Privacy Bulleted List
Attitudes Towards Spamming
Graphs: [Location]
[Age]
[Gender]
- How exactly do people deal with unsolicited mass emailings (aka SPAM)? Turns out that the most popular
response to being spammed is to simply delete the message, an action which 46.28% of the people apparently
do. Surprisingly, one in five people claim that they have never received any mass emailings (these people
probably do not post to usenet news, a popular feeding ground for spammers). A significant number of
people reply back to the sender requesting to be removed from future mailings. Only 9.88% actually read
the message, a number which may surprise those entities that send the messages. Close to 4% of
the people claim to retaliate in one form or another (mail bombs, denial-of-service attacks, etc.).
- While there is less spamming in Europe (24.64% claim never to have been spammed), nearly twice as many
Europeans retaliate when spammed (6.16%). Gender differences also exist, with over 30% of women claiming
never to have been spammed compared to only 17% for men. This might be reflective of the bias towards
male-focused products and services on the Web. As one might expect, the elder generation deletes more
spam and retaliate less than the younger generation (49.83% 50+ delete vs 43.40% 19-25 and 1.49% 50+ retaliate
vs 5.34% 19-25). This trend towards lack of acceptance of spamming among the younger generations
does not paint a nice picture for the future of spammers.
Difference Page Request
[Graph]
- There is definitely a gap between what people think is logged versus that they think
ought to be logged for each page requested on the WWW (see:
What Information
Ought To Be Collected Per Page Request for more information). The below graph
illustrates where these differences occur and to what extent. There is rough agreement
and knowledge that the requested page and time of the request are logged. However, when
it comes to the ability to uniquely identify users across sessions (difference 36.93%)
and the machine name issuing the request (difference 49.38%), users differ greatly with
in what they'd want to be logged and what is common practice. The ability to record a
user's email address (difference 37.37%) per page request also showed a great difference,
but unlike the others, this is not possible in the straight-forward implementation of the
HTTP 1.0 and 1.1 protocol. This reveals a common misconception amongst Web users, possibly
attributed to earlier faulty security implementation by Netscape of Java and Javascript.
Opinions Of Anonymity
Graphs: [Location]
[Age]
[Gender]
- Privacy and anonymity go hand-in-hand, but exactly how does the Web community
feel about the specific issues surround anonymity on the Internet? The below question
asked people to rate their agreement/disagreement on a 5-point scale, with '1'
representing strong disagreement, '5' representing strong agreement and '3' neutrality.
Nearly everyone felt strongly that people ought to be able to have private communications
over the Internet (4.70). People tend to seriously value the anonymous nature of the
Internet (4.46). Most people prefer anonymous payment systems (3.93) and feel that the
Internet needs new laws to protect privacy (3.79). While people tend to agree that they
ought to be able to take on multiple roles/aliases on the Internet (3.67), the community
seems to be all over the board on the use of key escrow systems (3.09), with nearly half
stating agreement with a key escrow system and half expressing disagreement.
- There is considerable consensus across the strata on the issue of anonymity. Differences
did occur between European and US users on the need for new laws to protect privacy (3.59
European vs 3.79 US). This is most likely the result of stronger privacy laws in Europe
than the US. Females are more likely to prefer a key escrow systems (3.34) than men (2.89).
The 19-25 yr old generation places more importance on anonymity overall and the ability to
assume multiple aliases than the elder generation (3.87 19-25 vs 3.32 50+). The younger
generation also felt more strongly that new laws are necessary to protect online privacy.
Opinions Of Direct Marketing
Graphs: [Location]
[Age]
[Gender]
- The revealing of demographic information and the subsequent use of the information for
direct marketing is currently a hot issue on the Web and one that will remain so for a while
it seems. There is very little deviation of response by people on the issue of who ought to
have complete control over their demographic information -- most strongly agreed that they
ought to control their demographic information (4.43). Less agreement was found for the
statement that the collection of demographic information helps improve the marketing of
sites (3.46). In order to gain an understanding of how the online medium differs from
print, we asked users statements about each medium. While users tend not to like receiving
mass postal mailings (aka junk-mail) (2.30), users were even more opposed to receiving
mass emailings (1.69). Likewise, while users tend not agree that magazines have the right to resell
collected demographic information (2.07), they disagree more so with respect to WWW sites reselling
demographic information (1.76). This indicates a separate distinction between what's acceptable
in each mediums by the users. The notion that people like to receive targeted marketing material,
is not supported by the data, regardless of the medium. There is high agreement on these issues
across strata.
