1 / 22

Personalization

Personalization. Usually refers to e-commerce. Benefits. Searches (ex: amazon.com) Customized or localized for each user Using zip code, past purchases (amazon), interests Passive gathering of proper context Site (ex: amazon.com) Customized Accessibility

svea
Télécharger la présentation

Personalization

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Personalization • Usually refers to e-commerce

  2. Benefits • Searches (ex: amazon.com) • Customized or localized for each user • Using zip code, past purchases (amazon), interests • Passive gathering of proper context • Site (ex: amazon.com) • Customized Accessibility • Save time (remember form data, last viewed)

  3. Pit Falls • Too many options (see: open source software) • Passively gather preferences / trends • “Hide” uncommon options -- USER centered • Advanced users will find them • Obtrusive - surveys or extra questions • Large Visual customization - loss of “identity” • Web-Apps: training/support issues

  4. Hidden Option Example

  5. How? • Cookies • User Account info (requires login, etc.) • Web stats tracking “click stream” • Requires login-- hidden cookie system could… • Purchase History (requires account) • Group Users by Characteristics (movielens.org) • Other users who bought this also bought...

  6. A Few Uses • Integration into other environments • cell-phones, languages • Form-Letter: • Customized content based on user • Not just text, but items displayed, suggested etc • Preferences: “Themes”, feature control, etc. • Ratings: of things, others, OF YOU (achievements)

  7. Conversation Interface • “Proven” more effective • Interface is more similar to a chat room • User can ask questions / interact (≈ sales people) • Limited usage • Exceptionally difficult to make automated • Most “good” uses are chat-rooms with real sales people or “call back” phone sales people

  8. Trust • Gaining and Keeping Users’ Trust

  9. Right to Privacy • There is no right to privacy in the USA • Laws exist to limit the government • Laws exist to limit certain information in certain situations -- almost non-existent • Privacy Policies are same as a Contract • People are weary to give out information that might be harmful to them • Don’t assume users know what to guard

  10. Give Context • Provide a Privacy Policy • Post a Certification of Privacy (truste.org, bbbonline.org) • Given short policy hints at locations in question: • “Zip code is used to determine inventory in your area” • Security Note: Often users will break down with any silly justification-- “Credit Card # is just used to confirm your identity”

  11. Fostering Trust • Ask user to opt-in or opt-out of “services” • “I wish to subscribe to the newsletter” • “Allow 3rd parties to contact me about deals” • Provide useful information • “A Confirmation email will be sent” • “Standard shipping will take 3-5 days” • Order Status, Account Information

  12. US Government • 4th and 5th amendment protection is weak • Using 3rd or 4th parties, they control the rights to your information NOT YOU • There must be an expectation of control and of security in order for your rights to apply • You may be required to hand over data • You may not be allowed to disclose it happened • Foreign governments may request similar things

  13. Security • Privacy Threats

  14. Browsers • Fast Development (outside of MS IE) • New features = new bugs = new security threats • Javascript / DOM bugs lead to exploits • Specialized Browsers (for attacks or probing) • Cookies - program accessible file or in memory • OS security affects browser security • weakest link is browser

  15. Watch for • User Logins: • saving login info, don’t store the password in the cookie! • Time-out sessions (public terminals) • Don’t EVER display the users password to them • Provide the user the OPTION of “saving the login” • Visually displaying private info on the screen ••••• • Password Hints BAD (most users don’t use properly)

  16. HTTPS • EVERYTHING sent over the network is public • HTTPS encrypts client to server connection • slows server down (many e-commerce sites only use if for credit card numbers) • Client-Side javascript encryption is a JOKE • Cookies are NOT secure • Exception: server-side encrypted data stored in cookie

  17. BE PARANOID • Everything is out to get your user’s information • ONLY allow the minimum possible to complete the task • Heavily Analyze the your minimized “points of entry” • Script Libraries can have unknown bugs • Specific Browser checks can be justified to block/warn users with browsers known to be insecure

  18. Think of the Users • Don’t make users paranoid (that hurts you) • Don’t tell them you are correlating their behavior patterns with others to predict if they are a pedophile... • Be tactful • Don’t advertise every little detail (burry it in the privacy policy - like amazon.com) • Be informative: tell them how to verify the email you sent is not a scam-- ex: give a link + directions to pull up the information from your website.

  19. Spam • By law, an opt-out option has to be provided • Don’t irritate users by defaulting to an opt-out policy • Opt-In confirmation emails (verify they wanted to opt-in and include detailed opt-out at any time directions) • Users can FORGET if they did opt-in! • Use mass mailer or BCC addresses

  20. Passwords • 8+ alphanumeric long (could have symbols too) • Don’t allow password hints • Never let user see their password • Never let user change password without entering old password again • Put a delay (1-2 sec) during login • Javascript + Form to Aid in password creation / policy verification • Provide forgotten password procedure (never let them see password)

  21. Alternate Passwords • Electronic Keys • no browser integration • Images • people tend to click/draw the same areas of the image • Files • People don’t like uploading files • General Rule: has to take too long for a program to attack: 8 chars = 6,095,689,385,410,816

  22. Biggest Threat • Employees • Information must be secured internally • Don’t forget about former employees or consultants • Employers / Owners • Damaging information should be destroyed • Trusted 3rd party which does not show you the data • Ex: store hashed passwords

More Related