Slashdot Mirror

← Back to Stories (view on slashdot.org)

Kazaa Usability Study

Posted by michael on from the painful-lessons dept.

Anonymous Coward writes "We have just finished a study that shows how user interface design flaws allow users on Kazaa to share their personal files without their knowledge. In a laboratory user study, only 2 out of 12 subjects were able to correctly determine that Kazaa was sharing their entire hard drive. We looked at the current Kazaa network and discovered that many users are sharing personal information such as email and data for financial programs such as Microsoft Money. To see if other users on Kazaa were aware of this and taking advantage of users ignorance, we ran a Kazaa client for 24 hours with dummy personal files. During this time, files named "Inbox.dbx" and "Credit Cards.xls" were downloaded from our client by several unique users. The tech report is online, or see our lab web page."

6 of 279 comments (clear)

  1. Re:out of the technical journal DUH. by Saeculorum · · Score: 3, Informative

    Let's see here... Open KaZaA (Lite, of course), go to Tools - Options - Traffic. Select "Disable sharing of files with other KaZaA users." Click "OK". No need to even restart the client.

    It's not that hard. Of course, it's not in install, but it's not like one has to manually reconfigure the registry to disable it (unlike the reported bandwidth, which people already do).

  2. To refresh your memory by cscx · · Score: 5, Informative

    why do you think napster grew? people didn't know they were automatically sharing their files, and even if they did, they didn't want to turn it off or figure out how to stop people from getting their files because they wanted to use it to get other peoples files.

    Napster restricted users to sharing ".mp3" files only unless you applied a third-party patch.

    On the other hand, most people accept the default directory of "My Shared Folder" or whatnot. If you are sharing your entire drive (which you need to go out of your way to do) then I'm sorry, you're an idiot.

    My favorite part of the article:

    The word "folder" is singular, implying one folder, and does not hint that all folders below it will be recursively selected to be shared with others.

    So it's sharing the stuff in it, but it's not? Riiiight.

  3. not quite by Anonymous Coward · · Score: 1, Informative

    however, using a MICROSOFT product to store sensitive financial information unencrypted IS.

    what he meant was that anyone who relies on microsoft (general MS bashing here) to handle thier finances isnt all that bright in the first place, and does not realize that "MyCreditCard#s.doc" is being shared by kazaa.

    of course, kazaa is for morons anyway... (the network in general, kazaalite is about worthless as well. winMX for mp3s, edonkey2000 for everything else)

    and yes, edonkey requires some tweaking before it will work well, but it DOES.

  4. Re:So what do we do? by analog_line · · Score: 5, Informative

    What we need is for people to understand is that most of the current crop of P2P software was designed either in a slipshod and dangerous manner, or intentionally maliciously.

    Whenever I find anyone I know running P2P software, I recommend that they uninstall it completely (and if possible wipe and reinstall the hard drive, the gods knows what some of these "commercial" ones do to you) or failing that, I'll recommend that they strictly limit all sharing activity to a single folder, and to move all downloaded items out of it after they've finished, and to make sure that the software actually closes when you quit (many keep running I've found), and to quit immediately after you've finished.

    I'd rather these people be seen as leeches than fall vitcim to any back doors that may have been programmed into them. Gnutella may be open source, but it's crap. Everything else I don't trust one single bit.

  5. Personal info on Kazaa by Anonymous Coward · · Score: 1, Informative

    After reading this story I decided to do a little test of my own: Do a search, under type of file choose "Everything" and search for ".wab" (Windows address book) or ".doc" ...

    I do not even want to think what is out there as far as QuickBooks or other financial software files. What a bunch of idiots!

  6. Re:Good point, but in most cases... by ckedge · · Score: 3, Informative


    Kazaa's "shared folder selector" has a failure mode, a bug, where you select a deep level subdirectory and click "ok" or "apply" and it actually shares the entire hard drive. If you re-open the shared-folder gui, it will show your entire drive shared.

    So it's not simply a user interface usability issue. There is a known bug in the code that causes entire drives to be shared when all you are doing is selecting a specific subdirectory.