Slashdot Mirror

← Back to Stories (view on slashdot.org)

Kazaa Usability Study

Posted by michael on from the painful-lessons dept.

Anonymous Coward writes "We have just finished a study that shows how user interface design flaws allow users on Kazaa to share their personal files without their knowledge. In a laboratory user study, only 2 out of 12 subjects were able to correctly determine that Kazaa was sharing their entire hard drive. We looked at the current Kazaa network and discovered that many users are sharing personal information such as email and data for financial programs such as Microsoft Money. To see if other users on Kazaa were aware of this and taking advantage of users ignorance, we ran a Kazaa client for 24 hours with dummy personal files. During this time, files named "Inbox.dbx" and "Credit Cards.xls" were downloaded from our client by several unique users. The tech report is online, or see our lab web page."

31 of 279 comments (clear)

  1. out of the technical journal DUH. by edrugtrader · · Score: 3, Insightful

    why do you think napster grew? people didn't know they were automatically sharing their files, and even if they did, they didn't want to turn it off or figure out how to stop people from getting their files because they wanted to use it to get other peoples files.

    if during install there was an option "DO YOU WANT TO SHARE YOUR FILES" 90% would say no... then no network.

    P2P RELIES on ignorance of its user base, and the good will of a small fraction of its tech savvy users.

    --
    MARIJUANA, SHROOMS, X: ONLINE?! - E
    1. Re:out of the technical journal DUH. by Saeculorum · · Score: 3, Informative

      Let's see here... Open KaZaA (Lite, of course), go to Tools - Options - Traffic. Select "Disable sharing of files with other KaZaA users." Click "OK". No need to even restart the client.

      It's not that hard. Of course, it's not in install, but it's not like one has to manually reconfigure the registry to disable it (unlike the reported bandwidth, which people already do).

    2. Re:out of the technical journal DUH. by SirSlud · · Score: 5, Interesting

      Um. What if the question was:

      Do you want to share:

      1) Your media files.
      2) Your personal files.
      3) Both.

      You contend the answer is 3. I say its 1. There is a big difference between sharing my mp3s and sharing my personal inbox.

      --
      "Old man yells at systemd"
    3. Re:out of the technical journal DUH. by gad_zuki! · · Score: 3, Interesting

      When I find people with that option on downloading from me they get cancelled and quick (i wish there was a way to automate this), especially when they're sitting on a fat T1 or better (dialups are ignored). Sure, I can't stop a lot of people but the messages and the blocking does cause a chilling effect.

      For those of you who just found this out, use at your own risk because a lot of the P2P community does care about keeping the network alive.

    4. Re:out of the technical journal DUH. by edrugtrader · · Score: 3, Insightful

      lets see... the same people that can't figure out why their password doesn't work in all caps, and who can't figure out how to change their IE home page (tools - internet options) are going to figure out how to do this process that is 1 more step???

      knowing to look in tools - options for something like this is NOT obvious to the majority of users. and as the study (proved) most users don't even know they are sharing! and these clients are designed to close into the system tray and keep running when the normal user thinks they have closed it (and stopped it from running).

      just because you CAN turn it off doesn't mean they will figure it out or even try... that was my original comment.

      --
      MARIJUANA, SHROOMS, X: ONLINE?! - E
    5. Re:out of the technical journal DUH. by /dev/trash · · Score: 3, Funny

      bull. I ran Napster and Kazaa a few times. I always knew exactly what I was sharing ( 0 files).

  2. Sircam by pknut · · Score: 4, Funny

    Well, it's not like I don't receive everyone elses personal files through email, courtesy of the Sircam worm.

  3. That's OK by cscx · · Score: 4, Funny

    Since Kazaa is spyware in the first place, what personal information is there to hide?

    Also, in a related topic, piloting planes is reserved for those who know what they are doing.

  4. Spyware by peterdaly · · Score: 3, Interesting

    Gives a whole new meaning to the term spy-ware...don't you think?

