[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [interesting-people Home]
Subject: IP: Understanding Net Users' Attitudes About Online Privacy
>From: "Lorrie Faith Cranor" <lorrie@research.att.com> >To: "Dave Farber" <farber@cis.upenn.edu> >Date: Wed, 14 Apr 1999 11:20:19 -0400 > > >My colleagues and I have released an AT&T Labs-Research Technical >Report on our study of Net users' attitudes about online privacy. I >have attached the executive summary below. The full report is >available online at: >http://www.research.att.com/projects/privacystudy/ >Feel free to forward this. > >Lorrie > > >Beyond Concern: Understanding Net Users' Attitudes >About Online Privacy > >by Lorrie Faith Cranor, Joseph Reagle, and Mark S. Ackerman > >14 April 1999 > >Executive Summary > >People are concerned about privacy, particularly on the >Internet. While many studies have provided evidence of this concern, >few have explored the nature of the concern in detail, especially for >the online environment. With this study, we have tried to better >understand the nature of online privacy concerns; we look beyond the >fact that people are concerned and attempt to understand how they are >concerned. We hope our results will help inform both policy decisions >as well as the development of technology tools that can assist >Internet users in protecting their privacy. > >We present results here from the analysis of 381 questionnaires >completed between November 6 and November 13, 1998 by American >Internet users. The sample was drawn from the FamilyPC >magazine/Digital Research, Inc. Family Panel. While this is not a >statistically representative sample of US Internet users, our >respondents are heavy Internet users, and quite possibly lead >innovators. As such, we believe that this sample is important for >understanding the future Internet user population. > >Major Findings > >Internet users are more likely to provide information when they are >not identified. When presented with scenarios involving the provision >of personal data to Web sites, our respondents were much less willing >to provide information when personally identifiable information was >requested. > >Some types of data are more sensitive than others. Our respondents >were generally comfortable providing preference information to Web >sites. However, they were often very uncomfortable providing credit >card numbers and social security numbers. We also observed significant >differences in sensitivity to seemingly similar kinds of data. For >example, while postal mail address, phone number, and email address >can all be used to contact someone, most of our respondents said they >would never or rarely feel comfortable providing their phone number >but would usually or always feel comfortable providing their email >address. The comfort level for postal mail address fell somewhere in >between. > >Many factors are important in decisions about information >disclosure. When deciding whether to provide information to Web sites, >our respondents report that the most important factor is whether or >not information will be shared with other companies and >organizations. Other highly important factors include whether >information is used in an identifiable way, the kind of information >collected, and the purpose for which the information is >collected. Whether a site posts a privacy policy, whether a site has a >privacy seal of approval, and whether a site discloses a data >retention policy were viewed as important, but considerably less so >than the other factors we asked about. > >Acceptance of the use of persistent identifiers varies according to >their purpose. Fifty-two percent of our respondents indicated they >were concerned about Web cookies, and another 12% said they were >uncertain about what a cookie is. Of those who knew what cookies were, >56% said they had changed their cookie settings to something other >than accepting all cookies without warning. However, 78% of >respondents said they would definitely or probably agree to Web sites >using persistent identifiers (possibly implemented using cookies) to >provide a customized service. Fewer (60%) would agree to the use of >such an identifier to provide customized advertising, and fewer still >(44%) would agree to using the identifier to provide customized >advertising across many Web sites. > >Internet users dislike automatic data transfer. While our respondents >said they are interested in tools that make using the Web more >convenient, most do not want these tools to transfer information about >them to Web sites automatically. When asked about several possible >browser features that would make it easier to provide information to >Web sites, 86% of respondents reported no interest in features that >would automatically transfer their data to Web sites without any user >intervention. > >Internet users dislike unsolicited communications. Respondents >indicated a strong desire to avoid unsolicited communications >resulting from providing information to Web sites. For example, 61% of >respondents who said they would be willing to provide their name and >postal mail address to a site in order to receive free pamphlets and >coupons said they would be less likely to provide the information if >it would be shared with other companies and used to send them >additional marketing materials. > >A joint program of privacy policies and privacy seals seemingly >provides a comparable level of user confidence as that provided by >privacy laws. We described a scenario in which a Web site with >interesting information related to a favorite hobby asks for a >visitor's name and postal address in order to provide free pamphlets >and coupons. Of the respondents who were unsure or said they would not >provide the requested information: > >- 48% said they would be more likely to provide it if there was a law >that prevented the site from using the information for any purpose >other than processing the request, > >- 28% said they would be more likely to provide it if the site had a >privacy policy, > >- and 58% said they would be more likely to provide it if the site had >both a privacy policy and a seal of approval from a well-known >organization such as the Better Business Bureau or the AAA. > >On the other hand, when we asked respondents about online privacy seal >programs without mentioning any specific brand names, their responses >suggest that they do not yet understand how Internet seal programs >work. > >We are continuing to analyze our survey data and plan to collect more >data to further explore these and other issues. We expect to provide >more detailed analyses in future reports. > >Implications > >Finally, we believe that a few technical and policy implications can >be drawn from our work. As the software engineering community attempts >to implement the Platform for Privacy Preferences (P3P) and similar >privacy protocols, one of the major issues will be designing suitable >user interfaces for these systems. Such systems need to inform users >when user privacy might be at risk. However, not only must a user >interface present an extremely complex information and decision space, >it must do so seamlessly and unobtrusively (Ackerman and Cranor >1999). Our results suggest that for users who either have strong >feelings about privacy or who are marginally concerned about privacy, >very simple interfaces would likely be useful and usable. However, for >the majority of users who take a pragmatic approach to privacy issues, >it seems likely that a variety of mechanisms will be needed. > >While the vast majority of our respondents were concerned about >privacy (only 13% said they were "not very" or "not at all" concerned >about privacy threats), their reactions to scenarios involving online >data collection were extremely varied. Some respondents reported that >they would rarely be willing to provide personal data online, others >showed some willingness to provide data depending on the situation, >and others were quite willing to provide data -- regardless of whether >or not they reported a high level of concern about privacy. Thus it >seems unlikely that a one-size-fits-all approach to online privacy is >likely to succeed. > > >~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ >Lorrie Faith Cranor <lorrie@research.att.com> >AT&T Labs-Research, Shannon Laboratory >180 Park Ave. Room A241, Florham Park, NJ 07932 >Phone: 973-360-8607 FAX: 973-360-8970 >http://www.research.att.com/~lorrie/ >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [interesting-people Home]
Powered by eList eXpress LLC