented, recent studies have had only limited success in explaining the broad range of user behaviors that contribute to the proliferation of spyware. As opposed to viruses and other malicious code, users themselves often have a choice whether they want to install these programs.In this paper, we discuss an ecological study of users installing five real world applications. In particular, we seek to understand the influence of the form and content of notices (e.g., EULAs) on user's installation decisions.Our study indicates that while notice is important, notice alone may not be enough to affect users' decisions to install an application. We found that users have limited understanding of EULA content and little desire to read lengthy notices. Users found short, concise notices more useful, and noticed them more often, yet they did not have a significant effect on installation for our population. When users were informed of the actual contents of the EULAs to which they agreed, we found that users often regret their installation decisions.We discovered that regardless of the bundled content, users will often install an application if they believe the utility is high enough. However, we discovered that privacy and security become important factors when choosing between two applications with similar functionality. Given two similar programs (e.g. KaZaA and Edonkey), consumers will choose the one they believe to be less invasive and more stable. We also found that providing vague information in EULAs and short notices can create an unwarranted impression of increased security. In these cases, it may be helpful to have a standardized format for assessing the possible options and trade-offs between applications.

References

[1]

Abrams, M., Eisenhauer, M. and Sotto, L. (2004) "Response to the FTC request for public comments in the Advance Notice of Proposed Rulemaking on Alternative Forms of Privacy Notices under the Gramm-Leach-Bliley Act", Center for Information Policy Leadership, March 2004. Available at: http://www.hunton.com/files/tbl_s47Details/FileUpload265/685/CIPL-Notices_ANPR_Comments_3.29.04.pdf]]

Abstract

References

Cited By

Index Terms

Recommendations

A Data-driven Characterization of Modern Android Spyware

A review of spyware campaigns and strategies to combat them

Noticing notice: a large-scale experiment on the timing of software license agreements

Comments

Information

Published In

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Acceptance Rates

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

Login options

Full Access

View options

PDF

eReader

Figures

Other

Share

Share this Publication link

Share on social media

Affiliations