Electronic Privacy Bulleted List
Attitudes Towards Spamming
Graphs: [Location] [Age] [Gender]
- How exactly do people deal with unsolicited mass emailings (a.k.a. SPAM)? Out of those users who report receiving mass emailings, the most popular response to being spammed is to simply delete the message (61.01%). Nearly one in five users (18.74%) respond to the entities behind the email requesting to be removed from future mailings. Only 10.97% report actually reading the message (up slightly from the Sixth survey of 9.88%), a number which may suprise those entities that send the messages. Close to 5% of the people claim to retaliate in one form or another (mail bombs, denial-of-service attacks, etc.), up one percentage point from the Sixth Survey.
- As with the Sixth Survey, nearly twice as many Europeans retaliate when spammed (9.63%). Gender differences also exist, with women being less likely to retaliate (1.19% female vs. 6.07% male) and more likely to delete the message. As one might expect, the elder generation deletes more spam and retaliates less than the younger generation (65.70% 50+ delete vs. 57.29% 19-25 and 1.66% 50+ retaliate vs. 6.85% 19-25). This trend towards lack of acceptance of spamming among the younger generations does not paint a nice picture for the future of spammers, though they may decide to direct more mass emailings towards the older, more tolerant audiences.
Difference Between What is Loggable and What Ought to be Logged
Graphs: [ALL]
- There is definitely a gap between what people think is logged versus what they think ought to be logged for each page requested on the WWW (see: What Information Ought To Be Collected Per Page Request for more information). The below graph illustrates where these differences occur and to what extent. These findings closely resemble those from the Sixth survey.
- There is rough agreement and knowledge that the requested page and time of the request are logged. However, when it comes to the ability to record the machine name issuing the request (difference 48.79%) and to uniquely identify users across sessions (difference 40.03%) for example via cookies, users differ greatly with in what they'd want to be logged and what is common practice. That is, while 60.67% of the users correctly believe that a persistent session IDs can be recorded, only 20.75% feel that this should be done--which has serious possible ramifications for those entities, technologies, and applications that rely upon cookies.
- The ability to record a user's email address (difference 37.85%) per page request also showed a great difference, but unlike the others, this is not possible in the straightforward implementation of the HTTP 1.0 and 1.1 protocol. This reveals a common misconception amongst Web users, possibly attributed to earlier faulty security implementation by Netscape of Java and JavaScript, and lack of trust of Microsoft's Internet Explorer behavior. These numbers represent all users, independent of strata.
Knowledge of Information Logged per Page Request
Graphs: [Location] [Age] [Gender]
- Nearly all users correctly reported that for each page they request, the time of the request and the page name can be recorded (89.45% and 87.20% respectively). This does not represent any shift in user understanding from the Sixth Survey. Users are also fairly well educated in the facts that their machine name and type/version of browser can also be normally logged (76.83% and 72.56% respectively). Three fifths (60.78%) believe that a session identifier that persists across sessions can be recorded. This is possible today via the issuing of cookies. Over half of the users reported that their email address could be recorded (57.41%), which is not true according to HTTP 1.0 and HTTP 1.1 specifications (HTTP is specifies the language used to transfer data on the Web). Only 8.5% reported that they did not know.
- Overall, males are most certain about which information could be logged than females, especially with respect to session Ids (67.31% male vs. 47.05% female), browser type/version (79.09% male vs. 58.95% female), and machine name (82.53% male vs. 64.82% female). There are a few categories (machine name, session Id, and email) where different age groups differed, the other categories received similar response rates.
Opinions on Direct Marketing Graphs
Graphs: [Location] [Age] [Gender]
- The revealing of demographic information and the subsequent use of the information for direct marketing is currently a hot issue on the Web and one that will remain so for a while it seems. There is very little deviation of response by people on the issue of who ought to have complete control over their demographic information -- most strongly agreed that they ought to control their demographic information (4.44 Scale: 1 disagree 3 neutral 5 agree). This characteristic is unchanged from the Sixth Survey (4.43). Less agreement was found for the statement that the collection of demographic information helps improve the marketing of WWW sites (3.44 Seventh vs. 3.46 Sixth).
