Kazaa Usability Study

Anonymous Coward writes "We have just finished a study that shows how user interface design flaws allow users on Kazaa to share their personal files without their knowledge. In a laboratory user study, only 2 out of 12 subjects were able to correctly determine that Kazaa was sharing their entire hard drive. We looked at the current Kazaa network and discovered that many users are sharing personal information such as email and data for financial programs such as Microsoft Money. To see if other users on Kazaa were aware of this and taking advantage of users ignorance, we ran a Kazaa client for 24 hours with dummy personal files. During this time, files named "Inbox.dbx" and "Credit Cards.xls" were downloaded from our client by several unique users. The tech report is online, or see our lab web page."

out of the technical journal DUH.

[edrugtrader]

why do you think napster grew? people didn't know they were automatically sharing their files, and even if they did, they didn't want to turn it off or figure out how to stop people from getting their files because they wanted to use it to get other peoples files.

if during install there was an option "DO YOU WANT TO SHARE YOUR FILES" 90% would say no... then no network.

P2P RELIES on ignorance of its user base, and the good will of a small fraction of its tech savvy users.

Re:out of the technical journal DUH.

[Saeculorum]

Let's see here... Open KaZaA (Lite, of course), go to Tools - Options - Traffic. Select "Disable sharing of files with other KaZaA users." Click "OK". No need to even restart the client.

It's not that hard. Of course, it's not in install, but it's not like one has to manually reconfigure the registry to disable it (unlike the reported bandwidth, which people already do).

Re:out of the technical journal DUH.

[SirSlud]

Um. What if the question was:

Do you want to share:

1) Your media files.
2) Your personal files.
3) Both.

You contend the answer is 3. I say its 1. There is a big difference between sharing my mp3s and sharing my personal inbox.

Re:out of the technical journal DUH.

[frooyo]

I agree - my girlfriend had Kazaa on her computer until I uninstalled it. First - it came with that stupid Gator spyware software and second - if you are not careful, like you said - you could easily share your entire harddrive.

But, at the same time - that is how these programs work. They don't care what you share, as long as you share - and share everything you have. Because it adds content to their network. And that is all that the want.

My favorite thing is looking for *.reg files to get an idea what is on their computer.

Re:out of the technical journal DUH.

[kilgore_47]

why do you think napster grew?

Napster only shared mp3s. So how does napster have anything to do with this? It sounds like KaZaa will share any type of file if it's under the shared directory. This is nothing like napster.

P2P RELIES on ignorance of its user base, and the good will of a small fraction of its tech savvy users.

Ah. Now I know you're just trolling. The fact that your post reached Score: 5, Insightful is a casebook example of the -1 to 5 moderation system not working.

Re:out of the technical journal DUH.

[gad_zuki!]

When I find people with that option on downloading from me they get cancelled and quick (i wish there was a way to automate this), especially when they're sitting on a fat T1 or better (dialups are ignored). Sure, I can't stop a lot of people but the messages and the blocking does cause a chilling effect.

For those of you who just found this out, use at your own risk because a lot of the P2P community does care about keeping the network alive.

Re:out of the technical journal DUH.

[edrugtrader]

lets see... the same people that can't figure out why their password doesn't work in all caps, and who can't figure out how to change their IE home page (tools - internet options) are going to figure out how to do this process that is 1 more step???

knowing to look in tools - options for something like this is NOT obvious to the majority of users. and as the study (proved) most users don't even know they are sharing! and these clients are designed to close into the system tray and keep running when the normal user thinks they have closed it (and stopped it from running).

just because you CAN turn it off doesn't mean they will figure it out or even try... that was my original comment.

Re:out of the technical journal DUH.

[/dev/trash]

bull. I ran Napster and Kazaa a few times. I always knew exactly what I was sharing ( 0 files).

Re:out of the technical journal DUH.

[TheOnlyCoolTim]

If you use this option all the time, how about you get off the network and leave it for those who will contribute what they can.

Tim

Sircam

[pknut]

Well, it's not like I don't receive everyone elses personal files through email, courtesy of the Sircam worm.

That's OK

[cscx]

Since Kazaa is spyware in the first place, what personal information is there to hide?

Also, in a related topic, piloting planes is reserved for those who know what they are doing.

Re:That's OK

[SirSlud]

Spyware monitors what URLs you're visiting, etc. Unless you can prove (and I dont know, so I'm not baiting you here) that spyware combs my inbox, I'm going to say that spyware is much less of a concern for me than my personal email or personal files being shared.

Re:That's OK

[MisterBlister]

Spyware does virtually whatever it wants. That's the true evil. Even if a certain piece of Spyware is practically harmless, its the fact that it COULD be reading your inbox & sending to homebase withour your knowledge that makes it an outrage.

Re:That's OK

[SirSlud]

Uh. So could non-spyware?

Please define spyware so I can assess the 'ultimate evil' capabilities of spy-ware vs non-spy-ware.

Seriously...

[Adversive]

Is it really that hard to use a program like this?

If the average user is too ignorant to know what their program is doing (or could do) to their system, they should leave it alone. This same argument is used for ignorant users running open relay servers.

If KaZaA users don't understand how to know what they are sharing, they deserve the consequences.

Re:Seriously...

[harlows_monkeys]

If KaZaA users don't understand how to know what they are sharing, they deserve the consequences.

It's well known (at least, to any programmer who has spent more than 10 minutes with any reasonable user interface book) that users tend to not read dialogs or instructions, but just trust the computer to do the right thing. Any interface that lets bad things happen to such users is a bad interface.

The blame for this rests squarly with Kazaa, not the users, because, (1) like it or not, that is the way users are, so it is irresponsible to release a product that you know will harm them, and (2) any basic usability testing would have found the problem.

Spyware

[peterdaly]

Gives a whole new meaning to the term spy-ware...don't you think?

-Pete

To refresh your memory

[cscx]

why do you think napster grew? people didn't know they were automatically sharing their files, and even if they did, they didn't want to turn it off or figure out how to stop people from getting their files because they wanted to use it to get other peoples files.

