Presentation is loading. Please wait.

Presentation is loading. Please wait.

Personalization Usually refers to e-commerce. Benefits Searches (ex: amazon.com) Customized or localized for each user Using zip code, past purchases.

Published byClinton Branden Farmer Modified over 9 years ago

Similar presentations

Presentation on theme: "Personalization Usually refers to e-commerce. Benefits Searches (ex: amazon.com) Customized or localized for each user Using zip code, past purchases."— Presentation transcript:

1 Personalization Usually refers to e-commerce

2 Benefits Searches (ex: amazon.com) Customized or localized for each user Using zip code, past purchases (amazon), interests Passive gathering of proper context Site (ex: amazon.com) Customized Accessibility Save time (remember form data, last viewed)

3 Pit Falls Too many options (see: open source software) Passively gather preferences / trends “Hide” uncommon options -- USER centered Advanced users will find them Obtrusive - surveys or extra questions Large Visual customization - loss of “identity” Web-Apps: training/support issues

4 Hidden Option Example

5 How? Cookies User Account info (requires login, etc.) Web stats tracking “click stream” Requires login-- hidden cookie system could… Purchase History (requires account) Group Users by Characteristics (movielens.org) Other users who bought this also bought...

6 A Few Uses Integration into other environments cell-phones, languages Form-Letter: Customized content based on user Not just text, but items displayed, suggested etc Preferences: “Themes”, feature control, etc. Ratings: of things, others, OF YOU (achievements)

7 Conversation Interface “Proven” more effective Interface is more similar to a chat room User can ask questions / interact (≈ sales people) Limited usage Exceptionally difficult to make automated Most “good” uses are chat-rooms with real sales people or “call back” phone sales people

8 Trust Gaining and Keeping Users’ Trust

9 Right to Privacy There is no right to privacy in the USA Laws exist to limit the government Laws exist to limit certain information in certain situations -- almost non-existent Privacy Policies are same as a Contract People are weary to give out information that might be harmful to them Don’t assume users know what to guard

10 Give Context Provide a Privacy Policy Post a Certification of Privacy (truste.org, bbbonline.org) Given short policy hints at locations in question: “Zip code is used to determine inventory in your area” Security Note: Often users will break down with any silly justification-- “Credit Card # is just used to confirm your identity”

11 Fostering Trust Ask user to opt-in or opt-out of “services” “I wish to subscribe to the newsletter” “Allow 3rd parties to contact me about deals” Provide useful information “A Confirmation email will be sent” “Standard shipping will take 3-5 days” Order Status, Account Information

12 US Government 4 th and 5 th amendment protection is weak Using 3 rd or 4 th parties, they control the rights to your information NOT YOU There must be an expectation of control and of security in order for your rights to apply You may be required to hand over data You may not be allowed to disclose it happened Foreign governments may request similar things

13 Security Privacy Threats

14 Browsers Fast Development (outside of MS IE) New features = new bugs = new security threats Javascript / DOM bugs lead to exploits Specialized Browsers (for attacks or probing) Cookies - program accessible file or in memory OS security affects browser security weakest link is browser

15 Watch for User Logins: saving login info, don’t store the password in the cookie! Time-out sessions (public terminals) Don’t EVER display the users password to them Provide the user the OPTION of “saving the login” Visually displaying private info on the screen Password Hints BAD (most users don’t use properly)

16 HTTPS EVERYTHING sent over the network is public HTTPS encrypts client to server connection slows server down (many e-commerce sites only use if for credit card numbers) Client-Side javascript encryption is a JOKE Cookies are NOT secure Exception: server-side encrypted data stored in cookie

17 BE PARANOID Everything is out to get your user’s information ONLY allow the minimum possible to complete the task Heavily Analyze the your minimized “points of entry” Script Libraries can have unknown bugs Specific Browser checks can be justified to block/warn users with browsers known to be insecure

18 Think of the Users Don’t make users paranoid (that hurts you) Don’t tell them you are correlating their behavior patterns with others to predict if they are a pedophile... Be tactful Don’t advertise every little detail (burry it in the privacy policy - like amazon.com) Be informative: tell them how to verify the email you sent is not a scam-- ex: give a link + directions to pull up the information from your website.

19 Spam By law, an opt-out option has to be provided Don’t irritate users by defaulting to an opt-out policy Opt-In confirmation emails (verify they wanted to opt- in and include detailed opt-out at any time directions) Users can FORGET if they did opt-in! Use mass mailer or BCC addresses

20 Passwords 8+ alphanumeric long (could have symbols too) Don’t allow password hints Never let user see their password Never let user change password without entering old password again Put a delay (1-2 sec) during login Javascript + Form to Aid in password creation / policy verification Provide forgotten password procedure (never let them see password)

21 Alternate Passwords Electronic Keys no browser integration Images people tend to click/draw the same areas of the image Files People don’t like uploading files General Rule: has to take too long for a program to attack: 8 chars = 6,095,689,385,410,816

22 Biggest Threat Employees Information must be secured internally Don’t forget about former employees or consultants Employers / Owners Damaging information should be destroyed Trusted 3 rd party which does not show you the data Ex: store hashed passwords

Download ppt "Personalization Usually refers to e-commerce. Benefits Searches (ex: amazon.com) Customized or localized for each user Using zip code, past purchases."

