Slashdot Mirror

← Back to Stories (view on slashdot.org)

Kazaa Usability Study

Posted by michael on from the painful-lessons dept.

Anonymous Coward writes "We have just finished a study that shows how user interface design flaws allow users on Kazaa to share their personal files without their knowledge. In a laboratory user study, only 2 out of 12 subjects were able to correctly determine that Kazaa was sharing their entire hard drive. We looked at the current Kazaa network and discovered that many users are sharing personal information such as email and data for financial programs such as Microsoft Money. To see if other users on Kazaa were aware of this and taking advantage of users ignorance, we ran a Kazaa client for 24 hours with dummy personal files. During this time, files named "Inbox.dbx" and "Credit Cards.xls" were downloaded from our client by several unique users. The tech report is online, or see our lab web page."

8 of 279 comments (clear)

  1. Re:out of the technical journal DUH. by SirSlud · · Score: 5, Interesting

    Um. What if the question was:

    Do you want to share:

    1) Your media files.
    2) Your personal files.
    3) Both.

    You contend the answer is 3. I say its 1. There is a big difference between sharing my mp3s and sharing my personal inbox.

    --
    "Old man yells at systemd"
  2. To refresh your memory by cscx · · Score: 5, Informative

    why do you think napster grew? people didn't know they were automatically sharing their files, and even if they did, they didn't want to turn it off or figure out how to stop people from getting their files because they wanted to use it to get other peoples files.

    Napster restricted users to sharing ".mp3" files only unless you applied a third-party patch.

    On the other hand, most people accept the default directory of "My Shared Folder" or whatnot. If you are sharing your entire drive (which you need to go out of your way to do) then I'm sorry, you're an idiot.

    My favorite part of the article:

    The word "folder" is singular, implying one folder, and does not hint that all folders below it will be recursively selected to be shared with others.

    So it's sharing the stuff in it, but it's not? Riiiight.

  3. RIAA is getting its money back by Kirby-meister · · Score: 5, Funny

    "Thank you for your credit card number, 'l33tp3t3'."

  4. They are not idiots by Bamfsog · · Score: 5, Interesting

    I like the way computer geeks think anyone who doesn't know as much about computers as they do are idiots. I freely admit that some people are idiots, but others are just ignorant. Can you repair your own car? Build your own house? Hell, can you cook your own food? Then why are these people dumb because they aren't computer experts? I have worked helpdesk and user support for years and have run into more people who are perfectly normal nice people, who are afraid of their computers than people who are just morons. They can turn them on and (hopefully) get their job done, but thats about it.

    1. Re:They are not idiots by dvNull · · Score: 5, Insightful

      I have heard this argument before ..

      We as techs believe that a user must have rudeimentary knowledge on how to OPERATE the computer. Noone is asking them to be techs but they should know the minimum required to use the damn thing.

      If you are going to drive, you learn how to drive. If you are cooking you consult a cookbook and cook. Its not like you dont put effort into learning the task at hand.

      What bugs me the most is that people believe the computer should just work on whatever task they want it to. Do you get in your car and it should immediately read your mind and take you where you want to go? Or do you put all your groceries on top of the stove and hope for a gourmet meal?

      My mother went to a 2 week computer course when she bought a computer and she can do all basic tasks required. She knows where the Start Button is, how to get to the control panel and can distinguish between left, right and double click.

      Thats really all we techs want from the users. When we try to help them they should know the basic functionality of the computer so we can help them with their problems

      dvNuLL

  5. Good point, but in most cases... by Sodakar · · Score: 5, Insightful

    Just out of curiosity, I ran the install myself, and I observed that while the sharing scheme isn't 100% clear or too concerned about the user's privacy, it's still not nearly as bad as the outright installation of spyware, which Kazaa does anyway. I also asked a small group of novice users to try it out, and found that:

    1) The default shared folder is C:\Program Files\Kazaa\My Shared Folder. A vanilla user with a vanilla install would not have had that directory, and would not have any private files in here to begin with. Most novice users I polled understood that this was the folder which the public would access, and that private files should never be placed there. So... simply clicking "Next" on the install repeatedly doesn't endanger the person's privacy. (well, spyware is still installed, but you get my point)

    2) When selecting another folder to share, I found that all of the novice users I polled stored their music in a directory strictly for music, and that subdirectories would contain nothing but music. So, if someone is sharing C:\My Documents\My Music\, they would not be sharing files in the parent directory, where private documents are stored. Realistically, I can't think of too many cases where someone would store private files in a directory made specifically for music. Granted, the user could still accidentally put files there, or accidentally share C:\My Documents, but at that point, it's user error.
    3) When selecting an entire drive to share and download music, eg, C:\, all (yes, all) of the users were unwilling to proceed, as they didn't want files piling up in the root directory, and they didn't like the idea of sharing the entire drive. (though this was never specified in the software)

    So... what I'm saying is: Common sense and "install: next, next, next" seemed to prevail in the small group of novice users I polled... While I agree wholeheartedly that Kazaa does *NOTHING* to discourage or warn users of sharing their entire drives, I guess this shouldn't come as a surprise considering the company's history.

    Just thought I'd share...

  6. Re:So what do we do? by analog_line · · Score: 5, Informative

    What we need is for people to understand is that most of the current crop of P2P software was designed either in a slipshod and dangerous manner, or intentionally maliciously.

    Whenever I find anyone I know running P2P software, I recommend that they uninstall it completely (and if possible wipe and reinstall the hard drive, the gods knows what some of these "commercial" ones do to you) or failing that, I'll recommend that they strictly limit all sharing activity to a single folder, and to move all downloaded items out of it after they've finished, and to make sure that the software actually closes when you quit (many keep running I've found), and to quit immediately after you've finished.

    I'd rather these people be seen as leeches than fall vitcim to any back doors that may have been programmed into them. Gnutella may be open source, but it's crap. Everything else I don't trust one single bit.

  7. Re:Fools and their money... by Jester998 · · Score: 5, Interesting

    Actually, as a case-in-point:
    I just did a search in Kazaa Lite for ".doc", and came back with a whole pile of results. Downloaded a bunch just for kicks (I'm in the process of emailing the owners where possible... let's see how many get the hint. :), and believe it or not, one of the files was a copy-and-pasted e-commerce order confirmation. The real kicker? This document listed FULL credit card information (name on card, card type, card number, expiry date, billing address, everything).

    Scary.

    - Jester