Internet privacy tools too confusing for most users

Share this article:

Users wishing to stop advertisers from tracking their online behaviors face major hurdles, according to a report released this week by Carnegie Mellon University.

In user tests of nine commonly available online behavioral advertising “opt-out” tools, including those offered by the ad industry and web browsers, most individuals were confused about how to configure such privacy options, according to the report. Consequently, users commonly chose settings that failed to protect their privacy as much as they expected, or did not have any impact at all.

During the study, researchers called on 45 individuals – without technical training, but who use the web frequently – to test the privacy settings built into the Mozilla Firefox version 5 and Internet Explorer 9. In addition, users tested tools intended to allow them to block behavioral ad content, including DAA Consumer Choice from the Digital Advertising Alliance, Evidon's Global Opt-Out, and Privacy Choice's PrivacyMark. As well, individuals evaluated Evidon's Ghostery, TACO 4 from Abine, Adblock Plus and IE9's Tracking Protection mechanism, tools used to block certain sites from tracking web use.

Each tool had “serious usability flaws,” the report states. For example, none of the offerings allowed users to effectively control online tracking and behavioral advertising according to their personal preferences.

The study found that the opt-out tools and browser settings tested often did not clearly describe their functionality and only provided “jargon-filled technical explanations,” which confused users. In addition, many of them had complex interfaces that failed to inform users whether the opt-out was working.

Customers, for the most part, had trouble making meaningful choices using products that provide a list of ad companies that can be blocked, such as Ghostery and TACO, because most individuals were unfamiliar with these companies, according to the report. Meanwhile, several options, including those offered by web browsers, were deemed inadequate because they do not enable privacy features by default. 

Members of the privacy community said Wednesday they were not surprised by the findings of the study, released Monday.

“This study shows how hard it is to design privacy tools and how little consumer testing has been done to make real progress in this area,” Jules Polonetsky, director and co-chair of the Future of Privacy Forum, a Washington, D.C.-based think tank, told SCMagazineUS.com in an email. “Designing to meet the nuanced needs of all web users is really hard.”

The average user does not understand the ins and outs of online behavioral advertising or tracking cookies, Trevor Hughes, president and CEO of the nonprofit International Association of Privacy Professionals, told SCMagazineUS.com on Wednesday.

Still, most have a sense of their expectations regarding behavioral advertising and tracking, he said. The question of how best to give a choice will continue to be a source of friction and debate.

According to the report, the ad industry's self-regulation of online behavioral marketing through opt-out mechanisms is “fundamentally flawed.” The FTC in the past also has criticized the self-regulatory model, noting that legislation should be enacted if industry players don't step up.

However, Jennifer Barrett Glasgow, global privacy and public policy executive at Acxiom, a firm that offers behavioral advertising services, told SCMagazineUS.com on Wednesday that the Carnegie Mellon study does not balance the value of such services against the risk and consumers' concerns. Up to a third of users, she said, employ strong privacy controls and do not care about behavioral ads.

While Glasgow said the ad industry has made strides in its efforts to create opt-out tools that are easier to understand and use, it could do more to educate consumers about how such tools work and what behavioral advertising really is.

Share this article:

Sign up to our newsletters

More in News

AOL Mail hack furthers spam campaign using spoofed accounts

AOL confirmed on Monday that it was aware of the issue and working to remediate the situation.

Backdoors in Wi-Fi routers, said to be closed, can be reopened

Backdoors in Wi-Fi routers, said to be closed, ...

Although said to be patched, researcher Eloi Vanderbeken discovered during the Easter holiday that backdoors existing in certain wireless routers can be reactivated.

Apple ships Mac OS X updates, fixes several code execution bugs

Apple ships Mac OS X updates, fixes several ...

Among the addressed vulnerabilities, was a bug affecting WindowServer, which could allow an attacker to execute malicious code outside the sandbox.