    -Pete

    --
    Soccer Goal Plans
  5. To refresh your memory by cscx · · Score: 5, Informative

    why do you think napster grew? people didn't know they were automatically sharing their files, and even if they did, they didn't want to turn it off or figure out how to stop people from getting their files because they wanted to use it to get other peoples files.

    Napster restricted users to sharing ".mp3" files only unless you applied a third-party patch.

    On the other hand, most people accept the default directory of "My Shared Folder" or whatnot. If you are sharing your entire drive (which you need to go out of your way to do) then I'm sorry, you're an idiot.

    My favorite part of the article:

    The word "folder" is singular, implying one folder, and does not hint that all folders below it will be recursively selected to be shared with others.

    So it's sharing the stuff in it, but it's not? Riiiight.

  6. Re:this is really disapointing by SirSlud · · Score: 4, Funny

    People like you usually repeat two lines ad-nauseum:

    1) Haha! What an idiot! They deserved to get taken advantage of!

    2) Mother fucking asshole, he took advantage of my mom/sister/father/brother/friend/etc .. thats not fair.

    It's rare to find someone brave enough (or forthright enough) to apply the 'buyer beware' scenario to people he/she cares about. Usually people tend to seperate the kinds of situations their social circle falls into and the kind of situations 'idiots' fall into, into two seperate classes of situations. Really, they are the same, so if you care about anybody enough to not think they are a moron for falling into any given trap, its not really justified to call other people idiots for doing so.

    --
    "Old man yells at systemd"
  7. Unfortunately by Gerrioholic99 · · Score: 4, Funny

    Sorry Judge, I didn't realize I was sharing all those ripped DVD's with the world... whoops!

  8. What's your point? by chill · · Score: 4, Insightful

    Most people are idiots when it comes to technology, that isn't a surprise. Look back when cable modems first started to take off and you'll see lots of stories of people running PC Anywhere without a password, or using Windows File Sharing and sharing their entire drive.

    Computers are complicated devices. Unless they are stripped down to do only one or two functions, like a play-only VCR, the majority of the public will not understand. Many of them don't WANT to understand -- they just want their e-mail, IM, MP3s and pr0n.

    Case in point -- KaZaA. It is KNOWN spyware, and has an embedded secondary network (Britewave?) yet despite this being well publicized (CNN, FoxNews, regular geek news like Slashdot) it is wildly popular.

    Why? It is *very* convenient, and people will put up with a ton of shit for convenience.

    What would be a real interesting study, is get this one publicized as all get out then do it again in 1 year. I bet the stats would be about the same.

    --
    Learning HOW to think is more important than learning WHAT to think.
    1. Re:What's your point? by Bert690 · · Score: 3, Insightful

      "Computers are complicated" is a cop out, though a common one thanks to the current status quo in software quality (for which Microsoft is mostly to blame). Software & computers don't have to be complicated. Read the report -- the problem could be solved by simple usability improvements to the GUI. Ignorant users will always be a given, and software should be engineered to deal with this fact.

  9. RIAA is getting its money back by Kirby-meister · · Score: 5, Funny

    "Thank you for your credit card number, 'l33tp3t3'."

    1. Re:RIAA is getting its money back by marhar · · Score: 4, Funny

      Good idea! "The tracks on this CD are available for purchase via the KAZAA network. Simply download the songs you like. We'll bill your credit card later."

  10. They are not idiots by Bamfsog · · Score: 5, Interesting

    I like the way computer geeks think anyone who doesn't know as much about computers as they do are idiots. I freely admit that some people are idiots, but others are just ignorant. Can you repair your own car? Build your own house? Hell, can you cook your own food? Then why are these people dumb because they aren't computer experts? I have worked helpdesk and user support for years and have run into more people who are perfectly normal nice people, who are afraid of their computers than people who are just morons. They can turn them on and (hopefully) get their job done, but thats about it.

