LAB 8: INFORMED CONSENT ONLINE

[pdf version]

GOALS

1. To apply a conceptual model and design principles for informed consent online to a particular set of online interactions.

2. To gain experience critiquing an existing information system with a set of well-defined criteria.

OVERVIEW

In this lab, you will work in groups of 2-3 to apply a conceptual model and design principles for informed consent online to the current implementation of cookies in two Web browsers, Netscape Navigator and Internet Explorer.

WHAT IS A COOKIE?

A cookie is a small text string (often no more than an ID number) that is sent by a Web server to a browser. The text is then stored by that browser, typically on the user’s hard drive, and sent back to a Web server at a later time. Web browsers first supported cookies in 1995. They were initially developed to provide a way for users to re-visit sites without having to identify themselves and their preferences each time. (See Millett, Friedman, & Felten, 2001.)

HOW TO PROCEED

1. Form a group with 2-3 people.

2. First get a sense for how cookies work. For fun, try this: Using Netscape Navigator, set the browser to ask you before accepting a cookie (i.e., select “Ask me before storing a cookie” in the Edit/Preferences dialog box.). Then, log into your myuw.washington.edu account. Try checking your email using WebPine. Don’t forget to logout when you are finished.

3. Using the conceptual model for informed consent online described in Friedman, Felten and Millet (2000), examine the implementation for cookies in the browser Netscape Navigator.

a. Preference Settings. Systematically examine the browser’s cookie preference settings. First locate the cookie preference settings. How easy are they to find? What range of settings is available? Are the options conveyed to the user in a way in which the user is likely to comprehend (criterion of comprehension)? How well do they settings provide the user with reasonable means to accept or decline cookies (criterion of agreement)?

b. Warning Messages. Now systematically examine the cookie “warning” message. If the cookie preferences are not set to query the user whenever a Web site wishes to set a cookie, change the preference setting to provide a warning message. Then visit a Web site that typically sets cookies. When the Web site wishes to set a cookie, what information does the Web site disclose to the user (criterion of disclosure)? Is this information disclosed to the user in a way that the user is likely to comprehend (criterion of comprehension)? Is the user given a reasonable means to accept or decline the cookie (criterion of agreement)?

4. Drawing on the design principles described in the paper and your own intuitions, describe how you would improve the design of cookies preferences, cookie warning messages and any other aspects related to cookies in Netscape Navigator.

5. Repeat step 2 with the browser Internet Explorer. As with your investigation of Netscape Navigator, systematically examine in terms of the criteria outlined in the conceptual model the preference settings Internet Explorer provides for cookies as well as the information provided to users in a cookie warning message.

6. Repeat step 3 with the browser Internet Explorer.

7. Write up the results of your examination as follows:

(i) Netscape Navigator. Discuss how well the browser does in terms of meeting each of the following criteria: disclosure, comprehension, and agreement. If you have something to say about the criteria of competence and voluntariness, include that as well. Then drawing on the design principles described in the paper and your own intuitions, suggest recommendations for improving how – from the perspective of informed consent online -- Netscape Navigator implements cookies.

(ii) Internet Explorer. Provide a comparable discussion about Internet Explorer including how well this browser meets the criteria for informed consent online and recommendations for improvements.

(iii) Now, in light of the fact that Netscape Navigator and Internet Explorer together dominate browser software, consider the criterion of voluntariness.

WHAT TO TURN IN AT THE BEGINNING OF LAB NEXT WEEK

You may email Nathan (nfreier@u.washington.edu) your write-up or turn in a hard copy. Write-ups may be done as a group or individually.

REFERENCES

Friedman, B., Felten, E., & Millett, L. (2000). Informed consent online: A conceptual model and design principles. UW-CSE Technical Report 00-12-2, University of Washington.

Friedman, B., Howe, D. C., and Felten, E. (2002). Informed Consent in the Mozilla Browser: Implementing Value-Sensitive Design. In Proceedings of the 35thThirty-fifth Annual Hawai'i International Conference on System Sciences. IEEE Press. Abstract, p. 247; CD-ROM of full paper, OSPE101. IEEE Computer Society: Los Alamitos, CA.

Millett, L., Friedman, B., & Felten, E. (2001). Cookies and Web browser design: Toward realizing informed consent online. CHI 2001 Proceedings of the Conference on Human Factors in Computer Systems. New York: Association for Computing Machinery. (Also available as UW-CSE Technical Report 00-12-3, University of Washington.)