Napster restricted users to sharing ".mp3" files only unless you applied a third-party patch.

On the other hand, most people accept the default directory of "My Shared Folder" or whatnot. If you are sharing your entire drive (which you need to go out of your way to do) then I'm sorry, you're an idiot.

My favorite part of the article:

The word "folder" is singular, implying one folder, and does not hint that all folders below it will be recursively selected to be shared with others.

So it's sharing the stuff in it, but it's not? Riiiight.

Re:To refresh your memory

[SirSlud]

Do not confuse your knowledge with intuition. What is obvious to you is not obvious to others. This is why you take your car in for repairs. Just because the engine problem is obvious to your mechanic does not mean it should be obvious to you.

Re:To refresh your memory

[MaxVlast]

Right, but if the wheels have fallen off, I should realize why the handling is a bit bad. Some things should be pretty straightforward. And I'm a big pro-usability, good interface kind of guy.

Re:this is really disapointing

[SirSlud]

People like you usually repeat two lines ad-nauseum:

1) Haha! What an idiot! They deserved to get taken advantage of!

2) Mother fucking asshole, he took advantage of my mom/sister/father/brother/friend/etc .. thats not fair.

It's rare to find someone brave enough (or forthright enough) to apply the 'buyer beware' scenario to people he/she cares about. Usually people tend to seperate the kinds of situations their social circle falls into and the kind of situations 'idiots' fall into, into two seperate classes of situations. Really, they are the same, so if you care about anybody enough to not think they are a moron for falling into any given trap, its not really justified to call other people idiots for doing so.

Unfortunately

[Gerrioholic99]

Sorry Judge, I didn't realize I was sharing all those ripped DVD's with the world... whoops!

What's your point?

[chill]

Most people are idiots when it comes to technology, that isn't a surprise. Look back when cable modems first started to take off and you'll see lots of stories of people running PC Anywhere without a password, or using Windows File Sharing and sharing their entire drive.

Computers are complicated devices. Unless they are stripped down to do only one or two functions, like a play-only VCR, the majority of the public will not understand. Many of them don't WANT to understand -- they just want their e-mail, IM, MP3s and pr0n.

Case in point -- KaZaA. It is KNOWN spyware, and has an embedded secondary network (Britewave?) yet despite this being well publicized (CNN, FoxNews, regular geek news like Slashdot) it is wildly popular.

Why? It is *very* convenient, and people will put up with a ton of shit for convenience.

What would be a real interesting study, is get this one publicized as all get out then do it again in 1 year. I bet the stats would be about the same.

Re:What's your point?

[Bert690]

"Computers are complicated" is a cop out, though a common one thanks to the current status quo in software quality (for which Microsoft is mostly to blame). Software & computers don't have to be complicated. Read the report -- the problem could be solved by simple usability improvements to the GUI. Ignorant users will always be a given, and software should be engineered to deal with this fact.

Re:What's your point?

[sheldon]

though a common one thanks to the current status quo in software quality (for which Microsoft is mostly to blame).

Before you blame Microsoft, shouldn't you offer a better way?

I mean the Mac is a little bit better, but not much. Linux is a giant step backwards.

Where should computers be today? I'll guarantee you if you have a really good idea and can actually implement it, you'll be famous.

But then yeah, it's just easier to sit back and arm chair quarterback.

Re:What's your point?

[oyenstikker]

It is *very* convenient, and people will put up with a ton of shit for convenience.

McDonalds. Microsoft. Government.

Re:What's your point?

[aallan]

I mean the Mac is a little bit better, but not much. Linux is a giant step backwards.

A step backwards is only a bad thing if you were going forwards in the right direction. Windows wasn't the right direction, integrating the GUI into the operating system was a dumb idea...

Al.

Re:Intelligence of average user?

[IIRCAFAIKIANAL]

Using financial tracking software is stupid?

Budgets are for dummies too, right?

Re:KaZAA: Case for Open Source?

[furiousgeorge]

thanks for the laugh. i needed that.

RIAA is getting its money back

[Kirby-meister]

"Thank you for your credit card number, 'l33tp3t3'."

Re:RIAA is getting its money back

[marhar]

Good idea! "The tracks on this CD are available for purchase via the KAZAA network. Simply download the songs you like. We'll bill your credit card later."

UI or U?

[SimplexO]

... user interface design flaws allow users on Kazaa to share their personal files without their knowledge ...

Well, I could find out what I was sharing ok Kazaa when I used it. Yes, we all know that if it was designed better the users would have more control - but, one of Kazaa's better features is it's ease of use. That's why it's popular. The fact of the matter is that the people just don't care enough to change anything. For the people that have sensitive data on their computers, they should be responsible enough to guard it, just like not keeping your credit cards on your front porch.

Security Risk

[NetJunkie]

This is exactly why these P2P apps are banned at my office....that and the illegality of most of the downloads. It's just too big of a risk for a user to share out their whole drive with all sorts of documents on it.

They are not idiots

[Bamfsog]

I like the way computer geeks think anyone who doesn't know as much about computers as they do are idiots. I freely admit that some people are idiots, but others are just ignorant. Can you repair your own car? Build your own house? Hell, can you cook your own food? Then why are these people dumb because they aren't computer experts? I have worked helpdesk and user support for years and have run into more people who are perfectly normal nice people, who are afraid of their computers than people who are just morons. They can turn them on and (hopefully) get their job done, but thats about it.

Re:They are not idiots

[dvNull]

I have heard this argument before ..

We as techs believe that a user must have rudeimentary knowledge on how to OPERATE the computer. Noone is asking them to be techs but they should know the minimum required to use the damn thing.

If you are going to drive, you learn how to drive. If you are cooking you consult a cookbook and cook. Its not like you dont put effort into learning the task at hand.

What bugs me the most is that people believe the computer should just work on whatever task they want it to. Do you get in your car and it should immediately read your mind and take you where you want to go? Or do you put all your groceries on top of the stove and hope for a gourmet meal?