    1. Re:They are not idiots by dvNull · · Score: 5, Insightful

      I have heard this argument before ..

      We as techs believe that a user must have rudeimentary knowledge on how to OPERATE the computer. Noone is asking them to be techs but they should know the minimum required to use the damn thing.

      If you are going to drive, you learn how to drive. If you are cooking you consult a cookbook and cook. Its not like you dont put effort into learning the task at hand.

      What bugs me the most is that people believe the computer should just work on whatever task they want it to. Do you get in your car and it should immediately read your mind and take you where you want to go? Or do you put all your groceries on top of the stove and hope for a gourmet meal?

      My mother went to a 2 week computer course when she bought a computer and she can do all basic tasks required. She knows where the Start Button is, how to get to the control panel and can distinguish between left, right and double click.

      Thats really all we techs want from the users. When we try to help them they should know the basic functionality of the computer so we can help them with their problems

      dvNuLL

    2. Re:They are not idiots by dvNull · · Score: 3, Interesting

      Maybe I am coming off differently, but what I am trying to say is that if someone plans to use the computer as a tool, they should try to get a Basic knowledge on how it works. My response isnt toward the Kazaa interface or Windows..

      I am not saying that a person who bought his first computer should learn how to write an OS from scratch using nothing but obfuscated perl. All I am suggesting is that when a person buys a tool for a job, he/she makes an attempt to learn some of the functionality. I know people who can do magic with Excel spreadsheets but when it comes to asking them to double click on an icon they get lost. I mean come on! Whats so hard about double clicking? Or finding the start button on your taskbar ? Are you telling me that expecting users to find that button labelled START is asking too much ??

      I dont expect everyone to be computer whiz, but I *do* expect people to try and get a working knowledge on using the tool they just bought.

      dvNuLL

    3. Re:They are not idiots by deft · · Score: 3, Insightful

      its actually pretty common for people who in a service role in a company to have some disdain for the people that they are paid to service.

      most IT people think that they are constantly having to deal with the morons above them, getting this way just because the IT people have chosen to focus on computers as their specialty.

      well, IT people arent special. they are what happens when you arent good enough to build a system... just maintain someone elses (for the most part). most of the resentment for upper management who cant configure outlook correctly probably comes from the narrow minded thinking that not knowing how to is stupid, and knowing how to makes them superior.

      well, most of those upper management people are probably too busy with their lives, their jobs, etc to deal with things like that. thats why there are IT people... to service and support the people who make the money for the company!

      so, go fix upper managements keyboard by plugging it back in... and remember he could learn how to troubleshoot a computer sys, but hes too busy being on the phone doing things that allow him to have a support staff to do them.

      --

      There's nothing Intelligent about Intelligent Design.
    4. Re:They are not idiots by jafac · · Score: 3, Insightful

      Oh, there are parallels much earlier in the auto industry.

      For instance - in the teens and twenties - many cars often had a knob or a lever on the dash for setting the spark advance. If the spark is too retarded, the engine has moved on and the exhaust valve is opening, and your opportunity for combustion is passed - the engine will stumble and die. But if the spark is too advanced, the engine will produce too much heat, as the piston is still heading upwards, and compressing when combustion occurs. Of course, as the speed of the engine changes, the requirements for timing the spark changes. The timing at 2000 rpm needs to be advanced compared to 800 rpm. So as you accelerated in these older cars, you had to manually set this lever on the dash to advance the timing so the engine didn't die. This was considered too complex for your average woman of the teens and twenties to handle, so there were various laws passed making it illegal for a woman to drive (I think most states have since repealed these laws. Most states).

      In later cars, ignition timing is handled by a mechanical "distributor" which advances the spark based on the speed the engine is running. This eliminated one whole control, one whole focus of attention.
      Later cars eliminated the high maintenance of the mechanical distributor by replacing it with an electronic timing system (electronic ignition).
      I don't think that there's a single person who will argue that "the old way" was better. Although a lot of people mourn the loss of distributors, everybody's happy about not having to set the timing advance on the dashboard as you accelerate.

