Slashdot Mirror

← Back to Stories (view on slashdot.org)

Kazaa Usability Study

Posted by michael on from the painful-lessons dept.

Anonymous Coward writes "We have just finished a study that shows how user interface design flaws allow users on Kazaa to share their personal files without their knowledge. In a laboratory user study, only 2 out of 12 subjects were able to correctly determine that Kazaa was sharing their entire hard drive. We looked at the current Kazaa network and discovered that many users are sharing personal information such as email and data for financial programs such as Microsoft Money. To see if other users on Kazaa were aware of this and taking advantage of users ignorance, we ran a Kazaa client for 24 hours with dummy personal files. During this time, files named "Inbox.dbx" and "Credit Cards.xls" were downloaded from our client by several unique users. The tech report is online, or see our lab web page."

17 of 279 comments (clear)

  1. Sircam by pknut · · Score: 4, Funny

    Well, it's not like I don't receive everyone elses personal files through email, courtesy of the Sircam worm.

  2. That's OK by cscx · · Score: 4, Funny

    Since Kazaa is spyware in the first place, what personal information is there to hide?

    Also, in a related topic, piloting planes is reserved for those who know what they are doing.

  3. Re:out of the technical journal DUH. by SirSlud · · Score: 5, Interesting

    Um. What if the question was:

    Do you want to share:

    1) Your media files.
    2) Your personal files.
    3) Both.

    You contend the answer is 3. I say its 1. There is a big difference between sharing my mp3s and sharing my personal inbox.

    --
    "Old man yells at systemd"
  4. To refresh your memory by cscx · · Score: 5, Informative

    why do you think napster grew? people didn't know they were automatically sharing their files, and even if they did, they didn't want to turn it off or figure out how to stop people from getting their files because they wanted to use it to get other peoples files.

    Napster restricted users to sharing ".mp3" files only unless you applied a third-party patch.

    On the other hand, most people accept the default directory of "My Shared Folder" or whatnot. If you are sharing your entire drive (which you need to go out of your way to do) then I'm sorry, you're an idiot.

    My favorite part of the article:

    The word "folder" is singular, implying one folder, and does not hint that all folders below it will be recursively selected to be shared with others.

    So it's sharing the stuff in it, but it's not? Riiiight.

  5. Re:this is really disapointing by SirSlud · · Score: 4, Funny

    People like you usually repeat two lines ad-nauseum:

    1) Haha! What an idiot! They deserved to get taken advantage of!

    2) Mother fucking asshole, he took advantage of my mom/sister/father/brother/friend/etc .. thats not fair.

    It's rare to find someone brave enough (or forthright enough) to apply the 'buyer beware' scenario to people he/she cares about. Usually people tend to seperate the kinds of situations their social circle falls into and the kind of situations 'idiots' fall into, into two seperate classes of situations. Really, they are the same, so if you care about anybody enough to not think they are a moron for falling into any given trap, its not really justified to call other people idiots for doing so.

    --
    "Old man yells at systemd"
  6. Unfortunately by Gerrioholic99 · · Score: 4, Funny

    Sorry Judge, I didn't realize I was sharing all those ripped DVD's with the world... whoops!

  7. What's your point? by chill · · Score: 4, Insightful

    Most people are idiots when it comes to technology, that isn't a surprise. Look back when cable modems first started to take off and you'll see lots of stories of people running PC Anywhere without a password, or using Windows File Sharing and sharing their entire drive.

    Computers are complicated devices. Unless they are stripped down to do only one or two functions, like a play-only VCR, the majority of the public will not understand. Many of them don't WANT to understand -- they just want their e-mail, IM, MP3s and pr0n.

    Case in point -- KaZaA. It is KNOWN spyware, and has an embedded secondary network (Britewave?) yet despite this being well publicized (CNN, FoxNews, regular geek news like Slashdot) it is wildly popular.

    Why? It is *very* convenient, and people will put up with a ton of shit for convenience.

    What would be a real interesting study, is get this one publicized as all get out then do it again in 1 year. I bet the stats would be about the same.

    --
    Learning HOW to think is more important than learning WHAT to think.
  8. RIAA is getting its money back by Kirby-meister · · Score: 5, Funny

    "Thank you for your credit card number, 'l33tp3t3'."

    1. Re:RIAA is getting its money back by marhar · · Score: 4, Funny

      Good idea! "The tracks on this CD are available for purchase via the KAZAA network. Simply download the songs you like. We'll bill your credit card later."

  9. They are not idiots by Bamfsog · · Score: 5, Interesting

    I like the way computer geeks think anyone who doesn't know as much about computers as they do are idiots. I freely admit that some people are idiots, but others are just ignorant. Can you repair your own car? Build your own house? Hell, can you cook your own food? Then why are these people dumb because they aren't computer experts? I have worked helpdesk and user support for years and have run into more people who are perfectly normal nice people, who are afraid of their computers than people who are just morons. They can turn them on and (hopefully) get their job done, but thats about it.