My mother went to a 2 week computer course when she bought a computer and she can do all basic tasks required. She knows where the Start Button is, how to get to the control panel and can distinguish between left, right and double click.

Thats really all we techs want from the users. When we try to help them they should know the basic functionality of the computer so we can help them with their problems

dvNuLL

Re:They are not idiots

[gad_zuki!]

We as techs believe that a user must have rudeimentary knowledge on how to OPERATE the computer. Noone is asking them to be techs but they should know the minimum required to use the damn thing.


What does operate a computer mean when new uses are found for it every few years. Your analogy fails because a 1950s car is pretty much a 2002 car. A 1950s computer on the other hand...

When it comes to new-ish technology, especially with the potential for abuse like kazaa and other P2P networks offer there is nothing wrong with completely dumbing down the works with big red fonts and double and triple checking. Heck, even on a new car you can find, "Unleaded Fuel Only" or "Things in mirror are farther away than they appear.".

Re:They are not idiots

[Uksi]

I hear your argument a great deal. I used to think the same thing, but I've changed my opinion of the last couple of years.

For once, the car analogy is moot. Not knowing how to drive a car can quite possibly hurt and kill people. Computers, on the other hand, aside from very limited appliations, are not as fatal.

If cars were not as deadly as they are, people would learn how to drive them the same way they learn Word.

"Computer literacy" is the excuse of computer industry for difficult to use software. It's great for companies to say "the user needs some training" and then ease their development effort by not having to worry about improving usability.

Users should not have to be "computer literate" to get e-mail. Or browse web pages. Or write documents. Or use an accounting program.

Why must every computer user these days know the difference between RAM and hard drive? And everyone must, because every program forces the concept of "unsaved" documents upon users. Have you ever, in real life, had an "unsaved" letter or a journal? When you take a journal off the shelf to write something in, do you make an "unsaved" copy to work on and leave the original on the shelf or do you just take the damn journal off? And does your shelf ask you whether you really want to save your journal when you put it back? No! So why do computers do that?

There are many people out there who have accomplished a lot in their lives, who have respectable jobs and are considered to be great in their field of work. Their kids look up to them and call them smart. But if they have trouble using a computer, and they don't have the time to become accustomed to all the quirks and stupidity that computers inflict on us daily, they will fall behind technologically. They will be considered by "techies" as backward and they will be on the "computer illiterate" end of the digital divide.

And that should not be the case. Computer industry (and that includes both commercial and open-source software) are in denial about the poor usability of their products. When they see people struggling with their software, they label them as as computer illiterate and make fun of them. That's quite a bit like sexism and racism: these folks are being "red lined" and left out behind the red line of "computer literacy."

What necessary is for people that design interactive interfaces to learn proper interaction design. If at least half the programmers out in the world who deal with user interfaces were "interaction literate" (and note the emphasis on interaction and not interface), the world's computers would be much less frustrating to use.

And programmers that deal with user interfaces don't have a good excuse to not be decently versed in interaction design: it's their job.

Finally, a comment about learning. I think that learning is core to all computer use. However, too many interfaces these days impede learning or force much more to be learned than necessary. If one tries to avoid learning, if one builds interfaces solely around concepts that people are familiar with in the "real world" (that is, metaphors), one will fail badly.

Users of computer software never stay newbies--they either learn and become intermediate users or drop off the radar.

Consider the mouse. It's in no way an intuitive device. If you never saw a computer, how the hell in the world would you figure out what to do with this object? How could you possibly figure out by looking at the mouse that it moves the cursor on the screen? You may do some really silly things with the mouse, such as lifting it and moving your hand under it to generate cursor movement.

But as soon as you put the mouse down and move it on the screen, you will see the cursor moving. You will learn how to use the mouse in seconds.

Point is, if learning how to use Kazaa was nearly as easy as learning how to use the mouse, people would use it much more, they would be much more loyal to it, and more people would use it. And things like those described in this article could potentially be avoided.

I may have veered off course a few times in this post--sorry about that. All information presented here is my opinion and not necessarily a statement of fact.

Re:They are not idiots

[dvNull]

Maybe I am coming off differently, but what I am trying to say is that if someone plans to use the computer as a tool, they should try to get a Basic knowledge on how it works. My response isnt toward the Kazaa interface or Windows..

I am not saying that a person who bought his first computer should learn how to write an OS from scratch using nothing but obfuscated perl. All I am suggesting is that when a person buys a tool for a job, he/she makes an attempt to learn some of the functionality. I know people who can do magic with Excel spreadsheets but when it comes to asking them to double click on an icon they get lost. I mean come on! Whats so hard about double clicking? Or finding the start button on your taskbar ? Are you telling me that expecting users to find that button labelled START is asking too much ??

I dont expect everyone to be computer whiz, but I *do* expect people to try and get a working knowledge on using the tool they just bought.

dvNuLL

Re:They are not idiots

[shepd]

>Can you repair your own car?

A professional job intended for a mechanic.

Driving, however, requires you pass a test. If you somehow thought you could drive 100 mph the first time you turn a key, they'd be scraping pure idiocy from the highway.

>Build your own house?

A job for an entire crew of professionals

However, one could expect someone of intelligence to be able to read the manual to their self-build shed and come out with something that doesn't fall down at the slightest touch.

>Hell, can you cook your own food?

If you decided to cook a polenta without even knowing what one was (like me), you'd probably end up with a potato omlette. But, because I know I don't know what's in one, I'd look it up (like I just did) and realise you'd use cornmeal, not potatoes.

>Then why are these people dumb because they aren't computer experts?

Because they set out to do a complex task without informing themselves on how to do even the most basic tasks related to it.

I wouldn't even attempt to cook something if I didn't know a teaspoon from a tablespoon. So why can't I expect the same from a computer user?

All I expect is a user to understand the difference between sharing everything, and sharing nothing.

>They can turn them on and (hopefully) get their job done, but thats about it.