Policies Towards Spamming
Graphs: [Location]
[Age]
[Gender]
- From this survey, people are very clear that they do not like to be receive mass emailings,
i.e., be spammed, but what do they propose to do about it? The majority of people responded in
favor of an opt-out system, where a registry would contain the addresses of people who do not
wish to receive mass emailings. Note that is is similar to the system already in place in the
US that exists to remove people from junk mailing lists. Over 16% responded in favor of imposing
an 'impact' fee on the agencies sending the mail. Exactly what this impact fee would be or how
it would be implemented was not specified in the question. Somewhat surprisingly, only 5.89%
voted in favor of government regulation making spamming illegal. This suggests that the online
community favors the co-existence of users and spammers, but with users having the final say.
Women and the elder generation were more in favor of an opt-out registry than their counter-parts
(59.38 female vs 47.38 male and 55.91 50+ vs 48.66 19-25).
Reasons For Not Registering
Graphs: [Location]
[Age]
[Gender]
- From this survey, it has been established that people falsify information of online
registrations with some regularity and that online community very seriously values it's
anonymity. This question attempt to understand why people resist online registration.
The most widely cited reason for not registering is that the terms and conditions of
how the collected information is going to be used is not clearly specified (70.15%).
User also feel very strongly that revealing the requested information is not worth being
able to access the site (69.95%). Thus, while the foremost problem of terms and conditions
of user can be easily rectified, the latter problem of making the trade-off between
demographic collected and accessing a site is not as straight forward (we address this issue
of possible solutions in
Terms and Conditions for Revealing Demographic Information). An equally difficult
issue is building trust between entities.
Over 62% report that they do not trust the collecting site. Efforts that attempt to help
ensure the data privacy standards of sites, like E-Trust may be able to help alleviate this
lack of trust.
- Turns out that the time it takes to complete the form is a factor (38.9%), but not as
significant as the others. Much of the remaining difficulties reside in the type of information
collected, with 45.33% not registering because of postal mail requirements, 30.74% because of
name requirements, and 21.99% email requirements. Thus, proposals that call for business cards
to be built into the browser and protocols which would enable them to be easily deposited at sites
is not the cure-all for this problem but will help somewhat.
Terms And Conditions For Revealing Information
Graphs: [Location]
[Age]
[Gender]
- Seeing as people want control of their demographic information (see
Opinions of Direct Marketing and have clearly specified reasons for not registering with sites (see
Reasons For Not Registering, what do users propose as the
terms for their revealing demographic information? As one would expect from these other questions, sites
need to clearly specify how the information is going to be used (74.28%). Additionally, sites need to
explicitly inform the users what information is going to be collected (56.86%). users would be more
likely to reveal their information if it was only going to be used in aggregate form (55.53%), i.e., would not be
able to uniquely identify an individual, only characteristics of the group. Incentives in the form of
a value-added service (41.57%), access to the site (356.32%) and a discount at the site's store (25.87%)
would help encourage user's to part with their demographic information as well. There is basic agreement
on these issue across the strata, with an exception being that the elder generation prefers the data only
to be used in aggregate form (63.61% 50+ vs 52.52% 19-25).
What Information Ought To Be Collected Per Page Request
Graphs: [Location]
[Age]
[Gender]
- If users where given their way, how would they implement the protocols with respect to what information
is available to be logged per page requested over the WWW? Three out of four users agree that sites
ought to be able to record the page that is requested (76.60%) and the time of the page request (74.42%).
Under half (43.71%) feel that the browser that users are using ought to be loggable. The machine name/address
(27.00%), the operating system the user operates (26.83%), the user's email address (21.03%), and the location
of the user (19.70%) were all not high on people's list of this to record per page request. It is interesting
to note that all of the above information except email and location can be reliably gathered for every
page request by most users of the WWW. When asked about an identifier that would uniquely label users across
sessions at a site, less than one out of every five (19.08%) thought that this should be possible. Yet,
identifiers already exist and are widely supported by browsers, aka cookies. There is already evidence of
controversy surrounding the use and lack of control over cookies by technically savvy portions of the user
community and the advertising community that desires fine grain measurement of usage. Wonder how it will all
pan out!
