Section 25.6. Generalizing Our Approach


25.6. Generalizing Our Approach

So far, we have focused on addressing the privacy management challenges that web site cookies pose. There are, however, numerous other domains where users would benefit from using social processes to manage their privacy. In this section, we generalize our approach and describe its necessary components; in the process of this generalization, we discuss how social processes could be used to address another privacy problem: adware and spyware.

Advertiser-supported software, or adware, is software that displays advertisements while running; revenue from the advertisements goes to the software's developers. Because the ads displayed by adware may use cookies, adware poses the same privacy risks as traditional cookies do. In fact, often adware is simply a web browser add-on that displays unwanted pop-up windows.

Spyware is software that gathers and transmits information about a user to an external party unbeknownst to, and without the consent of, the software's user; often, the external party is a marketing company. Of course, spyware presents privacy risks to users, as it is designed to invade users' privacy.

Adware and spyware are overlapping categories of software. Adware can be spyware; spyware need not be adware; and often spyware is bundled and installed with other software. Many users object to adware and spyware because such software violates their privacy, and hence adware and spyware often go to great lengths to hide how and when they collect information about users. The privacy management problem that users face, then, is distinguishing adware and spyware from other software on their computer and on the Internet, and deciding whether to install or uninstall a piece of software.

Existing tools that detect and remove adware and spyware, such as AdAware [27] and Spyware Eliminator ,[28] are often effective but are also limited in some respects. These tools are not always able to recognize and remove the most current adware and spyware. In addition, using an adware/spyware removal program requires that the user trust the program's categorizations of adware and spyware. However, research has shown that people respond to and make more use of personal, concrete information than they do abstract information.[29] A privacy management system that employs social processes can be used to address these weaknesses. Such a system is likely to be more dynamic than other adware/spyware removal tools; the system would also leverage concrete information.

[27] Lavasoft AdAware software; http://www.lavasoftusa.com/software/adaware/.

[28] Alaria Spyware Eliminator software; http://www.aluriasoftware.com/homeproducts/spyware/.

[29] Eugene Borigda and Richard E. Nisbett, "The differential impact of abstract and concrete information on decisions," Journal of Applied Social Psychology 7:3, 258-271.

25.6.1. Four Key Questions for a Privacy Management System

Four key questions must be addressed when building a privacy management system that uses social processes. The answers to these questions will significantly influence both the system's architecture and how useful users find the system. These questions are:

  1. What data will the system collect? The collected data must be useful to users when they are managing their privacy. Moreover, it is important to be mindful of the tradeoffs between collecting implicit data and collecting explicit data.

  2. Where and how will the data be stored? Data can be stored on a user's computer or it can reside in a central database; it is easier to aggregate data that is stored in a database, but there are security concerns when using a single, remote data store.

  3. When will the system display its data? Ideally, the system will display the data only when the user is managing his privacy, although attaining this ideal is rarely possible.

  4. How will the system display its data? Data can be displayed in raw form, reflecting the data exactly as it was captured; it can also be transformed or visualized in order to abstract details away and make the data easier to understand.

25.6.2. Sketching a System Design

Using these four questions, we can sketch the design for a system that will help end users identify adware and spyware and determine whether to install or uninstall a piece of software.

Data that may be useful to users for this management activity is likely best conceptualized as focused around a piece of software. For a particular piece of software, then, useful implicit data might be (a) how many people have installed and currently use the software? (b) how many people have installed and then uninstalled the software? Other information, such as how long, on average, users have had the software installed, may be useful as well. Explicit information that would be useful includes (a) why did people uninstall the software and (b) why did some people consider installing the software but choose not to?

Note that the implicit data is a surrogate for the information that we wantnamely, whether users want a piece of software on their computer. While there are many reasons that a user would uninstall software from their computer, adware and spyware, over time, are likely to have a higher uninstall rate than other software. It is also important not to underestimate people's social intelligence.

People are often able to make informed judgments on the basis of ambiguous, implicit information; people also often use such information as a starting point, using the information to indicate which software might be of concern and then using other sources of information to determine whether to install/uninstall it. Thus, explicit information, while useful, is not always needed for users to employ social processes.

It is important not to overlook the technological and social challenges of obtaining this information. In order to collect this information, it is necessary to write and install code on users' computers that listens for when a user installs or uninstalls software; moreover, the code must be able to transmit this information to the data store. Implementing these behaviors may be difficult.

Obtaining explicit data is largely dependent on users' motivation. We can infer that some users, upset about the ads displayed by an adware program or alarmed by the data a spyware program is collecting, will want to share their experiences. Many users, however, will not take the time to provide explicit data to the system. Consequently, the system must be useful even in the absence of explicit data.

A central database is the most straightforward solution for storing user data. While there are security concerns about storing data in one location, this is a popular and robust method for housing data. An alternative to a central database is distributed hash tables[30] (DHT), which facilitate storage of data across multiple servers; DHTs ensure that a single security breach cannot compromise all the system's data.

[30] Antony Rowstron and Peter Druschel, "Storage Management and Caching in PAST, a Large-Scale, Persistent Peer-to-Peer Storage Utility," Proceedings of 2001 Conference on Operating Systems Principles (2001), 188201.

Regardless of where the data is actually stored, it may be useful to enable users to employ conceptually different databases. For example, there might be a database for a particular organization and another one for the general population; we assume that the data in the organization's database would better reflect the organization's views than the data in the general database. An individual in the organization could choose which database to use and may want to compare data in the databases.

There are obvious instances during which the system should display its data. When a user is installing or uninstalling a piece of software, the system should display its data about the software. However, the system should also make its data available to users when they are browsing the Internet and considering whether to install a piece of shareware (software that is free to try, but further use must be paid for) or freeware (free software). In these instances, it makes sense to develop a web-based, searching interface to the system, such as a toolbar or other browser add-on, that makes it simple for users to find the system's data about a piece of software.

We recommend following the well-known information visualization principle "overview, zoom/filter, detail on demand"[31] when creating an interface to display the system's data. The interface should use simple, iconic representations to provide an overview of the data; using colors and shapes is an effective mechanism for summarizing the data. A red-yellow-green color motif may be a good way to indicate whether the majority of users have installed or uninstalled a piece of software. The iconic representation should be interactive, enabling users to zoom in and obtain more details about the software, such as how many users have the software installed versus the number who have uninstalled it. Filtering may be useful to support as well; for example, a user may want to see data from only the last month rather than all data.

[31] Christopher Ahlberg and Ben Shneiderman, "Visual Information Seeking: Tight Coupling of Dynamic Query Filters with Starfield Displays," Proceedings of 1994 Conference on Human Factors in Computing Systems (1994), 313317.



Security and Usability. Designing Secure Systems that People Can Use
Security and Usability: Designing Secure Systems That People Can Use
ISBN: 0596008279
EAN: 2147483647
Year: 2004
Pages: 295

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net