    1. Re:They are not idiots by dvNull · · Score: 5, Insightful

      I have heard this argument before ..

      We as techs believe that a user must have rudeimentary knowledge on how to OPERATE the computer. Noone is asking them to be techs but they should know the minimum required to use the damn thing.

      If you are going to drive, you learn how to drive. If you are cooking you consult a cookbook and cook. Its not like you dont put effort into learning the task at hand.

      What bugs me the most is that people believe the computer should just work on whatever task they want it to. Do you get in your car and it should immediately read your mind and take you where you want to go? Or do you put all your groceries on top of the stove and hope for a gourmet meal?

      My mother went to a 2 week computer course when she bought a computer and she can do all basic tasks required. She knows where the Start Button is, how to get to the control panel and can distinguish between left, right and double click.

      Thats really all we techs want from the users. When we try to help them they should know the basic functionality of the computer so we can help them with their problems

      dvNuLL

  10. I Did a Usability Study With P2P Also. by thedanceman · · Score: 4, Funny

    I shared videos of me dancing and nobody wanted to download them. It makes me cry every day when I look at the results of my scientific study.

  11. Good point, but in most cases... by Sodakar · · Score: 5, Insightful

    Just out of curiosity, I ran the install myself, and I observed that while the sharing scheme isn't 100% clear or too concerned about the user's privacy, it's still not nearly as bad as the outright installation of spyware, which Kazaa does anyway. I also asked a small group of novice users to try it out, and found that:

    1) The default shared folder is C:\Program Files\Kazaa\My Shared Folder. A vanilla user with a vanilla install would not have had that directory, and would not have any private files in here to begin with. Most novice users I polled understood that this was the folder which the public would access, and that private files should never be placed there. So... simply clicking "Next" on the install repeatedly doesn't endanger the person's privacy. (well, spyware is still installed, but you get my point)

    2) When selecting another folder to share, I found that all of the novice users I polled stored their music in a directory strictly for music, and that subdirectories would contain nothing but music. So, if someone is sharing C:\My Documents\My Music\, they would not be sharing files in the parent directory, where private documents are stored. Realistically, I can't think of too many cases where someone would store private files in a directory made specifically for music. Granted, the user could still accidentally put files there, or accidentally share C:\My Documents, but at that point, it's user error.
    3) When selecting an entire drive to share and download music, eg, C:\, all (yes, all) of the users were unwilling to proceed, as they didn't want files piling up in the root directory, and they didn't like the idea of sharing the entire drive. (though this was never specified in the software)

    So... what I'm saying is: Common sense and "install: next, next, next" seemed to prevail in the small group of novice users I polled... While I agree wholeheartedly that Kazaa does *NOTHING* to discourage or warn users of sharing their entire drives, I guess this shouldn't come as a surprise considering the company's history.

    Just thought I'd share...

  12. Re:So what do we do? by analog_line · · Score: 5, Informative

    What we need is for people to understand is that most of the current crop of P2P software was designed either in a slipshod and dangerous manner, or intentionally maliciously.

    Whenever I find anyone I know running P2P software, I recommend that they uninstall it completely (and if possible wipe and reinstall the hard drive, the gods knows what some of these "commercial" ones do to you) or failing that, I'll recommend that they strictly limit all sharing activity to a single folder, and to move all downloaded items out of it after they've finished, and to make sure that the software actually closes when you quit (many keep running I've found), and to quit immediately after you've finished.

    I'd rather these people be seen as leeches than fall vitcim to any back doors that may have been programmed into them. Gnutella may be open source, but it's crap. Everything else I don't trust one single bit.

  13. Echelon by herraukuli · · Score: 4, Funny

    So what? Everything is already shared via Echelon file sharing system...

  14. Re:Fools and their money... by Jester998 · · Score: 5, Interesting

    Actually, as a case-in-point:
    I just did a search in Kazaa Lite for ".doc", and came back with a whole pile of results. Downloaded a bunch just for kicks (I'm in the process of emailing the owners where possible... let's see how many get the hint. :), and believe it or not, one of the files was a copy-and-pasted e-commerce order confirmation. The real kicker? This document listed FULL credit card information (name on card, card type, card number, expiry date, billing address, everything).

    Scary.

    - Jester

  15. Virtual machines by mccalli · · Score: 4, Insightful
    I've made this comment before when file sharing comes up.

    File sharing is a dubious business at best, and most of the companies involved in it will try to manipulate your machine in one way or another.

    So...let them. Let them prat about with your machine to their heart's content. Let them install all the spyware in the world. Let them share every file that's ever been placed on it. Just one thing - make sure it's not a real machine.

    In other words, make use of the virtual machine programs kicking about. VMWare for most, Virtual PC in my case. Use that machine for nothing but running your P2P clients. No email, no web browsing, nothing. Just run your clients and enjoy. Let them spy on everything happening within that machine, because the only thing happening on that machine is the running of their own software.

    Cheers,
    Ian