Nathaniel S. Good Aaron Krekelberg Usability and privacy: a study of Kazaa P2P file- sharing.

Slides:

Advertisements

Similar presentations

Tips and tools to keep you and your information safe on-line. We will go over a lot of information today, so it is important to pay attention and follow.

Advertisements

Lecture 10 Sharing Resources. Basics of File Sharing The core component of any server is its ability to share files. In fact, the Server service in all.

Microsoft ® Office 2007 Training Security II: Turn off the Message Bar and run code safely P J Human Resources Pte Ltd presents:

Safer, Speedier and Sexier Surfing with Safari. Which Web Browser?

Endnote Tutorial The Version pictured is version 9.0 May 8, 2007.

1 eclipse Tips. 2 What is eclipse? Eclipse is a popular IDE (Integrated Development Environment) that we will use to create, compile, execute, and test.

XP Tutorial 9 New Perspectives on Microsoft Windows XP 1 Microsoft Windows XP Exploring Your Network Tutorial 9.

Windows XP Home Networking. 2 Windows XP The dominant client operating system from Microsoft today Strong security features make it a wise upgrade for.

Installing SAS 9.3 Raymond R. Balise Health Research and Policy.

Installing SAS 9.3 Raymond R. Balise Health Research and Policy.

MCT260-Operating Systems I Operating Systems I Networking.

Network Printing. Printer sharing Saves money by only needing one printer Increases efficiency of managing resources.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 12: Managing and Implementing Backups and Disaster Recovery.

What is spyware? Supervisor dr. lo’ay tawalbeh Search By Mahmoud al-ashram Soufyan al-qblawe.

User studies. Why user studies? How do we know security and privacy solutions are really usable? Have to observe users! –you may be surprised by what.

We are partners in learning.. Note: Office 365 works best in Internet Explorer V 9 or above. Some features do not work in PWCS’s Chrome Browser or in.

TUTORIAL NO. 24 Create Alerts and files in EBSCO.

1 Chapter Overview Introduction to Windows XP Professional Printing Setting Up Network Printers Connecting to Network Printers Configuring Network Printers.

Browsing the Web Session 3. Objectives Student will knowhow to search on the internet, how to complete a form.

This example is a step by step walkthrough for installing the SRH Front Desk Printer in Windows 8.

MyiLibrary Electronic Audio Books Made available through NC LIVE with an LSTA grant from the State Library of NC Class session will begin promptly at 10:00.

CONNECTION SETTINGS FOR USE WITH THE MOTION COMPUTING MODEL-F5 TABLET COMPUTER AKA: SIMON October 8, 2011 (And other useful information.)

Go to our website, and click on the eMedia Catalog link To find books, either click on the advanced search (which I will.

Microsoft ® Official Course Module 9 Configuring Applications.

The basics of the Online Portal

Chapter 5 Roles and features. objectives Performing management tasks using the Server Manager console Understanding the Windows Server 2008 roles Understanding.

1 eclipse Tips. 2 What is eclipse? Eclipse is a popular IDE (Integrated Development Environment) that we will use to create, compile, execute, and test.

The audio will be turned on just before our start time at 7:00 pm ET.

CIS 375—Web App Dev II Microsoft’s.NET. 2 Introduction to.NET Steve Ballmer (January 2000): Steve Ballmer "Delivering an Internet-based platform of Next.

Microsoft ® Office SharePoint ® Server 2007 Training SharePoint document libraries I: Introduction to sharing files Bellwood-Antis School District presents:

1/28/2010 Network Plus Windows Networking Network Identification Identifies name and type of network. Installed adapters –Performed during Windows installation.

XP New Perspectives on Browser and Basics Tutorial 1 1 Browser and Basics Tutorial 1.

Home Media Network Hard Drive Training for Update to 2.0 By Erik Collett Revised for Firmware Update.

1 Managing Printers (Week 12, Monday 3/26/2007) © Abdou Illia, Spring 2007.

Microsoft ® Office 2007 Training Security II: Turn off the Message Bar and run code safely presents:

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 12: Managing and Implementing Backups and Disaster Recovery.

