Explore
For Enterprise
Join for Free
Log In

Гуманитарные науки и искусства
Бизнес
Компьютерные науки
Наука о данных
Информационные технологии
здоровье
Математика и логика
Личное развитие
Естественные и технические науки
Социальные науки
Изучение языков
Степени
Сертификаты

Полный обзор Coursera

Обзор
Поиск
Для организаций
Войти
Присоединиться бесплатно

Privacy Policies and User Understanding

Loading...

Практическая безопасность

Мэрилендский университет в Колледж-Парке

4.5 (оценок: 1,520) | Зарегистрировано учащихся: 37K

Курс 1 из 5 — Безопасность в киберпространстве Специализация

This course focuses on how to design and build secure systems with a human-centric focus. We will look at basic principles of human-computer interaction, and apply these insights to the design of secure systems with the goal of developing security measures that respect human performance and their goals within a system.

Просмотреть программу курса

Получаемые навыки

Cybersecurity, Usability, Privacy, User Interface

Рецензии

4.5 (оценок: 1,520)

5 stars
997 ratings
4 stars
393 ratings
3 stars
78 ratings
2 stars
23 ratings
1 star
29 ratings

MM

Sep 22, 2017

I am really happy to join this perfect course . i want to continue in this course and i will every time of my life to learn many things . specially from the Coursera community thank you very much.

KM

Jul 15, 2018

It gave me a broader scope in terms of developing a process or a system. It taught me that designing usability and security must come during the early stages of design instead of an after thought.

Из урока

Week 6

Usable Privacy: privacy settings, personal data sharing, data inference

Usable Privacy Basics8:39

Privacy Policies and User Understanding9:50

Informed Consent for Privacy13:56

5 Pitfalls of Privacy9:35

Inferring Personal Data and Policy 10:51

Преподаватели

Jennifer Golbeck
Director

Текст видео

[SOUND] In this video we're going to look at privacy

policies and user understanding, of those policies.

It's critical if users are to control their privacy that they

understand privacy policies.

This actually spells out how their data's going to be shared,

what's collected, who gets access to it and so on.

But do users actually understand, what these policies say?

Well what we do know is that most people don't read privacy policies.

About 16% of people say they read them all the time.

But, the fact is that when people do read them,

they don't necessarily understand them.

And, in fact, about half of people who say they've read a privacy policy,

say they know they don't understand what was in there.

So we have a pretty good idea that, even when people take the time to

read these privacy policies, they don't really know what's going on.

And that's concerning.

If we want people to have control over their privacy,

they need to know whats being done with their data and what the options are.

If the one document that spells that out is inaccessible and hard to read,

then there can be a real problem in people understanding what's going on.

How do we learn?

Well, people can read the privacy policies,

that's one way to learn what the policy is, though it can be difficult.

But you can also discover through other sources.

And there's one particular alternative source that we're going to look at in

this video in a minute.

[SOUND] What we're going to look at here is a quick experiment.

And this is based on research that was done, with a few 100 users.

This focused on, Facebook Apps.

So these are things like games and quizzes that you install in your

Facebook profile and that run in the Facebook platform.

Those Apps can access a lot of personal data.

And, the kind of data that's shared with those Apps is described in

Facebook's privacy policy.

So the experiment's pretty straightforward, we ask people,

what data they think Apps can access.

They are just given, a long list of data point, and asked,

is this something Apps can potentially access or not?

And then we asked them the same questions again about what data they

think Apps can access.

If they've, underestimated the data that can be accessed in the first step, and

then learned something in the second step, hopefully we will see an increase,

in the data that they think can be accessed, when we ask them a second time.

So let's take a look at the two sources that we're looking at here,

the privacy policy and the video.

We'll start with the Facebook privacy policy.

Facebook's privacy policy is spelled out in this page,

called it's Daily Use Policy.

It's written in pretty accessible English.

There's not a lot of legalese in here, and if we just look at a few random sections,

for example here it says your information, is the information that's required when

you sign up for the site, as well as the information you choose to share.

They go through and enumerate the types of information.