Which is all fine, dandy, and intelligent. But if one of those users decides to install and use a completely foreign application despite the fact that even the most basic concept of how it works befuddles them (such as sharing being a two way street) they have no business doing it until they learn the basics.

Going headlong into any task without getting a basic grip of things shows a lack of intelligence.

As a tech support guy, what bothers me is when I say "tell me what the titlebar says" or "minimize the program", or "click start/run/type command/hit enter" and they tell me "It says the time", "I minimized it, but don't you need it running?", "It says I don't have that program installed".

Knowing what basic window decorations are named is like knowing what pedal is named the "accelerator", which is named the "brakes" and where the "clutch" is, and where the "gearshift" is. If you don't know those terms, you have no business being behind a wheel (unless its an automatic, but I'm not talking about Macs here! :-)

In the case of Kazaa, one should have a firm understanding of what an "options" dialog is, and how to use one!

This really is no different from school, actually.

Re:They are not idiots

[deft]

its actually pretty common for people who in a service role in a company to have some disdain for the people that they are paid to service.

most IT people think that they are constantly having to deal with the morons above them, getting this way just because the IT people have chosen to focus on computers as their specialty.

well, IT people arent special. they are what happens when you arent good enough to build a system... just maintain someone elses (for the most part). most of the resentment for upper management who cant configure outlook correctly probably comes from the narrow minded thinking that not knowing how to is stupid, and knowing how to makes them superior.

well, most of those upper management people are probably too busy with their lives, their jobs, etc to deal with things like that. thats why there are IT people... to service and support the people who make the money for the company!

so, go fix upper managements keyboard by plugging it back in... and remember he could learn how to troubleshoot a computer sys, but hes too busy being on the phone doing things that allow him to have a support staff to do them.

Re:They are not idiots

[oyenstikker]

I don't think car repair professionals think their customers are idiots because they don't know how to fix a broken transmission (I certainly don't know how). However, they do expect you to know what a transmission is and does, and expect that you can explain the symptoms.

No, but they do think the customer is an idiot when then dump the clutch at the redline to get started and do freeway speeds in first gear because they never bothered to learn to use it properly.

Re:They are not idiots

[Andrewkov]

"Unleaded Fuel Only" or "Things in mirror are farther away than they appear.".

Just for your own safety, you should be aware that things in your mirror are closer than they appear, not farther.

Re:They are not idiots

[Simon+Brooke]

I like the way computer geeks think anyone who doesn't know as much about computers as they do are idiots. I freely admit that some people are idiots, but others are just ignorant. Can you repair your own car?

yes

Build your own house?

yes

Hell, can you cook your own food?

yes

Then why are these people dumb because they aren't computer experts?/em>

There's nothing particularly complex about repairing a car. Building houses is, in fact, pretty simple. Cooking is easy. Managing a general purpose information processing device is genuinely hard.

I've said it before and I'll say it again: most people are too stupid to use a computer . More to the point, most people don't need a computer. They need an information appliance which is capable of performing a very limited range of functions with very limited user configurability. If people had devices which weren't capable of running arbitrary bits of code, they wouldn't get viruses and they wouldn't unknowingly publish their private information to the world.

They do these things because they're given access to extremely complicated, subtle and sophisticated machines and treat them as if they were toasters. This is stupid, but most people are too stopid or too ignorant to know better.

I know this sounds arrgant. It is arrogant. But it's also true. Not everyone is tall enough to play big-league basketball, and not everyone is clueful enough to use a computer.

Re:They are not idiots

[jafac]

I've been doing tech support for 10 years.

In those ten years, I've come to expect that the simple, home user, does not, and *should not* have to know the deep inner workings of their computer. In fact - a great many computer users don't "get" the concept of directories.

In that regard, the computer industry has utterly, completely FAILED to serve the market to which it has desperately tried to sell computers - to the saturation point.

That's a completely different situation than what I deal with on a daily basis, because I support products that are used by businesses - so I deal with professionals.
Some of the idiotic things so-called computer professionals do are simply hair-raising. There's no excuse for a person who's drawing a paycheck as a consultant to not know these simple things. I expect my customers to be at least as competent as I am in general computer use. And in many cases, that's simply not true.
In some cases, there are people I help who can mouse circles around me. That's fine. I'm paid to be an expert in the products I support. I very much enjoy working with competent customers. The second most frustrating part of my job is dealing with incompetent customers and self-inflicted problems. (the most frustrating part of my job is dealing with my own developers, who refuse to design their products to meet the user halfway).

My point?
KaZazAAZaKakaZAA is a product whose target market is the HOME USER. Your mother in law. Your great-uncle. Your little sister. This is a totally different market with a totally different set of requirements. It's unconscionable to design a product for a home user that's this difficult to understand and configure. On the other hand, it's par for the course these days. I guess we're lucky we don't have to be teaching our mother in law how to setup ssl or manage her own sendmail server.

Apparently, like the users who don't "get" directories - the software makers don't "get" usability. While you're prototyping your UI, you need to sit a regular person down in front of it - your target market, and watch how they install it, watch how they navigate it, see the errors they make, and figure out how to make the UI better, so they don't make those errors. This is not "dumbing down" the software. There's always "advanced" settings, (and designing software with a GUI that doesn't also have a good command line interface for the techies is similarly unconscionable).
But all that doesn't help anyone make a quick buck.

There IS a huge market of tech savvy people out there. But compared to the dumb home user, it's a niche. So what's it going to be? Are computers destined to forever be a niche? Or is some smart engineer going to figure out how to write software "the rest of us" can use?

Re:They are not idiots

[jafac]

Oh, there are parallels much earlier in the auto industry.

For instance - in the teens and twenties - many cars often had a knob or a lever on the dash for setting the spark advance. If the spark is too retarded, the engine has moved on and the exhaust valve is opening, and your opportunity for combustion is passed - the engine will stumble and die. But if the spark is too advanced, the engine will produce too much heat, as the piston is still heading upwards, and compressing when combustion occurs. Of course, as the speed of the engine changes, the requirements for timing the spark changes. The timing at 2000 rpm needs to be advanced compared to 800 rpm. So as you accelerated in these older cars, you had to manually set this lever on the dash to advance the timing so the engine didn't die. This was considered too complex for your average woman of the teens and twenties to handle, so there were various laws passed making it illegal for a woman to drive (I think most states have since repealed these laws. Most states).