Similar presentations

Directorate of Learning Resources Accessing electronic journals from off-campus This causes lots of headaches, but dont despair, heres how to do it! If.

Directorate of Learning Resources Accessing electronic journals from off-campus This causes lots of headaches, but dont despair, heres how to do it! If.
Copyright © 2005 EFT Network, Inc. All Rights Reserved. Automated Recurring Payments Flexible Payment Solution.

Copyright © 2005 EFT Network, Inc. All Rights Reserved. Automated Recurring Payments Flexible Payment Solution.
Automated Payment System. Benefits There is minimal training needed No expensive equipment necessary You can maintain your existing banking relationship.

Automated Payment System. Benefits There is minimal training needed No expensive equipment necessary You can maintain your existing banking relationship.
Privacy No matter how exemplary your life is, there are things you want to keep to yourself © 2004, Lawrence Snyder.

Privacy No matter how exemplary your life is, there are things you want to keep to yourself © 2004, Lawrence Snyder.
A Third Party Service for Providing Trust on the Internet Work done in 2001 at HP Labs by Michael VanHilst and Ski Ilnicki.

A Third Party Service for Providing Trust on the Internet Work done in 2001 at HP Labs by Michael VanHilst and Ski Ilnicki.
Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.

Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.
Copyright 2004 Monash University IMS5401 Web-based Systems Development Topic 2: Elements of the Web (g) Interactivity.

Copyright 2004 Monash University IMS5401 Web-based Systems Development Topic 2: Elements of the Web (g) Interactivity.
CC3.12 Lecture 12 Erdal KOSE Based of Prof. Ziegler Lectures.

CC3.12 Lecture 12 Erdal KOSE Based of Prof. Ziegler Lectures.
Antarmuka Pemakai (User Interface)

Antarmuka Pemakai (User Interface)
Don’t Lose Your Identity – Protect Yourself from Spyware Dan Frommer Sherry Minton.

Don’t Lose Your Identity – Protect Yourself from Spyware Dan Frommer Sherry Minton.
Basics: Getting Started Uploading and Sharing Videos on YouTube. Basics: Getting Started Uploading and Sharing Videos on YouTube. 1.

Basics: Getting Started Uploading and Sharing Videos on YouTube. Basics: Getting Started Uploading and Sharing Videos on YouTube. 1.
Internet Security PA Turnpike Commission. Internet Security Practices, rule #1: Be distrustful when using the Internet!

Internet Security PA Turnpike Commission. Internet Security Practices, rule #1: Be distrustful when using the Internet!
Lab 3 Cookie Stealing using XSS Kara James, Chelsea Collins, Trevor Norwood, David Johnson.

Lab 3 Cookie Stealing using XSS Kara James, Chelsea Collins, Trevor Norwood, David Johnson.
SSL (Secure Socket Layer) and Secure Web Pages Rob Sodders, University of Florida CIS4930 “Advanced Web Design” Spring 2004

SSL (Secure Socket Layer) and Secure Web Pages Rob Sodders, University of Florida CIS4930 “Advanced Web Design” Spring 2004
Title: The Internet LO: Security risks. Security risks Types of risks: 1.Phishing 2.Pharming 3.Spamming 4.Spyware 5.Cookies 6.Virus.

Title: The Internet LO: Security risks. Security risks Types of risks: 1.Phishing 2.Pharming 3.Spamming 4.Spyware 5.Cookies 6.Virus.
Individual User Logins

Individual User Logins
Lesson 46: Using Information From the Web copy and paste information from a Web site print a Web page download information from a Web site customize Web.

Lesson 46: Using Information From the Web copy and paste information from a Web site print a Web page download information from a Web site customize Web.
Privacy and Encryption The threat of privacy due to the sale of sensitive personal information on the internet Definition of anonymity and how it is abused.

Privacy and Encryption The threat of privacy due to the sale of sensitive personal information on the internet Definition of anonymity and how it is abused.
Security Liaisons Information Presentation. Introduction  What’s the big deal with computer security? Don’t we have an IT security department to take.

Security Liaisons Information Presentation. Introduction  What’s the big deal with computer security? Don’t we have an IT security department to take.
11 SUPPORTING INTERNET EXPLORER IN WINDOWS XP Chapter 11.

11 SUPPORTING INTERNET EXPLORER IN WINDOWS XP Chapter 11.

Similar presentations

Ads by Google