We present the results of a usability study of Doppelganger, a novel system for managing HTTP cookie policies in a web browser. Doppelganger's goal is to infer personalized, privacy-preserving cookie policies in a mostly automated fashion, interrupting the user only rarely and asking intuitive questions when it does so. Using eighteen subjects, our study compared Doppelganger to two existing browser policies: the Default, allow-all policy, and the Ask policy, which requires users to make cookie decisions manually. We asked subjects to represent the stated privacy preferences of a hypothetical person while they completed a script of common web browsing tasks. We measured traditional usability metrics, such as task completion rate, but unlike most previous cookie usability studies, we also evaluated privacy performance, measured by the number of sites whose cookies were accepted during the session. In terms of the privacy metric, we found that Doppelganger performed better than the fully-manual Ask policy and far better than the Default policy. Ease of use was in between the two. We discuss usability changes suggested by subjects' performance and direct comments as well as lessons we learned to make future usability studies of Doppelganger and other cookie management tools more effective.




Download Full History