Pitkow/Kehoe 4

What surveys, other research, or quantitative or empirical data exist about consumers' perceptions, knowledge and expectations regarding (1) whether their personal information is being or should be collected by Web site operators and the extent of such collection; (2) the benefits and risks associated with the collection and subsequent use of this information; (3) appropriate uses of such information; and (4) whether certain categories of information should never be collected or disclosed to others?

Comment:

If users were given their choice, what information would they allow to be logged for each page requested over the WWW? Figure 3 shows that three out of four users agree that sites ought to be able to record the page that is requested (76.60%) and the time of the page request (74.42%). Under half (43.71%) feel that sites should collect the kind of browser they are using. The machine name/address (27.00%), the operating system the user operates (26.83%), the user's email address (21.03%), and the location of the user (19.70%) were all things that the majority of users felt should not be recorded. It is interesting to note that all of the above information except email and location can be reliably gathered for every page request for most users of the WWW. When asked about an identifier that would uniquely label users across sessions at a site, less than one out of every five users (19.08%) thought that this should be possible. Yet, identifiers in the form of "cookies" already exist and are widely supported by Web browsers.

There is definitely a gap between what people think is logged versus what they think ought to be logged for each page requested on the WWW. Figure 4 illustrates where these differences occur and to what extent. There is rough agreement and knowledge that the requested page and time of the request are logged. However, when it comes to the ability to uniquely identify users across sessions (difference 36.93%) and to record the machine name issuing the request (difference 49.38%), users differ greatly with in what they would want to be logged and what is common practice. The ability to record a user's email address (difference 37.37%) per page request also showed a great difference, but unlike the others, this is not possible in the straight-forward implementation of the HTTP 1.0 and 1.1 protocol. The fact that many users think their email address is being recorded reveals a common misconception amongst Web users, possibly attributable to Netscape’s earlier faulty implementations of Java and Javascript which did allow email addresses to be recorded.

The revealing of demographic information and the subsequent use of the information for direct marketing is currently an important issue on the Web. As seen in Figure 5, most respondents strongly agreed that they ought to have complete control over their demographic information (4.43). Less strong agreement was found for the statement that the collection of demographic information helps improve the marketing of sites (3.46). In order to gain an understanding of how the online medium differs from print, we asked users statements about each medium. While users tend not to like receiving mass postal mailings (a.k.a. junk-mail) (2.30), users were even more opposed to receiving mass emailing (1.69). Likewise, while users tend to disagree that magazines have the right to resell collected demographic information (2.07), they disagree even more so with respect to WWW sites reselling demographic information (1.76). This indicates a distinction between what is acceptable in each medium in the minds of users. The notion that people like to receive targeted marketing material, is not supported by the data, regardless of the medium. There is high agreement on these issues across strata of gender and age.