      Other improvements include automatic transmissions. To this day, my wife refuses to learn to drive stick. Why should she have to do it when there's a perfectly good mechanical device designed to take care of this needless distraction for you? You can get from point a to point b just fine without a clutch and gearshift lever.

      Of course, macho purists will give you all kinds of rational explanations as to why driving stick is better; you can judge your speed by the engine note and knowldege of which gear you're in, which is obtained tactile-ly, so you don't have to take your eyes off the road to look at the speedometer. Manual transmissions are more efficient. Easier to maintain and repair. Allow more flexibility when you're driving hard.
      None of those things matter to the soccer mom with three screaming kids in the back of the van, trying to get them home in time for lunch.

      These are only a couple of examples of how the auto industry changed to meet the needs of people whose money it wanted.

      If the computer industry wants these people's money - if they truly want to sell a computer for every home - they're going to have to design a computer for EVERY home. Not just the niche geek market. Macintosh made computers more accessible - but not to the poor. Windows made computers more accessible, but simplicity was sacrificed for CHEAPNESS. Linux made computers even more accessible to low income people who were willing and able to "geek out". "modern" Linux (the last 2-3 years) is even more accessible to your typical Windows person - but still has a ways to go to be as simple as a Mac. Personally, while Apple did a great job making Mac OS X a SIMPLE to use Unix, it's a step backwards from the old OS in many ways - as far as mass-market usability is concerned. Nobody really hits that target yet. Or even comes close.
      I think that ultimately, file systems will have to be transparent. Data has to be accessible, without requiring the user to know about a directory structure. I know those sound pretty unrealistic - but I think that's the only way that, in the long run, "normal" people are going to be able to use computers productively enough to justify their use. Either that, or they're going to have to evolve into limited-use appliances.

      --

      These are my friends, See how they glisten. See this one shine, how he smiles in the light.
  11. I Did a Usability Study With P2P Also. by thedanceman · · Score: 4, Funny

    I shared videos of me dancing and nobody wanted to download them. It makes me cry every day when I look at the results of my scientific study.

  12. Good point, but in most cases... by Sodakar · · Score: 5, Insightful

    Just out of curiosity, I ran the install myself, and I observed that while the sharing scheme isn't 100% clear or too concerned about the user's privacy, it's still not nearly as bad as the outright installation of spyware, which Kazaa does anyway. I also asked a small group of novice users to try it out, and found that:

    1) The default shared folder is C:\Program Files\Kazaa\My Shared Folder. A vanilla user with a vanilla install would not have had that directory, and would not have any private files in here to begin with. Most novice users I polled understood that this was the folder which the public would access, and that private files should never be placed there. So... simply clicking "Next" on the install repeatedly doesn't endanger the person's privacy. (well, spyware is still installed, but you get my point)

    2) When selecting another folder to share, I found that all of the novice users I polled stored their music in a directory strictly for music, and that subdirectories would contain nothing but music. So, if someone is sharing C:\My Documents\My Music\, they would not be sharing files in the parent directory, where private documents are stored. Realistically, I can't think of too many cases where someone would store private files in a directory made specifically for music. Granted, the user could still accidentally put files there, or accidentally share C:\My Documents, but at that point, it's user error.
    3) When selecting an entire drive to share and download music, eg, C:\, all (yes, all) of the users were unwilling to proceed, as they didn't want files piling up in the root directory, and they didn't like the idea of sharing the entire drive. (though this was never specified in the software)

    So... what I'm saying is: Common sense and "install: next, next, next" seemed to prevail in the small group of novice users I polled... While I agree wholeheartedly that Kazaa does *NOTHING* to discourage or warn users of sharing their entire drives, I guess this shouldn't come as a surprise considering the company's history.

