Stopping spyware at the gate: A user study of privacy, notice and spyware

Nathaniel Good, Rachna Dhamija, Jens Grossklags, David Thaw, Steven Aronowitz, Deirdre Mulligan, Joseph Konstan

Research output: Chapter in Book/Report/Conference proceedingConference contribution

68 Scopus citations


Spyware is a significant problem for most computer users. The term "spyware" loosely describes a new class of computer software. This type of software may track user activities online and offline, provide targeted advertising and/or engage in other types of activities that users describe as invasive or undesirable. While the magnitude of the spyware problem is well documented, recent studies have had only limited success in explaining the broad range of user behaviors that contribute to the proliferation of spyware. As opposed to viruses and other malicious code, users themselves often have a choice whether they want to install these programs. In this paper, we discuss an ecological study of users installing five real world applications. In particular, we seek to understand the influence of the form and content of notices (e.g., EULAs) on user's installation decisions. Our study indicates that while notice is important, notice alone may not be enough to affect users' decisions to install an application. We found that users have limited understanding of EULA content and little desire to read lengthy notices. Users found short, concise notices more useful, and noticed them more often, yet they did not have a significant effect on installation for our population. When users were informed of the actual contents of the EULAs to which they agreed, we found that users often regret their installation decisions. We discovered that regardless of the bundled content, users will often install an application if they believe the utility is high enough. However, we discovered that privacy and security become important factors when choosing between two applications with similar functionality. Given two similar programs (e.g, KaZaA and Edonkey), consumers will choose the one they believe to be less invasive and more stable. We also found that providing vague information in EULAs and short notices can create an unwarranted impression of increased security. In these cases, it may be helpful to have a standardized format for assessing the possible options and trade-offs between applications.

Original languageEnglish (US)
Title of host publicationSOUPS 2005 - Proceedings of the Symposium on Usable Privacy and Security
Number of pages10
StatePublished - 2005
EventSymposium on Usable Privacy and Security, SOUPS 2005 - Pittsburgh, PA, United States
Duration: Jul 6 2005Jul 8 2005

Publication series

NameACM International Conference Proceeding Series


OtherSymposium on Usable Privacy and Security, SOUPS 2005
Country/TerritoryUnited States
CityPittsburgh, PA

All Science Journal Classification (ASJC) codes

  • Software
  • Human-Computer Interaction
  • Computer Vision and Pattern Recognition
  • Computer Networks and Communications


Dive into the research topics of 'Stopping spyware at the gate: A user study of privacy, notice and spyware'. Together they form a unique fingerprint.

Cite this