一本道无码

一本道无码
March 03, 2017

Cranor stresses the need to test privacy policies

By Daniel Tkacik

Ten years ago,  graduate student Aleecia McDonald walked into Lorrie Cranor’s office and asked, “What would happen if everybody read all of the privacy policies on all of the websites they visit?”

Cranor swiftly responded, “Don’t be ridiculous, that would never happen.” McDonald’s question, however, piqued Cranor’s interest: Why would that never happen?

The two tackled the question and eventually  to read every privacy policy for every website they visited in one year.

“I study privacy policies, and I spend a lot of time reading them, and I do not spend 244 hours per year reading privacy policies,” Cranor told a crowd of hundreds at last month’s  in Oakland, California. “So a model that assumes consumers spend this much time is really unworkable.”

Cranor, a professor in Carnegie Mellon’s and the Department of , shared what she had learned over the years about privacy policies, and suggested a path forward toward improving their effectiveness.

"We can hardly expect that people will walk around looking at all of their smart light bulbs, smart thermostats, and drones for privacy policies."
- Lorrie CranorProfessor, EPP & SCS, 一本道无码

“Things aren’t going to get any better in an Internet of Things world,” Cranor said. “We don’t have people going and seeking out privacy policies on websites, so we can hardly expect that people will walk around looking at all of their smart light bulbs, smart thermostats, and drones for privacy policies.”

In the recent past, Cranor’s group developed a which simplified the most important information in privacy policies down to a simple table of facts, similar to a nutrition label. Other groups have distilled privacy policies down to simple symbols or icons, and some have even turned .

But do any of these techniques work? That’s one of the most important questions, and Cranor pointed to some user studies conducted at CyLab.

In , researchers learned that putting a privacy policy in the app store is not enough for people to notice them. People who were presented with the privacy policy anytime after downloading an app were more familiar with the policy than those who could only see the policy in the app store. So timing matters.

 involved a “Privacy Facts” notice for Android apps. The researchers found that users tended to choose apps that appeared to be more privacy-friendly, according to the “Privacy Facts” being displayed. 

“If you’re involved in a project where you need to present users with a privacy notice or security warning, or any other type of disclosure, you need to insist that the disclosure gets tested with users,” Cranor said. “This way, you can ensure that users will actually notice the disclosure, they’ll understand the disclosure, and they’ll be able to use it to make decisions that may impact their behavior.”