- In order to gain an understanding of how the online medium differs from print, we asked users statements about each medium. While users tend not to like receiving mass postal mailings (a.k.a. junk mail) (2.18 Seventh vs. 2.30 Sixth), users are even more opposed to receiving mass emailings (1.58 Seventh vs. 1.69 Sixth). Likewise, while users tend not agree that magazines have the right to resell collected demographic information (1.96 Seventh vs. 2.07 Sixth), they disagree more with respect to WWW sites reselling demographic information (1.83 Seventh vs. 1.76 Sixth). This indicates a separate distinction between what's acceptable in each medium by the users. The notion that people like to receive targeted marketing material is not supported by the data, regardless of the medium. There is high agreement on these issues across strata as well as between the Sixth and Seventh Surveys.
- The recent advent of networks specifically designed to collect individual usage information across sites is not well supported by users, with sentiment for the existence of such networks being highly negative (1.83). This
Opinions on Internet Privacy Graphs
Graphs: [Location] [Age] [Gender]
- Privacy and anonymity go hand-in-hand, but exactly how does the Web community feel about the specific issues surrounding privacy on the Internet? The below question asked people to rate their agreement/disagreement on a 5-point scale, with '1' representing strong disagreement, '5' representing strong agreement and '3' neutrality.
- Nearly everyone feels strongly that people ought to be able to have private communications over the Internet (4.70 Seventh vs. 4.70 Sixth). People also seriously value the anonymous nature of the Internet (4.47 Seventh vs. 4.46 Sixth). Most people prefer anonymous payment systems (3.90 Seventh vs. 3.93 Sixth) and feel that the Internet needs new laws to protect privacy (3.81 Seventh vs. 3.79 Sixth). People tend to agree somewhat that they ought to be able to take on multiple roles/aliases on the Internet (3.63 Seventh vs. 3.67 Sixth). While the average response value for the use of key escrow systems indicates neutrality (3.09 Seventh vs. 3.09 Sixth), the distribution of responses was bimodal, with nearly half of the respondents stating agreement with a key escrow system and half of the respondents stating disagreement.
- In keeping pace with the evolution of data privacy issues, we added two new questions to the Seventh survey. The first posited the statement: stronger laws are necessary to protect children's privacy online. Sentiment for this question is slightly above neutrality (3.27), but with a strong bimodal distribution (i.e., many in favor and many opposed). The second questions made the statement: some content does not belong on the Internet. This statement averaged out to mildly neutral 2.79, but again, had a strong bimodal distribution.
- There is considerable consensus across the strata on the issue of anonymity. Differences did occur between European and US users on the need for new laws to protect privacy (3.59 European vs. 3.79 US). This is most likely the result of stronger privacy laws in Europe than the US. Females are more likely to prefer a key escrow systems (3.34) than men (2.89). The 19-25 yr. old generation places more importance on anonymity overall and the ability to assume multiple aliases than the elder generation (3.87 19-25 vs 3.32 50+). The younger generation also felt more strongly that new laws are necessary to protect online privacy.
Policies Towards Spamming
Graphs: [Location] [Age] [Gender]
- For the Seventh Survey, we added the new response choice of creating a blacklist. While this addition makes comparison between the Sixth Survey and the Seventh Survey for the questions problematic, it helps clarify the popularity of different solutions.
- From this and the Sixth Survey, users make very clear that they do not like to receive mass emailings, i.e., be spammed, but what do they propose to do about it? The most popular solution is an opt-out system where a registry would contain the addresses of people who do not wish to receive mass emailings (38.60%). This is similar to the system already in place in the US that exists to remove people from junk postal mailing lists. 13.77% responded in support of imposing an 'impact' fee on the agencies sending the mail. Exactly what this impact fee would be or how it would be implemented was not specified in the question. Somewhat surprisingly, only 8.18% voted in favor of government regulation making spamming illegal. These findings suggest that the online community favors the co-existence of users and spammers, but with users having more control.
- European users support the use of blacklists more than their US counterparts (28.27% Europe vs. 18.07% US) while being less likely to support the use of a registry (24.30% Europe vs. 40.20% US). Women and the elder generation were more in favor of an opt-out registry than their counter-parts (47.6% female vs. 34.41% male and 46.88% 50+ vs. 33.40% 19-25).
