Transcript Web Browser Privacy & Security

08-534 Usability Privacy and Security
WEB BROWSER PRIVACY & SECURITY
Informed Consent in the Mozilla Browser:
Implementing Value-Sensitive Design
10/13/2009
Nan Li
Agenda
2






Value-Sensitive Design (VSD)
Criteria and issues of informed consent online
Redesign goals and strategies
Different prototypes and their evaluation
Usability test and results
Discussion
08-534 Usability Privacy and Security
10/13/2009
Value-Sensitive Design (VSD)
3

Tripartite methodology
WhatPhilosophically
is VSD? informed analyses
Conceptualthat accounts for human
VSD seeks to design technology
Investigation
values in a principled
and comprehensive manner
throughout the design process (Friedman, 1997).

Key features of VSD
 Interactional
theory
 Direct and indirect stakeholders
 Tripartite methodology
Empirical
Investigation
Value oriented perceptions and experience
08-534 Usability Privacy and Security
Technical
Investigation
Technical design & mechanisms VS. Values
10/13/2009
Criteria of Informed Consent Online
4

“Informed”
 Disclosure
 Comprehension

“Consent”
 Voluntariness
 Competence
 Agreement

Minimal Distraction
08-534 Usability Privacy and Security
10/13/2009
Issues of Informed Consent Online
6





Browsers do not disclose the right sort of information.
Preference settings are typically located in obscure
menu hierarchies.
The undue burden still falls to the user.
Users' 'out-of-the-box' experience of cookies (the
default setting) is no different than it was in 1995: to
accept all cookies.
No browser alerts a user.
08-534 Usability Privacy and Security
10/13/2009
Redesign Goals
7




Enhance users’ local understanding of discrete
cookie events as the events occur
Enhance users’ global understanding of the common
uses of cookie technology including potential
benefits and risks associated with those uses
Enhance users’ ability to manage cookies
Achieve design goals 1, 2 and 3 while minimizing
distraction for the user
08-534 Usability Privacy and Security
10/13/2009
Redesign Strategies
8




Iterative design, rapid prototyping, user evaluations
Enhancements to cookie manager tool
Additional cookie information
Peripheral awareness and just-in-time interventions
for cookie events
08-534 Usability Privacy and Security
10/13/2009
Prototype1 - The Gedanken prototype
9


Pros:
 Aware of discrete
cookie-event
 Automatically block a
website
 Link a discrete cookie
even with ones already
identified
 Facilitate cookies mgmt
Cons:
 Lacked of adequate
awareness
 Was short of intuitive
representation for
cookie classification
 Fail to conceptual link
discrete cookies with a
global understanding
Prototype 2 - the Mozilla Cookie-Watcher
10


Pros:
 the ability to link visual cues
for discrete cookie events
with the existing CookieManagement toolkit
 the opportunity to present
persistent data about
recently set cookies
 the ease with which a
focused user could ignore a
small visual representation
on the screen
 Moving smoothly from
observation to management
 greater flexibility and
expandability for
representing the cookie
classification scheme
Cons:
 Cookie information tool
Prototype 3 - the Revised Mozilla Cookie-Watcher
11

Pros:
 The
CookieInformation Dialog
Box
 Color and
formatting in
cookie information
dialog box
Usability Study
12

Participants
8
(3 male, 5 female) between the ages of 20~30
 University students who are experienced web users

Methods
 Pre-session
semi-structured interview
 30 minutes hands-on session + semi-structured interview
 Post-session interview
08-534 Usability Privacy and Security
10/13/2009
Usability Study - Results
13


63% (5 participants) explored the tool on their own
37% (3) chose to close the tool to save screen space






25% (2) showed that they were short of knowledge about
cookies in the pre-session interview.
88% stated they would use the tool
Increased awareness of cookie events
More likely to understand benefits and risks of cookies
More easily make cookie management actions
More smoothly transfer from observation to management
08-534 Usability Privacy and Security
10/13/2009
Discussion
14



What the difficulties to implement just-in-time
interventions for cookie events? Any good ideas?
How to making proper decisions about the tradeoff
of privacy and functionality?
Who is better equipped to make the decision? The
user or the browser?
08-534 Usability Privacy and Security
10/13/2009
Questions?
15

Presentation content comes from papers
 Informed
Consent in the Mozilla Browser: Implementing
Value-Sensitive Design
 Value Sensitive Design as a Pattern
 Informed Consent by Design (Chapter 24)
08-534 Usability Privacy and Security
10/13/2009