In later cars, ignition timing is handled by a mechanical "distributor" which advances the spark based on the speed the engine is running. This eliminated one whole control, one whole focus of attention.
Later cars eliminated the high maintenance of the mechanical distributor by replacing it with an electronic timing system (electronic ignition).
I don't think that there's a single person who will argue that "the old way" was better. Although a lot of people mourn the loss of distributors, everybody's happy about not having to set the timing advance on the dashboard as you accelerate.

Other improvements include automatic transmissions. To this day, my wife refuses to learn to drive stick. Why should she have to do it when there's a perfectly good mechanical device designed to take care of this needless distraction for you? You can get from point a to point b just fine without a clutch and gearshift lever.

Of course, macho purists will give you all kinds of rational explanations as to why driving stick is better; you can judge your speed by the engine note and knowldege of which gear you're in, which is obtained tactile-ly, so you don't have to take your eyes off the road to look at the speedometer. Manual transmissions are more efficient. Easier to maintain and repair. Allow more flexibility when you're driving hard.
None of those things matter to the soccer mom with three screaming kids in the back of the van, trying to get them home in time for lunch.

These are only a couple of examples of how the auto industry changed to meet the needs of people whose money it wanted.

If the computer industry wants these people's money - if they truly want to sell a computer for every home - they're going to have to design a computer for EVERY home. Not just the niche geek market. Macintosh made computers more accessible - but not to the poor. Windows made computers more accessible, but simplicity was sacrificed for CHEAPNESS. Linux made computers even more accessible to low income people who were willing and able to "geek out". "modern" Linux (the last 2-3 years) is even more accessible to your typical Windows person - but still has a ways to go to be as simple as a Mac. Personally, while Apple did a great job making Mac OS X a SIMPLE to use Unix, it's a step backwards from the old OS in many ways - as far as mass-market usability is concerned. Nobody really hits that target yet. Or even comes close.
I think that ultimately, file systems will have to be transparent. Data has to be accessible, without requiring the user to know about a directory structure. I know those sound pretty unrealistic - but I think that's the only way that, in the long run, "normal" people are going to be able to use computers productively enough to justify their use. Either that, or they're going to have to evolve into limited-use appliances.

Re:They are not idiots

[jafac]

The point is, we "geeks" have a vested interest in the widespread adoption of computer technology.

Yes, it's pure neatness.
And - geeks are raised to a higher status when we can understand and perform complex trickery with these expensive toys.
Also, when computers are mass manufactured, we geeks benefit from the economies of scale, and our prices our cheaper. Compare the original IBM PC, at around $5000, to your $800 Gateway special today. We HAVE benefitted.
But the regular home user has not. They've blown their $2500 on two or three systems, each one supposedly going to fix the problems the last one had - they've frustratedly lost data, dealt with downtime, been laughed at by elitists, been charged outrageous prices to service equipment or reinstall OSes, had their credit cards stolen, spyware and viruses installed, then dumped $40 a month for a faster way to sit and wait for ads to download. Where's the WIN in it for them?

If we geeks TRULY want mass propagation of this technology (and all the benefits it entails) - if we really want their money, computers HAVE to improve, or the market will say fuck you very much, bend over, you can have your overpriced worthless toy back, and I'll keep my money.

I suspect there may be something in this with regard to the dot-bombs.

Re:They are not idiots

[deft]

you missed it a bit on the analogy. let me clear that up for you.

its not knowing where the steering wheeel is. in this analogy, you as an IT person are the pit crew. That driver is going around the track doing something you clearly cant, and when he needs service, you run out there and service his car, change the tires, fill up the tank, and fix whatever is keeping him from going fast and winning.

you arent better than him because you know what oil to put in... you simply get paid to help him make money. dont forget you drain the companies resources, because you make no money, but are a necessary evil to keep that guy going. you aren't wanted- but in this day and age we must pay you to keep things going. if computers stopped being complicated, you'd be gone is a second.

and to carry your analogy 1 step furthur, arent you jealous of the car designers that get to be innovative and design things noone has ever seen before... instead of just maintaining them?

study, and someday maybe youll be a programmer instead of just a IT guy.

btw, i am neither a programmer or a IT guy.... just a UI guy.

Re:Intelligence of average user?

[edrugtrader]

using microsoft financial tracking software is...

it just lets bill know how much money you have so he knows how much he can charge for windows 2003 professional and have you be able to just barely afford it.

I Did a Usability Study With P2P Also.

[thedanceman]

I shared videos of me dancing and nobody wanted to download them. It makes me cry every day when I look at the results of my scientific study.

Good point, but in most cases...

[Sodakar]

Just out of curiosity, I ran the install myself, and I observed that while the sharing scheme isn't 100% clear or too concerned about the user's privacy, it's still not nearly as bad as the outright installation of spyware, which Kazaa does anyway. I also asked a small group of novice users to try it out, and found that:

1) The default shared folder is C:\Program Files\Kazaa\My Shared Folder. A vanilla user with a vanilla install would not have had that directory, and would not have any private files in here to begin with. Most novice users I polled understood that this was the folder which the public would access, and that private files should never be placed there. So... simply clicking "Next" on the install repeatedly doesn't endanger the person's privacy. (well, spyware is still installed, but you get my point)

2) When selecting another folder to share, I found that all of the novice users I polled stored their music in a directory strictly for music, and that subdirectories would contain nothing but music. So, if someone is sharing C:\My Documents\My Music\, they would not be sharing files in the parent directory, where private documents are stored. Realistically, I can't think of too many cases where someone would store private files in a directory made specifically for music. Granted, the user could still accidentally put files there, or accidentally share C:\My Documents, but at that point, it's user error.
3) When selecting an entire drive to share and download music, eg, C:\, all (yes, all) of the users were unwilling to proceed, as they didn't want files piling up in the root directory, and they didn't like the idea of sharing the entire drive. (though this was never specified in the software)

So... what I'm saying is: Common sense and "install: next, next, next" seemed to prevail in the small group of novice users I polled... While I agree wholeheartedly that Kazaa does *NOTHING* to discourage or warn users of sharing their entire drives, I guess this shouldn't come as a surprise considering the company's history.

