Interesting People mailing list archives
IP: Understanding Net Users' Attitudes About Online Privacy
From: Dave Farber <farber () cis upenn edu>
Date: Wed, 14 Apr 1999 11:23:12 -0400
From: "Lorrie Faith Cranor" <lorrie () research att com> To: "Dave Farber" <farber () cis upenn edu> Date: Wed, 14 Apr 1999 11:20:19 -0400 My colleagues and I have released an AT&T Labs-Research Technical Report on our study of Net users' attitudes about online privacy. I have attached the executive summary below. The full report is available online at: http://www.research.att.com/projects/privacystudy/ Feel free to forward this. Lorrie Beyond Concern: Understanding Net Users' Attitudes About Online Privacy by Lorrie Faith Cranor, Joseph Reagle, and Mark S. Ackerman 14 April 1999 Executive Summary People are concerned about privacy, particularly on the Internet. While many studies have provided evidence of this concern, few have explored the nature of the concern in detail, especially for the online environment. With this study, we have tried to better understand the nature of online privacy concerns; we look beyond the fact that people are concerned and attempt to understand how they are concerned. We hope our results will help inform both policy decisions as well as the development of technology tools that can assist Internet users in protecting their privacy. We present results here from the analysis of 381 questionnaires completed between November 6 and November 13, 1998 by American Internet users. The sample was drawn from the FamilyPC magazine/Digital Research, Inc. Family Panel. While this is not a statistically representative sample of US Internet users, our respondents are heavy Internet users, and quite possibly lead innovators. As such, we believe that this sample is important for understanding the future Internet user population. Major Findings Internet users are more likely to provide information when they are not identified. When presented with scenarios involving the provision of personal data to Web sites, our respondents were much less willing to provide information when personally identifiable information was requested. Some types of data are more sensitive than others. Our respondents were generally comfortable providing preference information to Web sites. However, they were often very uncomfortable providing credit card numbers and social security numbers. We also observed significant differences in sensitivity to seemingly similar kinds of data. For example, while postal mail address, phone number, and email address can all be used to contact someone, most of our respondents said they would never or rarely feel comfortable providing their phone number but would usually or always feel comfortable providing their email address. The comfort level for postal mail address fell somewhere in between. Many factors are important in decisions about information disclosure. When deciding whether to provide information to Web sites, our respondents report that the most important factor is whether or not information will be shared with other companies and organizations. Other highly important factors include whether information is used in an identifiable way, the kind of information collected, and the purpose for which the information is collected. Whether a site posts a privacy policy, whether a site has a privacy seal of approval, and whether a site discloses a data retention policy were viewed as important, but considerably less so than the other factors we asked about. Acceptance of the use of persistent identifiers varies according to their purpose. Fifty-two percent of our respondents indicated they were concerned about Web cookies, and another 12% said they were uncertain about what a cookie is. Of those who knew what cookies were, 56% said they had changed their cookie settings to something other than accepting all cookies without warning. However, 78% of respondents said they would definitely or probably agree to Web sites using persistent identifiers (possibly implemented using cookies) to provide a customized service. Fewer (60%) would agree to the use of such an identifier to provide customized advertising, and fewer still (44%) would agree to using the identifier to provide customized advertising across many Web sites. Internet users dislike automatic data transfer. While our respondents said they are interested in tools that make using the Web more convenient, most do not want these tools to transfer information about them to Web sites automatically. When asked about several possible browser features that would make it easier to provide information to Web sites, 86% of respondents reported no interest in features that would automatically transfer their data to Web sites without any user intervention. Internet users dislike unsolicited communications. Respondents indicated a strong desire to avoid unsolicited communications resulting from providing information to Web sites. For example, 61% of respondents who said they would be willing to provide their name and postal mail address to a site in order to receive free pamphlets and coupons said they would be less likely to provide the information if it would be shared with other companies and used to send them additional marketing materials. A joint program of privacy policies and privacy seals seemingly provides a comparable level of user confidence as that provided by privacy laws. We described a scenario in which a Web site with interesting information related to a favorite hobby asks for a visitor's name and postal address in order to provide free pamphlets and coupons. Of the respondents who were unsure or said they would not provide the requested information: - 48% said they would be more likely to provide it if there was a law that prevented the site from using the information for any purpose other than processing the request, - 28% said they would be more likely to provide it if the site had a privacy policy, - and 58% said they would be more likely to provide it if the site had both a privacy policy and a seal of approval from a well-known organization such as the Better Business Bureau or the AAA. On the other hand, when we asked respondents about online privacy seal programs without mentioning any specific brand names, their responses suggest that they do not yet understand how Internet seal programs work. We are continuing to analyze our survey data and plan to collect more data to further explore these and other issues. We expect to provide more detailed analyses in future reports. Implications Finally, we believe that a few technical and policy implications can be drawn from our work. As the software engineering community attempts to implement the Platform for Privacy Preferences (P3P) and similar privacy protocols, one of the major issues will be designing suitable user interfaces for these systems. Such systems need to inform users when user privacy might be at risk. However, not only must a user interface present an extremely complex information and decision space, it must do so seamlessly and unobtrusively (Ackerman and Cranor 1999). Our results suggest that for users who either have strong feelings about privacy or who are marginally concerned about privacy, very simple interfaces would likely be useful and usable. However, for the majority of users who take a pragmatic approach to privacy issues, it seems likely that a variety of mechanisms will be needed. While the vast majority of our respondents were concerned about privacy (only 13% said they were "not very" or "not at all" concerned about privacy threats), their reactions to scenarios involving online data collection were extremely varied. Some respondents reported that they would rarely be willing to provide personal data online, others showed some willingness to provide data depending on the situation, and others were quite willing to provide data -- regardless of whether or not they reported a high level of concern about privacy. Thus it seems unlikely that a one-size-fits-all approach to online privacy is likely to succeed. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Lorrie Faith Cranor <lorrie () research att com> AT&T Labs-Research, Shannon Laboratory 180 Park Ave. Room A241, Florham Park, NJ 07932 Phone: 973-360-8607 FAX: 973-360-8970 http://www.research.att.com/~lorrie/
Current thread:
- IP: Understanding Net Users' Attitudes About Online Privacy Dave Farber (Apr 14)