Jens Grossklags, Na Wang & Heng Xu: A field study of social applications’ data practices & authentication and authorization dialogues

Comment by: Ross Anderson

PLSC 2012

Workshop draft abstract:

Several studies have documented the constantly evolving privacy practices of social networking sites and users’ misunderstandings about them. Justifiably, users have criticized the interfaces to “configure” their privacy preferences as opaque, disjointed, uninformative and ultimately ineffective. The same problems have also plagued the constantly growing economy of third-party applications and their equally troubling authentication and authorization dialogues with important options being unavailable at installation time and/or widely distributed across the sites’ privacy options pages.

In this paper, we report the results of a field study of the current authorization dialogue as well as four novel designs of installation dialogues for the dominant social networking site. In particular, we study and document the effectiveness of installation-time configuration and awareness-enhancing interface changes when 250 users investigate our experimental application in the privacy of their homes.