[PET] Why Johnny Can’t Opt Out: A Usability Evaluation of Tools to Limit Online Behavioral Advertising

Wright, Matthew mwright at cse.uta.edu
Tue Nov 15 04:04:12 GMT 2011

A few random thoughts, since I have them:

Some people like OBA, but many do not. The web is pervasive -- it's not avoidable in modern life. It's socially very hard to say "I can't go to that site because it uses OBA." Opt out should be available. I'm sure someone on here has a stronger rationale.

Making profits: 

1. show non-targeted ads, which can make a pretty darn good guess based on the content being viewed. That's how TV works (and most other forms of ads).

2. Offer some value for opting in if it's that critical to profits. This kind of thing is not expensive to get from most people. We see a version of this today: register w/ your email address to get access to this content.

"The norm":

Most people aren't really aware. Even if they know something like that could go on, the extent and detail would probably surprise them. 


On Nov 8, 2011, at 2:06 PM, <yannye at gmail.com> wrote:

> Hi Matthijs,
> Do you think OBA is a hindrance to technology or is it becomes a norm nowadays. If not, how website will make profits. IMHO, to should be better way of handling this from the user perspectives.
> Regards,
> Imran
> PhD researcher,
> On 7 Nov 2011, at 12:34, "Matthijs R. Koot" <koot at uva.nl> wrote:
>> CyLab's report "Why Johnny Can’t Opt Out: A Usability Evaluation of
>> Tools to Limit Online Behavioral Advertising" (October 2011) claims
>> usability (privacy-)flaws these systems:
>> - DAA Consumer Choice
>> - Evidon Global Opt-Out
>> - PrivacyMark
>> - Firefox 5 (privacy settings)
>> - IE 9 (privacy settings)
>> - IE 9 (Tracking Protection)
>> - Ghostery 2.5.3
>> - TACO 4.0
>> - Adblock Plus 1.3.9
>> The report is a great read and IMHO exemplary for what might be
>> published in a Journal Negative Results in Security and Privacy
>> (discussed earlier on this list). Its abstract:
>> "We present results of a 45-participant laboratory study investigating
>> the usability of tools to limit online behavioral advertising (OBA).We
>> tested nine tools, including tools that block access to advertising
>> websites, tools that set cookies indicating a user’s preference to opt
>> out of OBA, and privacy tools that are built directly into web browsers.
>> We interviewed participants about OBA, observed their behavior as they
>> installed and used a privacy tool, and recorded their perceptions and
>> attitudes about that tool. We found serious usability flaws in all nine
>> tools we examined. The online opt-out tools were challenging for users
>> to understand and configure. Users tend to be unfamiliar with most
>> advertising companies, and therefore are unable to make meaningful
>> choices. Users liked the fact that the browsers we tested had built-in
>> Do Not Track features, but were wary of whether advertising companies
>> would respect this preference. Users struggled to install and configure
>> blocking lists to make effective use of blocking tools. They often
>> erroneously concluded the tool they were using was blocking OBA when
>> they had not properly configured it to do so."
>> Lisa Vaas blogged about it on Sophos' Naked Security [2], unfortunately
>> choosing the poor title "Research Finds that Privacy Tools Don’t Work".
>> Matthijs
>> [1] http://www.cylab.cmu.edu/research/techreports/2011/tr_cylab11017.html
>> [2]
>> http://nakedsecurity.sophos.com/2011/11/07/research-finds-that-privacy-tools-don%E2%80%99t-work/
>> _______________________________________________
>> PET mailing list
>> PET at lists.links.org
>> http://lists.links.org/mailman/listinfo/pet
> _______________________________________________
> PET mailing list
> PET at lists.links.org
> http://lists.links.org/mailman/listinfo/pet

More information about the PET mailing list