Just thought I'd share...

Re:Good point, but in most cases...

[Caradoc]

"Novice users" doesn't mean a whole lot to me. What is your group of "novice users" representative of? College students? Joe Average blue-collar workers? High school graduates? Retirement community inhabitants?

And what's a "small group?"

Given that your "novice users" already had music stored in a particular directory, I somehow doubt that they were entirely computer newbies.

Find a group of people who don't know what a mouse is for, and see if they can share files without putting their entire drive at risk...

Re:Good point, but in most cases...

[Caradoc]

I used to be constantly amazed at what people could manage to do to a computer without the foggiest notion of what they're trying to do, or what they're doing.

Of course, half the time this kind of thing happens, it's their friend telling them, "OK - take the mouse and move the pointer over there and click, NO! Over THERE! OK. Now, go over there and click. OK. Now, do you see (this?) No? OK. Click here..." and so on, never realizing that the "NO!" was something that is not only wrong, but needs to be backed out.

Heinlein once said, "Never underestimate the power of human stupidity."

This goes doubly for people who bought computers just so they could trade music with their friends (don't laugh - I know one person who spent about $800 or so to do exactly this, only to find that that cheap-ass audio board didn't quite work the way he wanted it to...)

Re:Good point, but in most cases...

[Caradoc]

I wasn't really trying to deconstruct your method.

The problem, to me, is that any doofus on the street can walk into Best Buy and walk out with a DDOS zombie waiting to happen.

As far as "...such a newbie that they do not know how to use a mouse, but is somehow given administrator access to a Windows PC..." - this happens thousands of times per day in CompUSAs, Best Buys, and Circuit City locations across the nation.

Compounding the problem are "salespeople" who have not the slightest idea what they are selling.

Re:Good point, but in most cases...

[Renraku]

Why should the company have to warn people what they're doing? If I want something, I take an in-depth look at all the options available to help me get that certain something. This includes at least trying to understand EULAs, paying attention to install screens, and reading up on the topic. Most people are just like, "Ooh, porn, must install Kazaa." so they aren't thinking about p2p, or free software, they're thinking about porn. The whole point of p2p software is to share your files, not to leech off of everyone else. If they share their whole drive, tough, its another lesson to learn.

Re:Good point, but in most cases...

[ckedge]

Kazaa's "shared folder selector" has a failure mode, a bug, where you select a deep level subdirectory and click "ok" or "apply" and it actually shares the entire hard drive. If you re-open the shared-folder gui, it will show your entire drive shared.

So it's not simply a user interface usability issue. There is a known bug in the code that causes entire drives to be shared when all you are doing is selecting a specific subdirectory.

alright!

[australopithecus]

Now we can all get on Kazaa and grab credit card numbers so we can buy porn and cds and dvds and software and computer games and books and even computer games about porn........cause all these things still have to be bought right? its not like i can just get them free through some program......

Re:this is really disapointing

[cyril3]

Not true.

The only difference is I don't tell my friends they are morons. I think it, but I don't tell them.

In fact I'm unlikely to tell not-friends they are idiots either especially if they are anywhere within striking distance.

Scarry test

[ehiris]

Find an inbox and do search from the same user.

No wonder the Kazaa search is so slow.

You search through a lot of uninteresting crap to find what you need. Of course it could be to your advantage if you are Peeping Tom or a ignorant maniac who wants to steal credit card numbers.

Re:Scarry test

[XBL]

I did this earlier and KaZaA crashed from all the results it was getting off that user.

Re:Intelligence of average user?

[PhxBlue]

I think the fact that these people are using Microsoft Money...

. . .along with the ineptly-named Microsft Works. . .

Kazaa's user interface sucks...

[aquarian]

...compared to Napster and Limewire. I don't know about the particular issue being discussed, as I never had a problem with it (I hope). But in general, I find Kazaa to be kind of byzantine, and a pain to use. Napster and Limewire are still the champs in this department, and it's probably one reason for their initial success. If you want to design a good app, just copy them, at least for a start.

Re:So what do we do?

[analog_line]

What we need is for people to understand is that most of the current crop of P2P software was designed either in a slipshod and dangerous manner, or intentionally maliciously.

Whenever I find anyone I know running P2P software, I recommend that they uninstall it completely (and if possible wipe and reinstall the hard drive, the gods knows what some of these "commercial" ones do to you) or failing that, I'll recommend that they strictly limit all sharing activity to a single folder, and to move all downloaded items out of it after they've finished, and to make sure that the software actually closes when you quit (many keep running I've found), and to quit immediately after you've finished.

I'd rather these people be seen as leeches than fall vitcim to any back doors that may have been programmed into them. Gnutella may be open source, but it's crap. Everything else I don't trust one single bit.

2 out of 12

[NickRob]

Dammit.. if there was one thing that teachers taught it was to reduce your fractions!

1 out of 6

Least that's the way they were with me.

I used Kazaa to cheat on a test.

[L600R]

I noticed back in november of last year that most of my friends had kazaa set up to share everything on their hard drives. At the time I was working on a project on the Reformation movement. I was stuck so I typed in 'Reformation' under Documents and I got a couple reports. I got some good facts and I think I got a 90% on the project. I used it for a couple more project and found it helpful on bigger subjects. Why buy Clifs Notes if I can download projects?

Echelon

[herraukuli]

So what? Everything is already shared via Echelon file sharing system...

Re:So what do we do?

[cduffy]

A law that "gives some rights back to the user" creates new obligations for the developer. That's a very bad thing: If I can (realisticly) be sued for writing free software, I'll stop doing it -- because I know the interfaces I write are poorly designed, and without bringing someone else on board (and probably paying them) there's nothing I can do about it.

