[IP] more on Sony's Escalating "Spyware" Fiasco

To: ip@xxxxxxxxxxxxxx
Subject: [IP] more on Sony's Escalating "Spyware" Fiasco
From: David Farber <dave@xxxxxxxxxx>
Date: Fri, 2 Dec 2005 20:52:09 -0500
List-help: <http://v2.listbox.com/doc/help_sub?list_name=ip@v2.listbox.com>
List-id: <ip@xxxxxxxxxxxxxx>
List-software: listbox.com v2.0
List-subscribe: <mailto:subscribe-ip@v2.listbox.com>, <http://v2.listbox.com/subscribe/?listname=ip@v2.listbox.com>
List-unsubscribe: <mailto:unsubscribe-ip@v2.listbox.com>, <http://v2.listbox.com/member/unsubscribe/?listname=ip@v2.listbox.com>
References: <4390D249.4070908@xxxxxxxxxxxx>
Reply-to: dave@xxxxxxxxxx



Begin forwarded message:

From: Dave Crocker <dhc2@xxxxxxxxxxxx>
Date: December 2, 2005 6:01:29 PM EST
To: dave@xxxxxxxxxx

Cc: ip@xxxxxxxxxxxxxx, "Synthesis: Law and Technology"<synthesis.law.and.technology@xxxxxxxxx>, Bob Hinden<bob.hinden@xxxxxxxxx>

Subject: Re: [IP] more on Sony's Escalating "Spyware" Fiasco
Reply-To: dcrocker@xxxxxxxx

Blaming Microsoft for software that requires you to click OK seemsas silly as blaming GM if someone pumps bad gasoline into your car,no?

No.

The human factors (usability, interaction design, cognitive modeling,decision context, etc.) issues are entirely different.

Presenting users with a simple pop-up to click presumes a numberthings inappropriately and ignores a number of essential concerns.


Some examples:

1. Users are expected to fully understand the security model of theirsystem. Since computer experts often don't, placing such a burden onnon-technical consumers is quite simply silly.

2. The messages that are displayed are cryptic, incomplete and tendto be full of jargon. Even with a good technical model, a user oftenhas difficulty knowing what is going on.

3. The more dangerous a user interaction, the more important it is toprotect against the user's performing the action automatically,rather than having to deliberate on the choices. User must click"ok" so frequently, it is far too easy to click ok as a habit.

4. Related to this is the meta-point that users are burdened with somuch "system administration" work that they MUST develop a habitualresponse, so that they can return to doing their primary activity.The habitual response works fine... except when it doesn't.

People bought the CD and ckicked OK because they trusted Sony, notbecause they trusted Microsoft to protect them against Sony, surely?

Clicking OK is taken to mean informed consent. The reality is thatit means nothing of the sort.

Since when did anyone trust Microsoft? Did anyone not wearing atinfoil hat at the time remotely suspect that we needed protectionagainst Sony? Why should Microsoft be more prescient?

When a product purports to have safety features, there should be agood basis for believing that the features will be effective. Inthis case, there is quite a bit of basis for knowing that it will beINeffective.

The design of critical user interactions needs to pay far moreattention to the nature, capabilities and preferences of the averageuser.

Unfortunately any serious effort along these lines means finding waysto reduce the overall user burden for system administration, so thatcritical user interactions are much more distinctive and rare.


d/
--

Dave Crocker
Brandenburg InternetWorking
<http://bbiw.net>


-------------------------------------
You are subscribed as roessler@xxxxxxxxxxxxxxxxxx
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/

Prev by Date: [IP] EFFector 18.42: North Carolina Illegally Certifies Diebold E-voting System
Next by Date: [IP] more on sorry Congress may try retain airliner "scissors" ban
Previous by thread: [IP] more on Sony's Escalating "Spyware" Fiasco
Next by thread: [IP] more on Sony's Escalating "Spyware" Fiasco
Index(es):
- Date
- Thread