And if we keep going, they for example have a section on public information, and

they explain when we use the phrase public information, which we sometimes refer to

as everyone information, we mean the information you choose to make public,

as well as the information that's always publicly available.

They explain how you make things public.

What's always publicly available and so on.

It's a pretty accessible policy, it definitely takes a while to read but

it's not 100s of pages long.

And it gives a pretty decent idea at a high level, of what information is shared.

At the same time it doesn't go into detail, about what Apps or

what people, can potentially access what parts of your profile.

The video that we're going to look at is Take this Lollipop.

There's a link, to this site so you can actually run this video yourself.

It's an interactive kind of horror movie,

that integrates data from your Facebook profile into, a prescripted film.

What we're going to look at is information taken from my, Facebook page.

so, it's going to be a little bit scary but also a little bit foreign.

If you do it with your own privacy policy,

[SOUND] it actually ends up being a very creepy experience.

You ca, don't have to worry about your information being stolen,

although the video is kind of creepy they have a very clear privacy policy.

They don't collect anything and they really just use the access to

your Facebook, page that you give them, in order to produce this film for you.

It's not shared with anyone else.

So, if you feel like it, go ahead and give that a try.

In the mean time you can take a look at it running in my profile.

[MUSIC]

[SOUND] So we had users answer some questions about what

data they thought Apps could access.

They either watched that terrifying video or read a privacy policy.

And then we asked them again, about what data they thought Apps could access.

The results, first, every user, that participated in

the study underestimated what data could be accessed, when they were first asked.

So in the first round,

nobody understood the full extent to which Apps could access data from Facebook.

After they watched the video, or read the privacy policy,

every user improved in their understanding of what data, Apps could access.

They didn't all get it all right, but we saw a remarkable and significant

improvement, in their understanding of how their data was shared.

And, the video led to greater improvements in user understanding.

So, even when people were forced to sit down and

read Facebook's pretty accessible privacy policy, they missed a lot of things,

that people understood after watching the video.

Probably because the video, illustrates quite clearly what data can be

pulled by Apps, because it shows it to the user in that case.

So what are the implications of that study?

First privacy policies are boring and hard to read, users tell us this all the time.

And, that means they have poor usability.

We talk about usability in terms of interfaces and user experience.

But documents can have poor usability too.

User preference is clearly against the privacy policy and in fact,

they can lead to user not understanding things correctly,

which we could consider an error.

They have low efficiency.

They're definitely, slow to read.

It takes, a much longer time, in fact, to read the privacy policy.

Than it does to watch than video, which lasts about two minutes and, the users

don't like them but, we know that privacy policies are also, really important.

So, we don't just want to give up on them, because users don't like them.

There has to be some way to convey this information.

So really what we really come away with is this question, are there more usable ways,

to convey the information that's in a privacy policy?

Can we make a privacy policy that has, higher usability?

That video may be one step, but, the fact is that, this is an open question.

We're just getting to the point, where, privacy policies are really important.

It's something that the last five or

ten years, has really sprung up on us where users are sharing so much data.

So, this is something that you can go forward on as people who understand HCI,

user needs and privacy.

And, hopefully, try to find a better way,

to convey the information privacy policies described.

So that users can really understand that data.

[SOUND]

Ознакомьтесь с нашим каталогом

Присоединяйтесь бесплатно и получайте персонализированные рекомендации, обновления и предложения.

Coursera делает лучшее в мире образование доступным каждому, предлагая онлайн-курсы от ведущих университетов и организаций.

© Coursera Inc., 2019 Все права защищены.

Загрузить из App Store

Загрузить в Google Play

Coursera
О проекте
Руководство
Карьера
Каталог
Сертификаты
Сертификаты MasterTrack™
Степени
Для организаций
Для правительственных организаций

Сообщество
Learners
Partners
Developers
Beta Testers
Translators

На связи
Блог
Facebook
LinkedIn
Twitter
Instagram
YouTube
Технический блог

Еще
Условия
Конфиденциальность
Помощь
Доступность
Пресса
Контакты
Справочник
Филиалы