PrivacyPoor design and usability issues make leading online privacy management tools ineffective, according to researchers at CMU’s Cylab. The report said the results suggest that the current system of industry-led opt out protections is “fundamentally flawed.”

The report, “Why Johnny Can’t Opt Out: A Usability Evaluation of Tools to Limit Online Behavioral Advertising” was released October 31. In it, the researchers observed 45 test subjects using nine tools that are supposed to limit online behavioral advertising or block access to advertising Web sites.

The tools included Web browser plug ins like Ghostery, black listing tools like PrivacyMark and browser privacy features in the latest editions of the Mozilla Firefox and Microsoft Internet Explorer Web browsers. In most cases, the researchers found, users struggled with one or more aspects of the tool in ways that reduced their effectiveness.

Blacklisting tools, for example, require users to choose from among lists of online advertising providers that most users are unfamiliar with. When it comes to browser privacy features, the researchers found, privacy settings designed to block cookies or tracking were either too simplistic or too technical. For example, the IE9 browser provides a “privacy slider” to adjust the level of privacy protection, but doesn’t explain what types of actions each level (“low,” “medium,” “high”) correspond to. Plug-ins like those from Ghostery and TACO, in contrast, use mostly technical references to different types of content (“iFrame” vs. “script” vs. “Silverlight Cookie”) that only the most technical users can distinguish between, the report found.

Finally, many of the blocking features of browsers and even add-on tools and plugins are disabled by default, requiring users to take additional steps to enable and configure them. However, many users assume (wrongly) that merely downloading and installing the tool provides default protection.

The result of all these factors is spotty protection – if any – against Web sites and advertising firms that want to track Internet users’ behavior online. That’s especially dangerous when combined with an increased expectation of privacy among users who have downloaded or enabled privacy features.

Online privacy has become a major concern in the wake of highly publicized data breaches, reports about lax security practices among onlne advertisers, and the increasing surveillance of online activity by governments. 

Categories: Microsoft, Social Engineering, Web Security

Comments (2)

  1. Joy
    1

    It is disturbing to say the least that tracking online behaviour is so easy. Often times a small comment on facebook will change the advertisements on the side to reflect something similar to what you were talking about. I can understand how a site like Amazon uses it within itself to see what you looked at and then encourage you to look at other similar items. But when browsing the web, I like to have the say on what of my own information is going out. Thanks for the warnings.

    Joy

     

     http://www.morethanalive.com/Diatomaceous-Earth-Food-Grade-Powder

Comments are closed.