Internet privacy tools too confusing for most users

Share this article:

Users wishing to stop advertisers from tracking their online behaviors face major hurdles, according to a report released this week by Carnegie Mellon University.

In user tests of nine commonly available online behavioral advertising “opt-out” tools, including those offered by the ad industry and web browsers, most individuals were confused about how to configure such privacy options, according to the report. Consequently, users commonly chose settings that failed to protect their privacy as much as they expected, or did not have any impact at all.

During the study, researchers called on 45 individuals – without technical training, but who use the web frequently – to test the privacy settings built into the Mozilla Firefox version 5 and Internet Explorer 9. In addition, users tested tools intended to allow them to block behavioral ad content, including DAA Consumer Choice from the Digital Advertising Alliance, Evidon's Global Opt-Out, and Privacy Choice's PrivacyMark. As well, individuals evaluated Evidon's Ghostery, TACO 4 from Abine, Adblock Plus and IE9's Tracking Protection mechanism, tools used to block certain sites from tracking web use.

Each tool had “serious usability flaws,” the report states. For example, none of the offerings allowed users to effectively control online tracking and behavioral advertising according to their personal preferences.

The study found that the opt-out tools and browser settings tested often did not clearly describe their functionality and only provided “jargon-filled technical explanations,” which confused users. In addition, many of them had complex interfaces that failed to inform users whether the opt-out was working.

Customers, for the most part, had trouble making meaningful choices using products that provide a list of ad companies that can be blocked, such as Ghostery and TACO, because most individuals were unfamiliar with these companies, according to the report. Meanwhile, several options, including those offered by web browsers, were deemed inadequate because they do not enable privacy features by default. 

Members of the privacy community said Wednesday they were not surprised by the findings of the study, released Monday.

“This study shows how hard it is to design privacy tools and how little consumer testing has been done to make real progress in this area,” Jules Polonetsky, director and co-chair of the Future of Privacy Forum, a Washington, D.C.-based think tank, told SCMagazineUS.com in an email. “Designing to meet the nuanced needs of all web users is really hard.”

The average user does not understand the ins and outs of online behavioral advertising or tracking cookies, Trevor Hughes, president and CEO of the nonprofit International Association of Privacy Professionals, told SCMagazineUS.com on Wednesday.

Still, most have a sense of their expectations regarding behavioral advertising and tracking, he said. The question of how best to give a choice will continue to be a source of friction and debate.

According to the report, the ad industry's self-regulation of online behavioral marketing through opt-out mechanisms is “fundamentally flawed.” The FTC in the past also has criticized the self-regulatory model, noting that legislation should be enacted if industry players don't step up.

However, Jennifer Barrett Glasgow, global privacy and public policy executive at Acxiom, a firm that offers behavioral advertising services, told SCMagazineUS.com on Wednesday that the Carnegie Mellon study does not balance the value of such services against the risk and consumers' concerns. Up to a third of users, she said, employ strong privacy controls and do not care about behavioral ads.

While Glasgow said the ad industry has made strides in its efforts to create opt-out tools that are easier to understand and use, it could do more to educate consumers about how such tools work and what behavioral advertising really is.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Adobe exploit used to spread Dyre credential stealer

Adobe exploit used to spread Dyre credential stealer

Users running vulnerable Adobe software could be in danger of having credentials for Bitcoin websites stolen.

Staples is investigating a potential issue involving credit card data

Staples is investigating a potential issue involving credit ...

The company said it is investigating a potential issue involving credit card data and that customers are not responsible for fraudulent activity on cards if an issue is discovered.

Skills set a priority over legacy prejudices, experts say

Skills set a priority over legacy prejudices, experts ...

Cybersecurity expert Winn Schwartau and Robert Clark, a cyber law attorney at the Army Cyber Institute, discussed issues around hiring in the information security industry.