Reasons for Not Registering
Graphs: [Location] [Age] [Gender]
- From this Survey and the Sixth Survey, it has been established that people falsify information of online registrations with some regularity and that online community very seriously values it's anonymity. This question attempt to understand why people resist online registration. The most widely cited reason for not registering is that the terms and conditions of how the collected information is going to be used is not clearly specified (69.34%). Users also feel very strongly that revealing the requested information is not worth being able to access the site (64.49%). Thus, while the foremost problem of terms and conditions of user can be easily rectified, the latter problem of making the trade-off between demographic collected and accessing a site is not as straight forward (we address this issue of possible solutions in Terms and Conditions for Revealing Demographic Information). An equally difficult issue is building trust between entities. Over 62% report that they do not trust the collecting sites. Efforts that attempt to help ensure the data privacy standards of sites, like E-Trust may be able to help alleviate this lack of trust.
- As with the Sixth Survey, the time it takes to complete the form is a factor (42.42%), but not as significant as the others. Much of the remaining difficulties reside in the type of information collected, with 44.51% not registering because of postal mail address requirements, 31.28% because of name requirements, and 25.46% email requirements. Thus, proposals that call for business cards to be built into browsers and protocol which would enable them to be easily deposited at sites is probably not the cure-all for this problem but ought to help. The overall ranking of reasons for not registering and the percentages are consistent with the findings from the Sixth Survey.
Terms and Conditions for Revealing Demographic Information
Graphs: [Location] [Age] [Gender]
- Seeing as people want control of their demographic information (see Opinions of Direct Marketing and clearly specified reasons for not registering with sites (see Reasons For Not Registering, what do users propose as the conditions for their revealing demographic information? As one might expect from these other questions, sites need to clearly specify how the information is going to be used (72.38% Seventh vs. 74.28% Sixth). Additionally, sites need to inform the users what information is going to be collected (54.84% Seventh vs. 56.86% Sixth). Users would be more likely to reveal their information if it was only going to be used in aggregate form (52.11% Seventh vs. 55.53% Sixth), i.e., would not be able to uniquely identify an individual, only characteristics of a group of users. Incentives in the form of a value-added services (38.30% Seventh vs. 41.57% Sixth), access to the contents of the site (32.72% Seventh vs. 35.32% Sixth) and a discount at the site's store (23.68% Seventh vs. 25.87% Sixth) would help encourage user's to part with their demographic information as well.
- There is basic agreement on these issue across the strata, with an exception being that the elder generation prefers the data only to be used in aggregate form (56.34% 50+ vs. 48.87% 19-25). This age dependent characteristic also occurred in the Sixth Survey.
What Information Ought to be Collected per Page Request
Graphs: [Location] [Age] [Gender]
- If users were given their way, how would they implement protocols and applications with respect to what information is available to be logged per page requested over the WWW? As with the Sixth Survey, three out of four users agree that sites ought to be able to record the page that is requested (74.27% Seventh vs. 76.60% Sixth) and the time of the page request (70.95% Seventh vs. 74.42% Sixth). Under half (43.98% Seventh vs. 43.71% Sixth) feel that the browser that users are using ought to be collected. The machine name/address (28.04% Seventh vs. 27.00% Sixth), the operating system the user operates (28.33 Seventh vs. 26.83% Sixth), the user's email address (19.56% Seventh vs. 21.03% Sixth), and the location of the user (18.36% Seventh vs. 19.70% Sixth) are not high on people's list either. It is interesting to note that most users of the WWW can reliably gather all of the above information except email and location for every page request.
- When asked about an identifier that would uniquely label users across sessions at a site, only one out of every five (20.75% Seventh vs. 19.08% Sixth) thought this should be possible. Yet, identifiers already exist and are widely supported by browsers, via cookies. In recent months, the controversy between data privacy advocates and the advertising community has received considerable attention in the popular media as well as within the US government. The data collected by the Sixth and Seventh Surveys do not support continued user of persistent session identifiers.
Copyright 1997
Georgia Tech Research Corporation
Atlanta, Georgia 30332-0415
ALL RIGHTS RESERVED
Usage RestrictionsFor more information or to submit comments:
send e-mail to www-survey@cc.gatech.edu.GVU's WWW Surveying Team
Graphics, Visualization, & Usability Center
College of Computing
Georgia Institute of Technology
Atlanta, GA 30332-0280