- From: Maritza Johnson <maritzaj@cs.columbia.edu>
- Date: Mon, 22 Jan 2007 12:23:58 -0500
- To: W3 Work Group <public-wsc-wg@w3.org>
- Message-Id: <BC658EBA-8F64-4E98-8B62-42F1AD4EA2FF@cs.columbia.edu>
Hello all, I've noticed when talking about use cases we're sometimes inclined to leave out the case of a user conducting personal/sensitive transactions on a public terminal. Most say we don't need to include the case of users on a shared/public machine because people don't carry out sensitive transactions on them ( and it hasn't been from just one person, I've heard it from a number of people in the past few months). As security minded people we know not to do this, but I really don't think this is common knowledge. I'd like to argue that the average user does not see a difference between the internet as they access it on their personal machine, and the internet as they access it from a shared machine. I haven't seen any data which supports either side, I'm making this claim completely based on my own observations. Has anyone seen any work that has explored this question? If not, I think it'd be interesting to add it to the user study for getting a better idea of the average user. Questions to add might be: - Would you carry out this transaction at an Internet cafe? Why/Why not? - Choose the answer that fits: If you checked your bank statement at an internet cafe you would A) Close the window afterward using the X ( might not actually end the session) B) Close the browser from the menu C) Log out on the bank's web page then close the browser when finished D) I wouldn't do this - Maritza http://www.cs.columbia.edu/~maritzaj/
Received on Monday, 22 January 2007 17:24:19 UTC