A word with regard to your perception of law, and government in general: No law gives the people more rights. All people have all their rights by default; what laws (and government) do is remove rights, or (at best) award priviliges to some and responsabilities to others. Is some removal of rights sometimes justified? Certainly -- an individual's right to free action can justly be restricted to exclude actions that do direct harm to nonconsenting third parties, for instance; as another example, limiting a business owner's right to select with whom he wishes to business (to prevent racial discrimination, for instance) is another justifiable action of government -- but like any governmental act, it removes rights rather than granting them, and so must be treated with care. Creating a law to give the people more rights (excluding those laws that limit the government itself) is counterproductive -- laws limit rights by their nature.

Coming back to the situation at hand: By default, KaZaa doesn't share all files on the hard drive; the folks who do share everything go out of their way to do so. Making developers liable because users are allowed to do something stupid is a Very Bad Thing.

Re:So what do we do?

[spoco2]

It's a bit extreme to get someone to wipe their harddrive due to one of these programs, but other than that, I mostly agree.

Basically I subscribe to:
1) Pick a program to use (Last I used was Bearshare), install it.
2) Run Ad-Aware (www.lavasoft.com), a top little program that'll weed out any 'spyware' that is attempted to be installed as a result of the application.
3) Try running the program, if it won't run due to you removing something via AdAware, then you don't want the thing, uninstall it.

You should be ok using this method as Ad Aware has proved itself to be pretty thorough...

Absolutely have the one directory (With subdirectories is ok) for sharing... I always have a directory for music, with many subdirectories under that by album artist etc... I just share the music directory and subs, and that's it...

Have good protection software running (like Zone Alarm if you're a PC user) and a fine virus checker...

Take these precautions and don't download things that look suspicious in the first place and you're going to have a pretty trouble free existance.

Not that I'm defending KaZaa, I used to use it, and its wizard was ridiculous, it'd share any folder that had something it deemed to be a 'media file'... and that's a fairly broad term, and also you'd be surprised how many folders have an mp3, wav or avi file tucked away in them.

Re:Example of full write access over Kazza network

[kubrick]

A good portion of it was permanently deleted. This included business and personal contact lists, his most prized data.

Cry me a river.

If he prized it that highly, why didn't he keep backups?

A suggestion

[Dinjay]

I have often wondered how to inform non-techie people (let's call them 'normals', for the sake of the discussion) about these problems. Considering KaZaA's reputation, I always advise my normal (and sometimes even techie) friends and family not to use it. But I always seem to find that they either don't know about KaZaA's problems or don't appreciate the security risks.

As we can't rely on KaZaA's makers to fix these problems or to warn users, what can we do?
If you think about the security and virus problems with Microsoft Windows and Email programs, most normals (at least the ones that I know) seem to only get warnings about these issues from those annoying group forwards or virus warnings sent by someone's father/brother/uncle/friend who works for IBM/Norton/Symantic/FBI/CIA/Government Agency. For better or for worse, normals do seem to believe these warnings, so perhaps this is the only way to inform people about KaZaA.

What does everyone think? Is this method too evil to be used for good purposes?

DUH

1) Computer software is COMPLICATED.
2) 90% of computer users are IDIOTS.
3) Spyware peddlers are UNETHICAL.

You needed to write a paper to investigate these completely unobvious claims?

Where do I get some of that action?

I want to get some academic funding to investigate whether hot strippers, on average, have big titties!

Nice work if you can get it.

[DeadBugs]

Somehow these people at HP convinced their boss to do a "Kazaa Usability Study". In other words they spent all day downloading MP3's, Bootleg videos, and whatever else they could find on the Kazaa network. Maybe their next project will be a "Porn Website Usability Study".

Re:So what do we do?

[analog_line]

I know it's extreme to wipe the drive. I distrust most P2P software that much. Call me paranoid (hell, I'll call myself paranoid) but I just don't trust that Ad Aware knows all and sees all just because it sees a lot. I use Ad Aware, and it's a great tool. However, there have been spyware applications that uninstall/disable Ad Aware in the past, and following with my "plan for the worst" policy, I generally assume that more than a few other spyware companies have figured out how to disable/evade/uninstall Ad Aware. P2P software is the prime offender these days wrt having spyware apps attatched to them in new and evil ways, and I personally consider installing it the equivalent of your Windows machine playing Russian roulette. Also, that these companies are willing to bundle this spyware with their products doesn't make me trust their good will in coding. Don't know what back doors have been put in, so better safe than sorry.

The only P2P app that I've spent any real time with is eDonkey2000, as they have released Linux and OS X command-line versions of their software as well as the ad supported version, and there are some people who only use eDonkey that I download needed files from occasionally. No, I don't really trust it, and I kill it as soon as my downloads are finished, but it's slimmed down enough that I feel much safer with it than any of the other wastes of bits...

Re:Fools and their money...

[Jester998]

Actually, as a case-in-point:
I just did a search in Kazaa Lite for ".doc", and came back with a whole pile of results. Downloaded a bunch just for kicks (I'm in the process of emailing the owners where possible... let's see how many get the hint. :), and believe it or not, one of the files was a copy-and-pasted e-commerce order confirmation. The real kicker? This document listed FULL credit card information (name on card, card type, card number, expiry date, billing address, everything).

Scary.

- Jester

ROTFL, guess what I saw at the grocery store today

[marcus]

> Or do you put all your groceries on top of the
> stove and hope for a gourmet meal?

I assumed that she was at the grocery store because she hoped for/planned a meal, but after she put the groceries on top of her car, got in, and then drove off; I am not so sure anymore. ;-)

It wasn't all that funny when it happened, just a mess of food spread over the parking lot, coke cans spewing brown foam, oranges bouncing and rolling towards the storm drain, eggs showing white and yellow in the sun, but after reading your post, I cracked up!

Thanks.

What I find interesting...

