Web Browser Privacy & Security
Download
Report
Transcript Web Browser Privacy & Security
08-534 Usability Privacy and Security
WEB BROWSER PRIVACY & SECURITY
Informed Consent in the Mozilla Browser:
Implementing Value-Sensitive Design
10/13/2009
Nan Li
Agenda
2
Value-Sensitive Design (VSD)
Criteria and issues of informed consent online
Redesign goals and strategies
Different prototypes and their evaluation
Usability test and results
Discussion
08-534 Usability Privacy and Security
10/13/2009
Value-Sensitive Design (VSD)
3
Tripartite methodology
WhatPhilosophically
is VSD? informed analyses
Conceptualthat accounts for human
VSD seeks to design technology
Investigation
values in a principled
and comprehensive manner
throughout the design process (Friedman, 1997).
Key features of VSD
Interactional
theory
Direct and indirect stakeholders
Tripartite methodology
Empirical
Investigation
Value oriented perceptions and experience
08-534 Usability Privacy and Security
Technical
Investigation
Technical design & mechanisms VS. Values
10/13/2009
Criteria of Informed Consent Online
4
“Informed”
Disclosure
Comprehension
“Consent”
Voluntariness
Competence
Agreement
Minimal Distraction
08-534 Usability Privacy and Security
10/13/2009
Issues of Informed Consent Online
6
Browsers do not disclose the right sort of information.
Preference settings are typically located in obscure
menu hierarchies.
The undue burden still falls to the user.
Users' 'out-of-the-box' experience of cookies (the
default setting) is no different than it was in 1995: to
accept all cookies.
No browser alerts a user.
08-534 Usability Privacy and Security
10/13/2009
Redesign Goals
7
Enhance users’ local understanding of discrete
cookie events as the events occur
Enhance users’ global understanding of the common
uses of cookie technology including potential
benefits and risks associated with those uses
Enhance users’ ability to manage cookies
Achieve design goals 1, 2 and 3 while minimizing
distraction for the user
08-534 Usability Privacy and Security
10/13/2009
Redesign Strategies
8
Iterative design, rapid prototyping, user evaluations
Enhancements to cookie manager tool
Additional cookie information
Peripheral awareness and just-in-time interventions
for cookie events
08-534 Usability Privacy and Security
10/13/2009
Prototype1 - The Gedanken prototype
9
Pros:
Aware of discrete
cookie-event
Automatically block a
website
Link a discrete cookie
even with ones already
identified
Facilitate cookies mgmt
Cons:
Lacked of adequate
awareness
Was short of intuitive
representation for
cookie classification
Fail to conceptual link
discrete cookies with a
global understanding
Prototype 2 - the Mozilla Cookie-Watcher
10
Pros:
the ability to link visual cues
for discrete cookie events
with the existing CookieManagement toolkit
the opportunity to present
persistent data about
recently set cookies
the ease with which a
focused user could ignore a
small visual representation
on the screen
Moving smoothly from
observation to management
greater flexibility and
expandability for
representing the cookie
classification scheme
Cons:
Cookie information tool
Prototype 3 - the Revised Mozilla Cookie-Watcher
11
Pros:
The
CookieInformation Dialog
Box
Color and
formatting in
cookie information
dialog box
Usability Study
12
Participants
8
(3 male, 5 female) between the ages of 20~30
University students who are experienced web users
Methods
Pre-session
semi-structured interview
30 minutes hands-on session + semi-structured interview
Post-session interview
08-534 Usability Privacy and Security
10/13/2009
Usability Study - Results
13
63% (5 participants) explored the tool on their own
37% (3) chose to close the tool to save screen space
25% (2) showed that they were short of knowledge about
cookies in the pre-session interview.
88% stated they would use the tool
Increased awareness of cookie events
More likely to understand benefits and risks of cookies
More easily make cookie management actions
More smoothly transfer from observation to management
08-534 Usability Privacy and Security
10/13/2009
Discussion
14
What the difficulties to implement just-in-time
interventions for cookie events? Any good ideas?
How to making proper decisions about the tradeoff
of privacy and functionality?
Who is better equipped to make the decision? The
user or the browser?
08-534 Usability Privacy and Security
10/13/2009
Questions?
15
Presentation content comes from papers
Informed
Consent in the Mozilla Browser: Implementing
Value-Sensitive Design
Value Sensitive Design as a Pattern
Informed Consent by Design (Chapter 24)
08-534 Usability Privacy and Security
10/13/2009