1 / 67

Evil Interfaces: Violating the User

Evil Interfaces: Violating the User. Greg Conti gregory-conti@usma.edu United States Military Academy West Point, New York. In an Ideal World Interfaces. aid efficiency reduce task completion time reduce errors easy to learn and are satisfying to use.

river
Télécharger la présentation

Evil Interfaces: Violating the User

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Evil Interfaces:Violating the User Greg Conti gregory-conti@usma.edu United States Military Academy West Point, New York

  2. In an Ideal World Interfaces... • aid efficiency • reduce task completion time • reduce errors • easy to learn • and are satisfying to use http://smg.media.mit.edu/papers/images/ChatCircles/5_circles.gif http://en.wikipedia.org/wiki/Usability

  3. Evil Interfaces “Evil interfaces are deliberately malicious, often designed to mislead or trick, and act counter to the goals of the user in an adversarial relationship” http://www.allheadlinenews.com/articles/7009823469

  4. Not bad design... http://www.hampsterdance.com/classorig.html http://bestanimations.com/Humans/Skulls/Skulls5.html

  5. The Problem is Evolving... http://upload.wikimedia.org/wikipedia/en/1/1a/Pop-up_ads.jpg

  6. Motivators • Profit • Make sales • Register software • Advertising revenue • Protect IP • Brand recognition • including political candidates • Disclose Information • (Sick) Humor • Legal Your definition of “evil” may vary

  7. Attacker’s Problem • Users aren’t paying attention to advertisements. • “Generation MySpace is Getting Fed Up” • Banner Ad Blindness • Occurs on and off desktop • Attacker’s solution... Evil Interfaces http://www.useit.com/eyetracking/

  8. So What? • The problem is ubiquitous • Minimal countermeasures exist • This is a hard problem • Raising awareness increases resistance • Places most vulnerable user populations at risk

  9. Outline • A little background • Threat model and attacker motivations • Taxonomy • Measuring evil

  10. Threat Model • Attacker is often designer of interface • or Third-parties able to influence interface • sources of embedded content • ISPs • Assets: user’s time, attention, and money • Environment: Problem exists everywhere. Gas stations, casinos, grocery stores, software, hardware, the web.

  11. Taxonomy of Evil Usability • Attention • Attract • Avoid • Demand • Error Exploitation • Work • Deceive • Manipulating Navigation • Manipulating Controls

  12. Attract Attention

  13. Preattentive Processing • Orientation • Length • Width • Size • Shape • Curvature • Color • Spatial Positioning http://www.intelligententerprise.com/print_article.jhtml;jsessionid=XB1PNVUT0OMAOQSNDLOSKH0CJUNN2JVN?articleID=31400009

  14. Color

  15. Color

  16. Ads Inline With Content

  17. Crowding Out Content

  18. Autoplay Video & Audio • This is a limited time offer so act now • Forbes.com • contrast this with people who play music when you visit their site

  19. Motion(jitter) Demo

  20. Animation(hover ads)

  21. Multiple Animations

  22. Make it Egregious Demo

  23. Avoid Attention

  24. Subtle

  25. We don’t want you to read the policy

  26. Constrained Viewing of Content 10 Pages

  27. Demand Attention

  28. Random Updates

  29. Take a Survey(We Value Your Opinion)

  30. Advertisement Splash Screens(Interstitial)

  31. Insert Ad before playing

  32. Exploit Errors

  33. Mistyped Movie Name • What would you like to have happen? a. see a list of movies with similar names b. stare at a spiked animated blowfish

  34. Capture Errors “a type of slip where a more frequent and more practiced behavior takes place when a similar, but less familiar, action was intended. ” http://www.usabilityfirst.com/glossary/main.cgi?function=display_term&term_id=654

  35. Mistyped URL

  36. Misplaced Clicks

  37. Make the User Work

  38. Pay With Time

  39. Complete CAPTCHAs http://rs76.rapidshare.com

  40. Leave trash around From an iTunes update, you only had the option to install the update and Quick Time

  41. Bad Defaults / No unselect all

  42. Deceive

  43. Fake (Text) Hyperlinks

  44. Fake Forms

  45. Bait and Switch

  46. Make Advertisement Look Like Content

  47. Spoof YouTube Video Links http://www.betanews.com/article/Google_Talk_Opens_to_Other_IM_Services/1137530175

  48. Manipulate Navigation

  49. Rollover Minefield(pseudo-hyperlink)

  50. Rollover Minefield(checkboxes)

More Related