Tools that aim to let Web surfers block companies from tracking their online surfing are currently ineffective, according to a new study [1]from Carnegie Mellon University. Many available tools are challenging for users to configure and sometimes hinder users’ overall Web surfing experience, the study found.

One way to make the tools more effective could be to simplify configuration, giving users one or just a few major decisions to make about the type of tracking they find acceptable, according to Lorrie Cranor, director of Carnegie Mellon’s CyLab Usable Privacy and Security Laboratory, which conducted the study. Currently, users sometimes need to choose individual companies to block out of long lists, for example.

The study looked at nine available tools meant to help users block online tracking, which advertising companies sometimes conduct to present Web surfers with more targeted advertisements. Some of the tools that were tested by the study’s 45 participants were built into major Web browsers. Other tools let users go to advertising industry Web sites and then choose certain advertising companies to block. Some tools focus on blocking Web tracking “cookies” and other types of technology commonly used to track online activity.

The study found “serious” usability flaws in all the tools tested. In many cases, participants thought they had blocked certain advertisers or tracking but had not.

Another challenge was that users tended to be unfamiliar with most of the advertising companies they were sometimes given the option to block. “A lot of these [privacy tool] approaches are asking users to make detailed decisions trusting particular advertising companies, none of which they’ve ever heard of,” Cranor told Security Management. Another challenge is that lists of advertising companies to block appear to be “changing constantly.”

Growing concerns over online behavioral advertising have led some privacy advocates, regulators, and Members of Congress to call for a federally mandated do-not-track mechanism. The study results “suggest that the current approach of advertising industry self-regulation through opt-out mechanisms is fundamentally flawed,” it states.

Participants were more pleased with some tools than others. Users testing Mozilla Firefox's built-in tools were able to configure and accurately describe their privacy settings, for instance. One participant blocked both first- and third-party cookies, but added certain exceptions to permit Web sites she uses. Firefox "seems to be effective at limiting cookies," she was quited as saying in the study. "I like more stringent privacy settings, but I have some exceptions." Firefox's privacy settings are continuing to evolve, said Sid Stamm, Mozilla's privacy engineer, in an e-mail, to make them "easier for users to navigate and understand."

One way to make the tools more effective, according to Cranor, would be to provide users with one or just a few major decisions to make about how they are tracked online. One way to do this would be to group advertisers into certain broad categories, she said, depending on how they promise to safeguard users’ data. Consumers might be given the option to block certain types of data collection, such as when it’s used to deliver healthcare-related advertising, for example. One goal could be to separate out “things that are common on the Web and things that will cause privacy concerns.”

But Cranor said that making changes such as the above could face challenges. One is that advertising groups, technology companies, privacy advocates, and others may have difficulty coming up with precise and enforceable agreements over which types of tracking and advertising is appropriate under various circumstances.

Photo by Daniel Caw/Flickr [2]

Thumbnail: