Slashdot Mirror
Kazaa Usability Study
Anonymous Coward writes "We have just finished a study that shows how user interface design flaws allow users on Kazaa to share their personal files without their knowledge. In a laboratory user study, only 2 out of 12 subjects were able to correctly determine that Kazaa was sharing their entire hard drive. We looked at the current Kazaa network and discovered that many users are sharing personal information such as email and data for financial programs such as Microsoft Money. To see if other users on Kazaa were aware of this and taking advantage of users ignorance, we ran a Kazaa client for 24 hours with dummy personal files. During this time, files named "Inbox.dbx" and "Credit Cards.xls" were downloaded from our client by several unique users. The tech report is online, or see our lab web page."
why do you think napster grew? people didn't know they were automatically sharing their files, and even if they did, they didn't want to turn it off or figure out how to stop people from getting their files because they wanted to use it to get other peoples files.
if during install there was an option "DO YOU WANT TO SHARE YOUR FILES" 90% would say no... then no network.
P2P RELIES on ignorance of its user base, and the good will of a small fraction of its tech savvy users.
MARIJUANA, SHROOMS, X: ONLINE?! - E
Most people are idiots when it comes to technology, that isn't a surprise. Look back when cable modems first started to take off and you'll see lots of stories of people running PC Anywhere without a password, or using Windows File Sharing and sharing their entire drive.
Computers are complicated devices. Unless they are stripped down to do only one or two functions, like a play-only VCR, the majority of the public will not understand. Many of them don't WANT to understand -- they just want their e-mail, IM, MP3s and pr0n.
Case in point -- KaZaA. It is KNOWN spyware, and has an embedded secondary network (Britewave?) yet despite this being well publicized (CNN, FoxNews, regular geek news like Slashdot) it is wildly popular.
Why? It is *very* convenient, and people will put up with a ton of shit for convenience.
What would be a real interesting study, is get this one publicized as all get out then do it again in 1 year. I bet the stats would be about the same.
Learning HOW to think is more important than learning WHAT to think.
Using financial tracking software is stupid?
Budgets are for dummies too, right?
Robots are everywhere, and they eat old people's medicine for fuel.
Well, I could find out what I was sharing ok Kazaa when I used it. Yes, we all know that if it was designed better the users would have more control - but, one of Kazaa's better features is it's ease of use. That's why it's popular. The fact of the matter is that the people just don't care enough to change anything. For the people that have sensitive data on their computers, they should be responsible enough to guard it, just like not keeping your credit cards on your front porch.
Get Firefox!
Just out of curiosity, I ran the install myself, and I observed that while the sharing scheme isn't 100% clear or too concerned about the user's privacy, it's still not nearly as bad as the outright installation of spyware, which Kazaa does anyway. I also asked a small group of novice users to try it out, and found that:
1) The default shared folder is C:\Program Files\Kazaa\My Shared Folder. A vanilla user with a vanilla install would not have had that directory, and would not have any private files in here to begin with. Most novice users I polled understood that this was the folder which the public would access, and that private files should never be placed there. So... simply clicking "Next" on the install repeatedly doesn't endanger the person's privacy. (well, spyware is still installed, but you get my point)
2) When selecting another folder to share, I found that all of the novice users I polled stored their music in a directory strictly for music, and that subdirectories would contain nothing but music. So, if someone is sharing C:\My Documents\My Music\, they would not be sharing files in the parent directory, where private documents are stored. Realistically, I can't think of too many cases where someone would store private files in a directory made specifically for music. Granted, the user could still accidentally put files there, or accidentally share C:\My Documents, but at that point, it's user error.
3) When selecting an entire drive to share and download music, eg, C:\, all (yes, all) of the users were unwilling to proceed, as they didn't want files piling up in the root directory, and they didn't like the idea of sharing the entire drive. (though this was never specified in the software)
So... what I'm saying is: Common sense and "install: next, next, next" seemed to prevail in the small group of novice users I polled... While I agree wholeheartedly that Kazaa does *NOTHING* to discourage or warn users of sharing their entire drives, I guess this shouldn't come as a surprise considering the company's history.
Just thought I'd share...
Yeah, sounds like your father will deserve it when he gets it, too. He raised a real jackass.
I have heard this argument before ..
We as techs believe that a user must have rudeimentary knowledge on how to OPERATE the computer. Noone is asking them to be techs but they should know the minimum required to use the damn thing.
If you are going to drive, you learn how to drive. If you are cooking you consult a cookbook and cook. Its not like you dont put effort into learning the task at hand.
What bugs me the most is that people believe the computer should just work on whatever task they want it to. Do you get in your car and it should immediately read your mind and take you where you want to go? Or do you put all your groceries on top of the stove and hope for a gourmet meal?
My mother went to a 2 week computer course when she bought a computer and she can do all basic tasks required. She knows where the Start Button is, how to get to the control panel and can distinguish between left, right and double click.
Thats really all we techs want from the users. When we try to help them they should know the basic functionality of the computer so we can help them with their problems
dvNuLL
Spyware does virtually whatever it wants. That's the true evil. Even if a certain piece of Spyware is practically harmless, its the fact that it COULD be reading your inbox & sending to homebase withour your knowledge that makes it an outrage.
It's a bit extreme to get someone to wipe their harddrive due to one of these programs, but other than that, I mostly agree.
Basically I subscribe to:
1) Pick a program to use (Last I used was Bearshare), install it.
2) Run Ad-Aware (www.lavasoft.com), a top little program that'll weed out any 'spyware' that is attempted to be installed as a result of the application.
3) Try running the program, if it won't run due to you removing something via AdAware, then you don't want the thing, uninstall it.
You should be ok using this method as Ad Aware has proved itself to be pretty thorough...
Absolutely have the one directory (With subdirectories is ok) for sharing... I always have a directory for music, with many subdirectories under that by album artist etc... I just share the music directory and subs, and that's it...
Have good protection software running (like Zone Alarm if you're a PC user) and a fine virus checker...
Take these precautions and don't download things that look suspicious in the first place and you're going to have a pretty trouble free existance.
Not that I'm defending KaZaa, I used to use it, and its wizard was ridiculous, it'd share any folder that had something it deemed to be a 'media file'... and that's a fairly broad term, and also you'd be surprised how many folders have an mp3, wav or avi file tucked away in them.
I have often wondered how to inform non-techie people (let's call them 'normals', for the sake of the discussion) about these problems. Considering KaZaA's reputation, I always advise my normal (and sometimes even techie) friends and family not to use it. But I always seem to find that they either don't know about KaZaA's problems or don't appreciate the security risks.
As we can't rely on KaZaA's makers to fix these problems or to warn users, what can we do?
If you think about the security and virus problems with Microsoft Windows and Email programs, most normals (at least the ones that I know) seem to only get warnings about these issues from those annoying group forwards or virus warnings sent by someone's father/brother/uncle/friend who works for IBM/Norton/Symantic/FBI/CIA/Government Agency. For better or for worse, normals do seem to believe these warnings, so perhaps this is the only way to inform people about KaZaA.
What does everyone think? Is this method too evil to be used for good purposes?
You break all the laws of physics and you seriously think there wouldn't be a price?
I like the way computer geeks think anyone who doesn't know as much about computers as they do are idiots.
:-)
Maybe it is just that there are so many idiots.
Can you repair your own car?
Of course. Been there, done that, from clutches to carb overhaul, to head & valve work, to new piston rings and timing chains. Anyone with a brain can do all this and much more.
Build your own house?
Not yet, but a friend of mine has. I probably will someday myself, and look forward to it. Until then, I have built a couple large barn/sheds for practice.
Hell, can you cook your own food?
Of course. I've been cooking since I was a child (say, 7 or 8) at home and camping. I'm no gourmet chef, but it all tastes good
Then why are these people dumb because they aren't computer experts?