COMPREHENSIVE Windows Tutorial 5 Protecting Your Computer.

ENTERING ELIGIBLE ENERGY RESOURCE APPLICATIONS IN DELAFILE Version 2.0 August 25, 2015.

Section 1: Introducing Group Policy What Is Group Policy? Group Policy Scenarios New Group Policy Features Introduced with Windows Server 2008 and Windows.

Installing and Using Active Directory Written by Marc Zacharko.

SharePoint document libraries I: Introduction to sharing files Sharjah Higher Colleges of Technology presents:

Microsoft Office Outlook 2013 Microsoft Office Outlook 2013 Courseware # 3252 Lesson 6: Organizing Information.

Sorting with Outlook Rules Lunch and Learn.

Lesson No: 6 Introduction to Windows XP CHBT-01 Basic Micro process & Computer Operation.

Getting to Know Your Computer Your File System Applications What’s running on your machine Its own devices Networking.

Exploring Adobe Presenter Presented By: Immersion Team

Microsoft Outlook 2010 Instructor: Julie Thorngren

An Introduction to Forms. The Major Steps of a MicroSoft Access Database  Tables  Queries  Forms  Macros  Reports  Modules On our road map, we are.

PART 2 INTRODUCTION TO DYNAMIC WEB CONTENT AND PHP.

1 Terminology. 2 Requirements for Network Printing Print server Sufficient RAM to process documents Sufficient disk space on the print server.

2007 TAX YEARERO TRAINING - MODULE 61 ERO (Transmitter) Training Module 6 Federal and State Installation and Updates.

Step One: Introduction. Welcome to Follow My Clients! Once you log in, on the home page is your dash board. Here you will find your quick access buttons.

FTP COMMANDS OBJECTIVES. General overview. Introduction to FTP server. Types of FTP users. FTP commands examples. FTP commands in action (example of use).

Computer Literacy BASICS: A Comprehensive Guide to IC 3, 5 th Edition Lesson 3 Windows File Management 1 Morrison / Wells / Ruffolo.

Module 6: Configuring User Environments Using Group Policies.

+ Publishing Your First Post USING WORDPRESS. + A CMS (content management system) is an application that allows you to publish, edit, modify, organize,

Working with the interface and interacting with the iPad app.

Microsoft Office 2008 for Mac – Illustrated Unit D: Getting Started with Safari.

Windows Vista Configuration MCTS : Internet Explorer 7.0.

Transfer Contacts from iPhone to Android From:

PDF Recovery Tool Fix Portable Document File Format.

System Design Ashima Wadhwa.

Expense Report Training

Lesson #10 MCTS Cert Guide Microsoft Windows 7, Configuring Chapter 10 Configuring Network and Firewall Settings.

File Stream and Team Drives

Expense Report Training

Expense Report Training

Executive Reports, Instructions and Documentation

Presentation transcript:

Nathaniel S. Good Aaron Krekelberg Usability and privacy: a study of Kazaa P2P file- sharing

Abstract P2P sharing is becoming very popular P2P sharing is becoming very popular Intended for multimedia files, but applications like Kaaza allow for other files to be shared Intended for multimedia files, but applications like Kaaza allow for other files to be shared With this security concerns need to be addressed With this security concerns need to be addressed The applications that allow P2P file sharing make it easy to unintentionally share private information The applications that allow P2P file sharing make it easy to unintentionally share private information

Introduction Introduction The most popular P2P system was Kazaa The most popular P2P system was Kazaa 85 million downloads done worldwide 85 million downloads done worldwide Interface looks straightforward and easy to use Interface looks straightforward and easy to use Good way to share files with others but no security Good way to share files with others but no security If sharing is set up incorrectly personal files can be shared If sharing is set up incorrectly personal files can be shared Kazaa has no security measure to protect users Kazaa has no security measure to protect users

Introduction Introduction Look at how Kazaa is not a secure application Look at how Kazaa is not a secure application Does Kazaa have responsibilities and obligations to users? Does Kazaa have responsibilities and obligations to users? Help users protect personal files Help users protect personal files

