Simply Security - News, Views, and Opinions from Trend Micro

Posted on December 1st, 2011 in Research by Simply Security | 1 Comment | Tags: Privacy

New research is suggesting that existing online privacy tools may be too confusing to operate effectively.

With regulators growing increasingly aware of emerging digital privacy threats, researchers from Carnegie Mellon University have released a report detailing numerous flaws in the online privacy tools specifically designed to keep consumer information safe.

One of the most notable trends in marketing is the use of online behavioral advertising, or crafting web messages based upon user habits. For example, a consumer logging several visits to outdoor sporting websites may be shown banner ads related to a hiking boot retailer. However, this marketing strategy has not been well-received by all. Several consumer protection agencies have taken issue with this practice, labeling it a direct invasion of digital privacy.

Just this week, one online video advertising site was forced to settle U.S. Federal Trade Commission charges claiming that administrators falsely implied consumers could opt out of targeted ads by adjusting their browser’s cookies settings. In reality, users would have also needed knowledge of how to disable Flash cookies to block the service.

This news will come as little surprise to CMU researchers. According to the university’s recent 45-participant laboratory study, all nine of the online privacy tools assessed within the research were found to have “serious usability flaws.”

Confusing interfaces, inadequate communication loops and inappropriate default settings were highlighted as the most prevalent problems among the tools tested by researchers.

According to the Wall Street Journal, there were several instances in which participants thought they were making proactive Internet security steps, while in reality they were compromising protection measures. In one example, a user accidentally deleted the opt-out cookie in an attempt to remove all tracking mechanisms on the site.

“Our results suggest that the current approach for advertising industry self-regulation through opt-out mechanisms is fundamentally flawed,” the report concluded. “Users’ expectations and abilities are not supported by existing approaches that limit Online Behavioral Advertising by selecting particular companies or specifying tracking mechanisms to block.”

Although government regulators may ultimately be called upon to settle this debate, there are signs to suggest the Internet-advertising industry may be making strides in addressing consumer privacy concerns. According to the Washington Post, the Online Internet-Based Advertising Accountability Program has revealed the results of its first six compliance cases.

“I was very happily surprised at how quickly these companies responded and how positively they responded,” Genie Barton, vice president of the Council of Better Business Bureaus, told the Post.

Project directors have also adopted a hard-line stance by referring non-cooperative companies to the FTC and publicizing the news via press releases, according to the Post.

Data Security News from SimplySecurity.com by Trend Micro