Usability and Privacy

The internet's most popular Peer-to-peer (P2P) file-sharing software has a little problem: Users of KaZaA could be shocked to discover that they might be sharing more than they intended. In a study we conducted, 63% of the searches for private email inboxes on KaZaA were successful. Many of these people were sharing much more—some were sharing their whole hard drive.

We also discovered a number of users taking advantage of this problem. We set up machine sharing files such as "creditcards. xls," "inbox.dbx," and "outbox. pst." A number of users downloaded them. A more recent search revealed that a number of users had acquired quite a collection of inboxes that were in turn being shared for others to download. Conversations on Slashdot, a popular Web forum, were about users who were able to download bank statements, account passwords, Social Security numbers, and more.

How could this happen? While most bugs that make headline news are due to careless software implementations exploited by skilled hackers, the problems in KaZaA center around its user interface. In this article, we'll look at one of the KaZaA application's flaws, then suggest ways to prevent such flaws.

The KaZaA Interface
The default settings vary among different versions of KaZaA. We'll discuss version 1.71. In this version, file sharing is disabled by default. This means that users can download files from other computers, but their files are shared with no one. The danger comes when the user modifies the settings. For example, suppose a user installing KaZaA already has a number of image files on his disk that he desires to share. How might he do it?

KaZaA provides several interfaces for sharing files. Two are located in the Tools Menu under "Find Shared Files." Selecting this menu item brings up a dialog box with several choices. One choice is to press the “Search Wizard” button and have KaZaA automatically discover files for the user. After searching, the wizard returns a list of folders that it recommends for the user to share with other KaZaA users (see Figure 1). It recommends folders containing documents (such as the default Windows My Documents folder), image files, and multi-media files, such as music and video. How might this interface cause people to share the wrong files?

One problem with this interface is that it does not describe what criteria it uses to find folders to share. For example, it does not say what files in the "My Documents" folder will be shared, or describe the particular attributes of the "My Documents" folder that caused it to be recommended for sharing. The interface assumes users know what can be shared by a file-sharing program and what the program is looking for.

Another problem is that the "Tip" message (see Figure 1) is the only part of the interface that warns the user about the risk of sharing files they may not want to share. It is unclear whether or not users even read this message, and it is uncertain if they would remember the instructions for stopping the sharing of such files if they did read them. The tip also says that users must remove the files one by one if they choose not to share them. Overall, the search interface makes browsing, searching, and blocking the sharing of specific files within shared folders difficult and tedious.

A final problem is that the dialog in the interface does not contain the complete list of folders KaZaA will share. It will also share any folders contained within those folders. While some users understand hierarchical file systems quite well, some novice users