Abuses on Kaaza Many unintentionally share private files with others Many unintentionally share private files with others folders or credit card information folders or credit card information Scripted searches to run for 12 hours Scripted searches to run for 12 hours Did not download any files just did queries Did not download any files just did queries Found 61% of all searches returned one or more hits for inbox.dbx Found 61% of all searches returned one or more hits for inbox.dbx 156 users with shared inboxes were found 156 users with shared inboxes were found

Abuses on Kaaza Are users taking advantage of this? Are users taking advantage of this? Set up a dummy client to see Set up a dummy client to see Created dummy files like Credit Cards.xls and Outlook.pst Created dummy files like Credit Cards.xls and Outlook.pst 4 different users downloaded the Credit Cards.xls 4 different users downloaded the Credit Cards.xls 2 different users downloaded the inbox.dbx 2 different users downloaded the inbox.dbx

Usability Guidelines P2P file sharing software is safe and usable if users: P2P file sharing software is safe and usable if users: Are aware of the files that others can download from your system Are aware of the files that others can download from your system Can easily and successful start and stop file sharing Can easily and successful start and stop file sharing Can not accidentally share private files that they don’t want to share Can not accidentally share private files that they don’t want to share Users should be comfortable with what is being shared with others and the system is handling the sharing correctly Users should be comfortable with what is being shared with others and the system is handling the sharing correctly

Summary of Cognitive Walkthrough New Kazaa is safer New Kazaa is safer Default settings are changed Default settings are changed Users able to change the default settings Users able to change the default settings Sharing is not turned on by default Sharing is not turned on by default Changing the Download file directory Changing the Download file directory File can be changed under Options-> tools File can be changed under Options-> tools My Shared folder and all folders below it are shared My Shared folder and all folders below it are shared Download folder is also automatically shared Download folder is also automatically shared Users don’t understand file hierarchical systems Users don’t understand file hierarchical systems Leads to undesired folder sharing Leads to undesired folder sharing

Summary of Cognitive Walkthrough Sharing Files Sharing Files Kazaa has two ways to share folders Kazaa has two ways to share folders Search Wizard Search Wizard Folder List Folder List Search Wizard will automatically discover files that can be shared Search Wizard will automatically discover files that can be shared Has no criteria to discover files Has no criteria to discover files Folder List allows the user to select files to share Folder List allows the user to select files to share User can select what files he or she would like to shared by selecting them from a explorer type window User can select what files he or she would like to shared by selecting them from a explorer type window

Summary of Cognitive Walkthrough Adding Files to the My Media folder Adding Files to the My Media folder This will add files to shared or downloaded folder This will add files to shared or downloaded folder Files can be individually turned on and off Files can be individually turned on and off Only at file level Only at file level Not at the folder level Not at the folder level

Summary of Cognitive Walkthrough Uploading Files Uploading Files Transfer File Interface Transfer File Interface Allows users to select individual files that can be uploaded by Kazaa users Allows users to select individual files that can be uploaded by Kazaa users Has a scrollable list to select files Has a scrollable list to select files Transfer list cleared every time Kazaa is restarted Transfer list cleared every time Kazaa is restarted

Summary of Cognitive Walkthrough Overview of Results from the Cognitive Walkthrough Overview of Results from the Cognitive Walkthrough Users should know what files are able to be downloaded Users should know what files are able to be downloaded Users should know how to share and stop sharing files Users should know how to share and stop sharing files Users should not be able to accidentally share files Users should not be able to accidentally share files Users need to know what they are sharing and be comfortable with it Users need to know what they are sharing and be comfortable with it

Overview of Results from the Cognitive Walkthrough Users should be made aware of what files can be downloaded by others Users should be made aware of what files can be downloaded by others Did not provide information on what kind of file that was intended for sharing Did not provide information on what kind of file that was intended for sharing Did not provide a way to indicate if they want all files and folders beneath to be shared Did not provide a way to indicate if they want all files and folders beneath to be shared No safeguard is built in so responsibility falls on users No safeguard is built in so responsibility falls on users