Anyone who has spent more than a couple weeks with a computer has had plenty of opportunity to learn the basics of programming. I speak from personal experience. More than 20 years ago, I bought a couple BASIC programming books and was writing working programs in about a week. Within a couple months, I was writing a lot in assembly language. IT ISN'T HARD, FOLKS!
I speak from personal experience that anyone can do these things, plus learn foreign languages, fly an airplane, develop your own film and prints, lay out, etch, and drill your own circuit boards, use a scope, troubleshoot and repair electronic gear, configure routers, and many other things. All it takes is for someone to GET OFF HIS LAZY ASS AND DO IT.
Now, I still have many things that I would like to do when I get a chance, like learning a martial art, how to scuba dive, play a musical instrument, fly a helicopter, understand and design optics (and quantum electrodynamics, of course), and many other things. The important point is that if I needed any of these skills in my daily life, I would get on them IMMEDIATELY, and not whine like a baby that they are too hard to understand (sob!)
A dingo ate my sig...
During a boring week last November I decided to see just what I could find on Morpheus. Here is some of the great stuff I found:
Financial info and a company database for an office furniture wholesaler on the east coast. Everything from salary history to SSN's. Based on the contents, I'd say that junior was playing with p2p on mom's home office computer.
One guy had tons of Christian propaganda. I skipped the Bible and his prayer journal. What caught my eye was a little file called "purity pledge". It was the standard stuff, no sex, no oral, no petting, and no porn. I guess his big stash of hentai didn't count.
Little billy was a good lad. He sent thank you notes to grandma. It looked like he did his homework too. His favorite subject was hung studs in raunchy gay fisting action.
The best one of all was a guy who was looking for a mail order bride. It looked like he narrowed his choices to four girls. He had lingere shots of each of them and quite a few nudes of one girl. Funny thing, she wasn't the one if the wedding photo.
There was a ton of diaries, porn, budgets, and shitty access databases. I came to realize one crucial fact: most people are boring.
As a Technical Support person myself I totally agree with you. We are "experts" in our field, just like car repair professionals are "experts" in their field. I don't think car repair professionals think their customers are idiots because they don't know how to fix a broken transmission (I certainly don't know how). However, they do expect you to know what a transmission is and does, and expect that you can explain the symptoms.
In my experience I've found that by showing and explaining to the users their problem and what likely caused it, that I get much less support calls about that same problem. The reason is that the end-users educate each other. In other words, they see a co-worker with the same problem they have had in the past, and because I explained everything to them, they show the co-worker how to prevent it or tell the user exactly what to tell me the technical support person.
I think there are a good percentage of computer professionals that need to remember their roots. There is a time that we didn't know about computers, and were confused by them. We are computer professionals because we sought to learn about them. Just like car professionals sought to learn about cars.
Am I a idiot because I can't figure out why my engine is making a squeaky sound when that is not my profession?
its actually pretty common for people who in a service role in a company to have some disdain for the people that they are paid to service.
most IT people think that they are constantly having to deal with the morons above them, getting this way just because the IT people have chosen to focus on computers as their specialty.
well, IT people arent special. they are what happens when you arent good enough to build a system... just maintain someone elses (for the most part). most of the resentment for upper management who cant configure outlook correctly probably comes from the narrow minded thinking that not knowing how to is stupid, and knowing how to makes them superior.
well, most of those upper management people are probably too busy with their lives, their jobs, etc to deal with things like that. thats why there are IT people... to service and support the people who make the money for the company!
so, go fix upper managements keyboard by plugging it back in... and remember he could learn how to troubleshoot a computer sys, but hes too busy being on the phone doing things that allow him to have a support staff to do them.
