Online Privacy Tools Too Complex To Be Effective

There is some bad news from Carnegie Mellon University (CMU) for Internet users concerned about effective management of their online privacy: the tools available do not appear to work all that well, researchers claim.

CMU analysts observed 45 participants using nine tools that supposedly limited online behavioural advertising or blocked access to online advertisements and found that protections are “fundamentally flawed”. CyLab researchers released the report Why Johnny Can’t Opt Out: A Usability Evaluation of Tools to Limit Online Behavioural Advertising on 31 October.

Privacy is an illusion

The tools examined in the report included Web browser plug-ins such as Ghostery, tools that rely on blacklists such as PrivacyMark and the privacy features embedded in the latest Web browsers such as Mozilla Firefox and Microsoft Internet Explorer. In most cases, users were unable to configure the tools properly, thus reducing their effectiveness, researchers found.

“We found serious usability flaws in all nine tools we examined,” CMU CyLab researchers wrote in the report. The online tools were challenging to understand and configure. As a result users were “unable to make meaningful choices”, researchers found.

Users struggled to install and manage blocking lists and often thought just having the tools was enough to block online behavioural advertising, not realising they were disabled by default and had to be configured first, the report said.

A participant spent 47 minutes going through all the opt-out instructions for one tool, which were available only in Japanese, said Lorrie Cranor, director of CyLab, on an American Public Media podcast.

Another tool included in the study, Taco, required a user to configure Targeted Ad Networks, Web Trackers and Cookies.

Confused privacy seekers

The difference between the categories were not explained, most users “tend to be unfamiliar”, with how advertising companies work, researchers said. The user had to click on three separate buttons that originally did not appear to be clickable to enable blocking, according to the report. None of the study’s participants managed to block all 630 targets the tool claims to be able to block.

“You may well have thought that Facebook’s privacy controls are unfathomable. These privacy tools, including the settings on common browsers Internet Explorer and Firefox, are torturous,” wrote Lisa Vaas, on the Naked Security blog for Sophos.

Users liked the fact that browsers had built-in Do Not Track features, but were “wary” of whether the advertising companies would actually respect the setting, the report found. Internet Explorer 9 also provides a “privacy slider” for users to adjust the level of privacy protection, but it was not clear to the study participants what “low”, “medium”, and “high” meant in terms or what was blocked, the survey found.

Internet users are increasingly becoming concerned about online privacy in light of data breaches, aggressive data collection by Web companies and reports of the government tracking user behaviour and activity online.

Majority hate tracking

CMU’s CyLab found in a 2009 study that if given a choice, 87 percent of Americans “definitely would not” or “probably would not” allow advertisers to track them online, even if the data collected was anonymised. The researchers in that study found that 64 percent of the respondents found the idea of targeted ads invasive.

Many Web companies and marketing professionals have resisted attempts by the government to regulate online tracking and proposed industry-led mechanisms. A blanket opt-out, included in various privacy and “do-not-track” bills currently making rounds in Congress, would impede innovation and the company’s ability to individually tailor services for their customers, according to Steve Minichini, president of interactive at media agency TargetCast.

The industry is “policing itself”, and the government should not try to dictate how to handle consumer preferences, Minichini told eWEEK earlier this year. A government-enforced legislation was “unnecessary” and would be “too restrictive”, he said.

However, CMU researchers concluded that users were getting incomplete protection, if any, against Web sites and online advertisers intent on tracking user behaviour using these industry-led tools.

Fahmida Y Rashid eWEEK USA 2014. Ziff Davis Enterprise Inc. All Rights Reserved.

Share
Published by
Fahmida Y Rashid eWEEK USA 2014. Ziff Davis Enterprise Inc. All Rights Reserved.

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

3 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

3 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

3 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

3 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

3 days ago