Overview of Results from the Cognitive Walkthrough Users should be able to stop and start file sharing easily and successfully Users should be able to stop and start file sharing easily and successfully Deselecting files to be shared from My Media Folder was shown through the tips page Deselecting files to be shared from My Media Folder was shown through the tips page Must read it first and then have to remember the information later Must read it first and then have to remember the information later Has multiple ways to share files and folders Has multiple ways to share files and folders Has only one hard to find way to stop sharing Has only one hard to find way to stop sharing

Overview of Results from the Cognitive Walkthrough Users should not be able to accidentally share private files Users should not be able to accidentally share private files Files and folders shared through the download folder were not indicated by the Share Folders Box Files and folders shared through the download folder were not indicated by the Share Folders Box Since there is no coupling of views there is no distinction between shared folders and download folders Since there is no coupling of views there is no distinction between shared folders and download folders

Overview of Results from the Cognitive Walkthrough Users should be comfortable with what is being shared with others Users should be comfortable with what is being shared with others Does not provide a tool to manage types of files and extensions being shared Does not provide a tool to manage types of files and extensions being shared Relies to much on users understanding the assumptions the program has made Relies to much on users understanding the assumptions the program has made

User Study Wanted to see if users would be confused with the process Wanted to see if users would be confused with the process Wanted to see if users could determine what is being shared Wanted to see if users could determine what is being shared See if users could determine which if any folders were being shared by Kaaza with others See if users could determine which if any folders were being shared by Kaaza with others 10 out of 12 had used some type of file sharing application 10 out of 12 had used some type of file sharing application All used a computer over 1o hours a week All used a computer over 1o hours a week

User Study All users started from the Kaaza home page and were only allowed to use this UI All users started from the Kaaza home page and were only allowed to use this UI The users were given a tutorial on file sharing The users were given a tutorial on file sharing All users were given as much time as they needed All users were given as much time as they needed Users had to answer precise questions regarding the searching Users had to answer precise questions regarding the searching If answered correctly were asked to stop searching and to share only My Shared Folders If answered correctly were asked to stop searching and to share only My Shared Folders

Survey Results 2 users indicated all files could be shared 2 users indicated all files could be shared 9 out of 10 users believed only multimedia files and software could be shared 9 out of 10 users believed only multimedia files and software could be shared 1 out of 10 said possible to share folders, office documents, and source code files 1 out of 10 said possible to share folders, office documents, and source code files

Task Results 2 of 12 were able to determine which files and folders were being shared 2 of 12 were able to determine which files and folders were being shared Both could turn off file sharing, but could not apply it to individual folders Both could turn off file sharing, but could not apply it to individual folders 5 of 12 thought only My Shared Folder was shared 5 of 12 thought only My Shared Folder was shared 2 of 12 used search for shared folders 2 of 12 used search for shared folders None were checked so believed they weren’t sharing folders None were checked so believed they weren’t sharing folders 2 of 12 browsed help to determine incorrectly that My Shared Folder was only thing that could be shared 2 of 12 browsed help to determine incorrectly that My Shared Folder was only thing that could be shared 1 of 12 could not determine which folder was being shared no matter what approach they took 1 of 12 could not determine which folder was being shared no matter what approach they took

Suggestions Prohibit sharing of files that aren’t multimedia files Prohibit sharing of files that aren’t multimedia files Limit file sharing to types users expect to be shared Limit file sharing to types users expect to be shared Also, allow for advanced users to permit additional file sharing if desired Also, allow for advanced users to permit additional file sharing if desired

Conclusion File sharing is problematic because of the UI File sharing is problematic because of the UI Design of applications make to many assumptions Design of applications make to many assumptions Many are not aware of what and how much they are sharing Many are not aware of what and how much they are sharing The My Media interfaces causes more confusion than help The My Media interfaces causes more confusion than help File sharing applications should design applications according to security applications File sharing applications should design applications according to security applications Questions ?