    Just thought I'd share...

    1. Re:Good point, but in most cases... by Caradoc · · Score: 3, Insightful

      "Novice users" doesn't mean a whole lot to me. What is your group of "novice users" representative of? College students? Joe Average blue-collar workers? High school graduates? Retirement community inhabitants?

      And what's a "small group?"

      Given that your "novice users" already had music stored in a particular directory, I somehow doubt that they were entirely computer newbies.

      Find a group of people who don't know what a mouse is for, and see if they can share files without putting their entire drive at risk...

      --
      Specialization is for insects. - R.A.H.
    2. Re:Good point, but in most cases... by ckedge · · Score: 3, Informative


      Kazaa's "shared folder selector" has a failure mode, a bug, where you select a deep level subdirectory and click "ok" or "apply" and it actually shares the entire hard drive. If you re-open the shared-folder gui, it will show your entire drive shared.

      So it's not simply a user interface usability issue. There is a known bug in the code that causes entire drives to be shared when all you are doing is selecting a specific subdirectory.

  13. Re:this is really disapointing by cyril3 · · Score: 3, Funny
    Not true.

    The only difference is I don't tell my friends they are morons. I think it, but I don't tell them.

    In fact I'm unlikely to tell not-friends they are idiots either especially if they are anywhere within striking distance.

  14. Re:So what do we do? by analog_line · · Score: 5, Informative

    What we need is for people to understand is that most of the current crop of P2P software was designed either in a slipshod and dangerous manner, or intentionally maliciously.

    Whenever I find anyone I know running P2P software, I recommend that they uninstall it completely (and if possible wipe and reinstall the hard drive, the gods knows what some of these "commercial" ones do to you) or failing that, I'll recommend that they strictly limit all sharing activity to a single folder, and to move all downloaded items out of it after they've finished, and to make sure that the software actually closes when you quit (many keep running I've found), and to quit immediately after you've finished.

    I'd rather these people be seen as leeches than fall vitcim to any back doors that may have been programmed into them. Gnutella may be open source, but it's crap. Everything else I don't trust one single bit.

  15. Echelon by herraukuli · · Score: 4, Funny

    So what? Everything is already shared via Echelon file sharing system...

  16. DUH by Anonymous Coward · · Score: 3, Funny

    1) Computer software is COMPLICATED.
    2) 90% of computer users are IDIOTS.
    3) Spyware peddlers are UNETHICAL.

    You needed to write a paper to investigate these completely unobvious claims?

    Where do I get some of that action?

    I want to get some academic funding to investigate whether hot strippers, on average, have big titties!

  17. Re:Fools and their money... by Jester998 · · Score: 5, Interesting

    Actually, as a case-in-point:
    I just did a search in Kazaa Lite for ".doc", and came back with a whole pile of results. Downloaded a bunch just for kicks (I'm in the process of emailing the owners where possible... let's see how many get the hint. :), and believe it or not, one of the files was a copy-and-pasted e-commerce order confirmation. The real kicker? This document listed FULL credit card information (name on card, card type, card number, expiry date, billing address, everything).

    Scary.

    - Jester

  18. Virtual machines by mccalli · · Score: 4, Insightful
    I've made this comment before when file sharing comes up.

    File sharing is a dubious business at best, and most of the companies involved in it will try to manipulate your machine in one way or another.

    So...let them. Let them prat about with your machine to their heart's content. Let them install all the spyware in the world. Let them share every file that's ever been placed on it. Just one thing - make sure it's not a real machine.

    In other words, make use of the virtual machine programs kicking about. VMWare for most, Virtual PC in my case. Use that machine for nothing but running your P2P clients. No email, no web browsing, nothing. Just run your clients and enjoy. Let them spy on everything happening within that machine, because the only thing happening on that machine is the running of their own software.

    Cheers,
    Ian