Internet privacy tools are confusing, ineffective for most people: report

Oct 31, 2011

Internet users who want to protect their privacy by stopping advertisers and other companies from tracking their online behavior will have great difficulty doing so with commonly available "opt-out" tools, researchers at Carnegie Mellon University report.

User testing found that options in popular browsers, as well as or plug-ins for blocking access by certain websites or otherwise opting out of tracking, were hard for the typical user to understand or to configure successfully.

"All nine of the tools we tested have serious usability flaws," said Lorrie Cranor, director of the CyLab Usable Privacy and Security Laboratory (CUPS). "We found that most people were confused by the instructions and had trouble installing or configuring the tools correctly," Cranor said. "Often, the settings they chose failed to protect their privacy as much as they expected, or to do anything at all."

The CUPS technical report, "Why Johnny Can't Opt Out," is available online at http://www.cylab.cmu.edu/research/techreports/2011/tr_cylab11017.html.

The growth of online behavioral advertising (OBA), which targets individuals with advertising based on their online activity, has caused some privacy advocates to press for regulations limiting the information companies can gather, or providing a dependable Do-Not-Track mechanism. For now, individuals concerned about their privacy must take steps on their own.

To assess the ability of non-technical individuals to protect themselves, the Carnegie Mellon researchers evaluated the on two popular browsers, Mozilla Firefox 5 and 9. They also tested three tools that set opt-out cookies that are supposed to prevent particular advertising networks from displaying ads to users: DAA , Evidon Global Opt-Out and PrivacyMark. And they tested four tools that are supposed to block certain sites from tracking the user at all: Ghostery 2.5.3, TACO 4.0, Adblock Plus 1.3.9 and Tracking Protection.

The researchers recruited 45 people without technical training who use the Internet frequently. Each person was interviewed and assigned tools to test based on their browser and operating system preferences.

The major findings:

  • Users can't distinguish between trackers. Users are unfamiliar with companies that track their behavior, so tools such as Ghostery and TACO that ask them to set opt-out or blocking preferences on a per-company basis are ineffective. Most users just set the same preferences for every company on a list.
  • Inappropriate defaults. One might assume that a user who downloads a privacy tool or visits an opt-out site intends to block tracking. But the default settings of these tools generally do not block tracking.
  • Communication problems. Information tends to be presented at levels that are either too simplistic to inform a user's decision, or too technical to be understood.
  • Need for feedback. Ghostery and TACO users received notifications on every website visited about what companies were attempting to track them and whether the trackers had been blocked. But most other tools provided little, if any, feedback, so users couldn't tell whether the opt-out was working or even what it meant to be opted out.
  • Users want protections that don't break things. Users weren't sure when the tools had caused parts of a website to stop working. Subscribing to a Tracking Protection List (TPL) that blocks most trackers except those necessary for sites to function can solve this problem. But participants were unaware of the need to select a TPL or didn't know how to choose one.
  • Unusable interfaces. Most tools suffered from major usability flaws. Several participants opted out of only one company on the DAA website, despite intending to opt out of all of them. Users did not understand AdBlock Plus' filtering rules. And none of the participants who tested IE Tracking Protection realized they needed to subscribe to TPLs until prompted later in the task.
"The status quo clearly is insufficient to empower people to protect their privacy from OBA companies," Cranor said. "A lot of effort is being put into creating these tools to help consumers, but it will all be wasted — and people will be left vulnerable — unless a greater emphasis is placed on usability."

In addition to Cranor, an associate professor of computer science and engineering and public policy, the authors include CyLab research scientist Yang Wang and Ph.D. students Pedro G. Leon, Blase Ur, Rebecca Balebako and Richard Shay. This research was supported by The Privacy Projects and the National Science Foundation.

Explore further: Britain's UKIP issues online rules after gaffes

add to favorites email to friend print save as pdf

Related Stories

They're watching you: Methods to block nosy Web advertisers

Oct 29, 2010

Virtually everything you do online is scrutinized by search engines and advertising networks that evaluate you as a potential customer based on what you search for, the sites you visit and the ads you see -- whether you click ...

Microsoft unveils new privacy feature for IE

Dec 07, 2010

An upcoming version of Microsoft Corp.'s Internet Explorer browser will let users add lists of sites that they don't want tracking them, a peace offering amid uproar over the sneaky ways that websites watch ...

US privacy groups welcome 'Do Not Track' bill

May 09, 2011

Privacy and consumer groups welcomed a "Do Not Track" bill introduced in the US Senate on Monday that would let Internet users block companies from gathering information about their online activities. ...

Apple, Google to attend hearing on mobile privacy

May 16, 2011

US lawmakers have invited Apple, Facebook and Google to attend a hearing on mobile phones and privacy on Thursday -- the second Capitol Hill appearance in a week for executives from Apple and Google.

Champions shaping up for browser battles

Feb 18, 2011

Google on Friday released a revved-up version of Chrome as rivals Microsoft and Mozilla beefed up their own champions for the competitive Internet browsing software arena.

Recommended for you

Britain's UKIP issues online rules after gaffes

18 hours ago

UK Independence Party (UKIP), the British anti-European Union party, has ordered a crackdown on the use of social media by supporters and members following a series of controversies.

Sony saga blends foreign intrigue, star wattage

18 hours ago

The hackers who hit Sony Pictures Entertainment days before Thanksgiving crippled the network, stole gigabytes of data and spilled into public view unreleased films and reams of private and sometimes embarrassing ...

Digital dilemma: How will US respond to Sony hack?

Dec 18, 2014

The detective work blaming North Korea for the Sony hacker break-in appears so far to be largely circumstantial, The Associated Press has learned. The dramatic conclusion of a Korean role is based on subtle ...

User comments : 2

Adjust slider to filter visible comments by rank

Display comments: newest first

wiyosaya
not rated yet Oct 31, 2011
I use AdBlock Plus, and even though I am a technical user, there were times that I found that determining the proper rule to use in AdBlock Plus to hide something was daunting; however, I recently discovered a great add-on for AdBlock Plus that could help the non-technical user with filtering rules. It is called "Element Hiding Helper." It is a big improvement, IMHO, over figuring out what you want to prevent and how to prevent it.

http://adblockplu...dehelper
Vendicar_Decarian
not rated yet Nov 01, 2011
I have a far simpler solution.

I presume that everything I do on line is tracked and logged.

Problem solved.

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.