[incog8723]

is that the commercial entities (including a university), finance a study of something that should be patently clear in the first place. The people who petitioned for this study already knew the conclusion. I hate to complain, but the financiers involved in this study should be at least somewhat knowledgable of computers and the security risks involved when you put a monkey in front of one. The people who conducted this study took the easy way out; they didn't think of something worthwhile to research. They simply wanted their names on an 'official study', and it's in PDF format, so it must be official.

Virtual machines

[mccalli]

I've made this comment before when file sharing comes up.

File sharing is a dubious business at best, and most of the companies involved in it will try to manipulate your machine in one way or another.

So...let them. Let them prat about with your machine to their heart's content. Let them install all the spyware in the world. Let them share every file that's ever been placed on it. Just one thing - make sure it's not a real machine.

In other words, make use of the virtual machine programs kicking about. VMWare for most, Virtual PC in my case. Use that machine for nothing but running your P2P clients. No email, no web browsing, nothing. Just run your clients and enjoy. Let them spy on everything happening within that machine, because the only thing happening on that machine is the running of their own software.

Cheers,
Ian

Re:Virtual machines

[mccalli]

Except your music-playing/pr0n-viewing applications and whatever else you find to have handy in that machine

No. That's the entire point.

Because it's a virtual machine, you can have more than one of them running. You dedicate one virtual machine to p2p, another to whatever browsing is going to get you tons of adware installed, and then leave your real machine completely untouched by this stuff and so safe to use.

Cheers,
Ian

Re:Fools and their money...

[scott1853]

I found a document containing username, password and secret code for a customer account at a UK bank. I was nice and notified the bank and the customer though.

Newbies: learn your shit and RTFM or shut up

[Ilan+Volow]

Most Techs (not all, but many)are the real newbies. They barely understand people. They refuse to read any books on GUI design (not taking their own advice to RTFM). Many of them consider the field of usability to be a bullshit field dominated by the psuedo-science of cognitive psychology. And then when non-techs get really confused by the crap they program, the techs are too dumb to know why it's happening. They're simply too stupid to learn the protocol of the end user.

Read The Fine Manual or shut the hell up and go back your server closet where you belong.

You're assuming it is a "problem"

[kaladorn]

As someone else pointed out, this might be considered a feature by the Kazaa crowd.

It does add network content.

Note, I do agree with you though. It should be something that the UI makes more explicit and defaults should be secure rather than unsecure to the extent possible.

Saying "you deserve it" is like saying "you should understand all the details of the lawyerese in any EULA before using the software". Who really does? Damn few. Even most technical people just click thru them because the choice is use the program (which might provide some key capability) or sit and spin. Does that make hiding nasty stuff in the EULA a good business practice or above board behaviour? I think not.

No problem...

[hendridm]

> Users should not have to be "computer literate" to get e-mail. Or browse web pages. Or write documents. Or use an accounting program.

Well, that's fine, but if they don't want to put forth the effort to get training before calling me, I'm gonna bill them for the full $75/hour I normally charge for more difficult problems. Their choice, I guess, if taking a class or opening a book is too much to ask. More money in my pocket for remedial shit! :)

Field day for IRC carders, huh?

[dave-fu]

Once upon a time, there was a thriving black market for arable credit card numbers. Then the FBI got hip to it, made some busts and things settled down.
Looks like the kids don't even need to go through all the trouble of phishing for cardz anymore; fire up Kazaa or Morpheus or Gnutella or... and search for *.doc or *.xls (or *.mdb, even) a few times a day. Done and done.
Brilliant! This will be even more fun for me to do than scanning people's hard drives and finding pictures of their dongs alongside resumes listing them as Young Republicans. Ha ha.

Re:Fools and their money...

[Jester998]

I know... I thought of this too when I saw the information content.

Firstly, the file was called "Document2.doc", with the same description. I wasn't going out of my way to download CC info.

Secondly, all e-commerce transactions record IP addresses. Obviously, I could (and probably WOULD) use a disposable dial-up account if I were going to do this, but they couldn't prove that it was me unless it came from my (more-or-less static) IP.

Thirdly, I contacted the owner of the card, informing them of the security breach. Enter "good samaritan" points.

Lastly, since the file is publically available on the FastTrack network, it could have been any one of a million or more people, anywhere in the world, who might have used the card.

Basically, in order to actually do anything, they would need to catch me, personally, in the act of using that information.

Agreed, the potential is still there, but I'm not too concerned at this point.

- Jester

Re:Fools and their money...

[Jester998]

Just out of curiosity, what were the bank's and customer's reactions when you told them? Were they simply grateful, or did they threaten legal action?

- Jester

I'm getting money too

[DarkHelmet]

Even better, now I can resell the tracks I've downloaded to other people. Finally! A reason to have Britney Spears resident on my hard drive! *shivers*

Re:Fools and their money...

[scott1853]

The bank said "Thank You" and said they'd look into it. The customer didn't respond.

Re:instead you'd do what?

[sheldon]

You haven't really offered a very compelling argument.

Endusers by and large prefer the a GUI. This was one of the secrets of the Macintosh.

So we essentially have to accept that as fact and move on from there. Otherwise you are simply arguing buggy whips are preferable to steering wheels despite the dominance of the automobile. Seems rather pointless and you certainly have no facts to back this position up.

Your other two counter arguments... "user choice" and "blind users" are limited examples. You are now arguing that Microsoft should make an OS which works well for 5% of the user population, but creates challenges for the remaining 95%.

And you do so by claiming an OS which works well for 95% of the population but challenges 5% is a dumb idea.

Again, you do not present a compelling argument.

Re:Good point, but in most cases... additional bug

[Reziac]

I also noticed that when I could see a user's entire HD, there were invariably filenames using high ascii characters, apparently an Oriental character set (judging by the English-readable filenames present).

I don't think this was a "poor English skills" problem, because if it were, other non-English language users should also have been affected, but I only saw it on systems as described above.

BTW I only used the web search interface, I never installed the Kazaa client; these users' drives were visible in plain old Netscape.