[PET] Why Johnny Can’t Opt Out: A Usability Evaluation of Tools to Limit Online Behavioral Advertising

Matthijs R. Koot koot at uva.nl
Mon Nov 7 12:34:06 GMT 2011


CyLab's report "Why Johnny Can’t Opt Out: A Usability Evaluation of
Tools to Limit Online Behavioral Advertising" (October 2011) claims
usability (privacy-)flaws these systems:

- DAA Consumer Choice
- Evidon Global Opt-Out
- PrivacyMark
- Firefox 5 (privacy settings)
- IE 9 (privacy settings)
- IE 9 (Tracking Protection)
- Ghostery 2.5.3
- TACO 4.0
- Adblock Plus 1.3.9

The report is a great read and IMHO exemplary for what might be
published in a Journal Negative Results in Security and Privacy
(discussed earlier on this list). Its abstract:

"We present results of a 45-participant laboratory study investigating
the usability of tools to limit online behavioral advertising (OBA).We
tested nine tools, including tools that block access to advertising
websites, tools that set cookies indicating a user’s preference to opt
out of OBA, and privacy tools that are built directly into web browsers.
We interviewed participants about OBA, observed their behavior as they
installed and used a privacy tool, and recorded their perceptions and
attitudes about that tool. We found serious usability flaws in all nine
tools we examined. The online opt-out tools were challenging for users
to understand and configure. Users tend to be unfamiliar with most
advertising companies, and therefore are unable to make meaningful
choices. Users liked the fact that the browsers we tested had built-in
Do Not Track features, but were wary of whether advertising companies
would respect this preference. Users struggled to install and configure
blocking lists to make effective use of blocking tools. They often
erroneously concluded the tool they were using was blocking OBA when
they had not properly configured it to do so."

Lisa Vaas blogged about it on Sophos' Naked Security [2], unfortunately
choosing the poor title "Research Finds that Privacy Tools Don’t Work".

Matthijs

[1] http://www.cylab.cmu.edu/research/techreports/2011/tr_cylab11017.html
[2]
http://nakedsecurity.sophos.com/2011/11/07/research-finds-that-privacy-tools-don%E2%80%99t-work/


More information about the PET mailing list