There's nothing Intelligent about Intelligent Design.
is that the commercial entities (including a university), finance a study of something that should be patently clear in the first place. The people who petitioned for this study already knew the conclusion. I hate to complain, but the financiers involved in this study should be at least somewhat knowledgable of computers and the security risks involved when you put a monkey in front of one. The people who conducted this study took the easy way out; they didn't think of something worthwhile to research. They simply wanted their names on an 'official study', and it's in PDF format, so it must be official.
File sharing is a dubious business at best, and most of the companies involved in it will try to manipulate your machine in one way or another.
So...let them. Let them prat about with your machine to their heart's content. Let them install all the spyware in the world. Let them share every file that's ever been placed on it. Just one thing - make sure it's not a real machine.
In other words, make use of the virtual machine programs kicking about. VMWare for most, Virtual PC in my case. Use that machine for nothing but running your P2P clients. No email, no web browsing, nothing. Just run your clients and enjoy. Let them spy on everything happening within that machine, because the only thing happening on that machine is the running of their own software.
Cheers,
Ian
Oh, there are parallels much earlier in the auto industry.
For instance - in the teens and twenties - many cars often had a knob or a lever on the dash for setting the spark advance. If the spark is too retarded, the engine has moved on and the exhaust valve is opening, and your opportunity for combustion is passed - the engine will stumble and die. But if the spark is too advanced, the engine will produce too much heat, as the piston is still heading upwards, and compressing when combustion occurs. Of course, as the speed of the engine changes, the requirements for timing the spark changes. The timing at 2000 rpm needs to be advanced compared to 800 rpm. So as you accelerated in these older cars, you had to manually set this lever on the dash to advance the timing so the engine didn't die. This was considered too complex for your average woman of the teens and twenties to handle, so there were various laws passed making it illegal for a woman to drive (I think most states have since repealed these laws. Most states).
In later cars, ignition timing is handled by a mechanical "distributor" which advances the spark based on the speed the engine is running. This eliminated one whole control, one whole focus of attention.
Later cars eliminated the high maintenance of the mechanical distributor by replacing it with an electronic timing system (electronic ignition).
I don't think that there's a single person who will argue that "the old way" was better. Although a lot of people mourn the loss of distributors, everybody's happy about not having to set the timing advance on the dashboard as you accelerate.
Other improvements include automatic transmissions. To this day, my wife refuses to learn to drive stick. Why should she have to do it when there's a perfectly good mechanical device designed to take care of this needless distraction for you? You can get from point a to point b just fine without a clutch and gearshift lever.
Of course, macho purists will give you all kinds of rational explanations as to why driving stick is better; you can judge your speed by the engine note and knowldege of which gear you're in, which is obtained tactile-ly, so you don't have to take your eyes off the road to look at the speedometer. Manual transmissions are more efficient. Easier to maintain and repair. Allow more flexibility when you're driving hard.
None of those things matter to the soccer mom with three screaming kids in the back of the van, trying to get them home in time for lunch.
These are only a couple of examples of how the auto industry changed to meet the needs of people whose money it wanted.
If the computer industry wants these people's money - if they truly want to sell a computer for every home - they're going to have to design a computer for EVERY home. Not just the niche geek market. Macintosh made computers more accessible - but not to the poor. Windows made computers more accessible, but simplicity was sacrificed for CHEAPNESS. Linux made computers even more accessible to low income people who were willing and able to "geek out". "modern" Linux (the last 2-3 years) is even more accessible to your typical Windows person - but still has a ways to go to be as simple as a Mac. Personally, while Apple did a great job making Mac OS X a SIMPLE to use Unix, it's a step backwards from the old OS in many ways - as far as mass-market usability is concerned. Nobody really hits that target yet. Or even comes close.
I think that ultimately, file systems will have to be transparent. Data has to be accessible, without requiring the user to know about a directory structure. I know those sound pretty unrealistic - but I think that's the only way that, in the long run, "normal" people are going to be able to use computers productively enough to justify their use. Either that, or they're going to have to evolve into limited-use appliances.
These are my friends, See how they glisten. See this one shine, how he smiles in the light.