Watch out for your inbox! The results of the McAfee SiteAdvisor Spam Quiz reveal that users are unable to distinguish between safe sites and sites that sent our robots spam. Last month McAfee SiteAdvisor issued a challenge to users: Can you spot Web sites that cause spam? Over 7,000 users have taken the quiz and the results are alarming. The decisions of the average quiz taker would have led to the receipt of over 1,000 e-mails per week.
If you haven't yet tested your spam detection skills, you may want to take the Spam Quiz now before reading on.
• The average score was 55%. The average quiz taker got 3 to 4 out of 8 questions wrong. The average user's decisions could lead to 1,000 e-mails per week. If the user got the 3 "worst" sites wrong, he could receive as much as 2,000 pieces of e-mail per week.
• 97% of quiz takes got at least one question wrong. Even just one e-mail submission to an unsafe site can cause an inbox to become inundated with spam. When we submitted our e-mail address to spammy e-card site funnyreign.com, for example, we received 1,075 e-mails per week as a result.
Business models and brand names
Users performed the worst on the online dating and credit card categories. Only 40% of quiz takers correctly selected plentyoffish.com rather than cupidjunction.com as the dating site that respects e-mail privacy. Some quiz takers were probably skeptical of plentyoffish.com's free membership. They may have tried to intuit the site's business model, perhaps concluding that the only way the site could make money was to sell customer e-mail addresses. But our inbox of only 1 e-mail per week supports their privacy policy statement that they do not share personal information with third parties.
The poor performance on the credit card question could have been due to the use of the word "Visa" in wiredplasticvisa.com. Users might have assumed that the use of the word Visa signaled that it was a safe site or sanctioned by the brand. Users' decisions may also have been impacted by the streamlined design of the wiredplasticvisa.com Web site. Surveys have found that the design of a Web site influences user behavior relating to privacy. Only 44% of quiz takers correctly selected creditcardmenu.com as the safe site in this category.
Do the homework
Users performed the best evaluating the games and scholarship sites. 68% of quiz takers correctly selected miniclip.com as the safe game site over bullseyesgames.com. Significantly, approximately twice as many quiz takers viewed the privacy policies for this question as compared to any other. While time consuming, reading a site's policies can help boost quiz performance and make for safer surfing.
68% of quiz takers correctly selected scholarshipexperts.com as the safe scholarship site. Users may have chosen scholarshipexperts.com because its homepage appears informational while freecollegescholarships.net's homepage promotes a drawing to win a free $10K scholarship, which users may have perceived as a vehicle to obtain e-mail addresses.
Who's to Blame?
The debate about personal responsibility and Web safety usually starts with "read the privacy policy" but the policies are often long and densely written with legal terminology. One study of privacy policy readability found that 54% of privacy policies require a reading comprehension level equivalent to more than 14 years of education and 13% require the equivalent of a postgraduate education. When PC World writer Narasu Rebbapragada took our spam quiz, she read the sites' privacy policies, but admits that she "couldn't always differentiate between language that allowed spam from the language that didn't." Most people don't bother to read them: surveys show that 50% of users never or rarely read privacy policies. In our quiz, approximately half of users clicked on our links to the sites' privacy policies. But who can blame users for not reading privacy policies if Web sites don't make them easy to understand? Even if privacy policies properly disclose that personally identifiable information might be shared with third parties, the impact is diminished by the fact that many people do not read them or can't understand them.
Our quiz informs users that aarons-jokes.com does not even have a privacy policy, but only 56% of users correctly selected ajokeaday.com as the safe jokes site. This may imply that some users don't pay much attention to the existence of a privacy policy on a site or they don't regard it as a useful means of evaluating a site's privacy practices.
What about other methods of delivering unsolicted commercial e-mail? More technically savvy users know to create complex e-mail addresses that are better protected against dictionary attacks. But is it reasonable to expect casual Web consumers to know this? Perhaps. What about screen scraping where an e-mail address is harvested after being posted to an unsecure Web site? Short of having access to the server and the skills to test it, consumers simply can't know which sites have taken the appropriate steps to secure themselves.
Time to Let Down Your Guard
Some users responded to this quiz by saying that they would never give out their e-mail address to any of these sites. That's one way to protect your inbox. But we'd like to point out that there are many sites where you can safely submit your e-mail address, so such restrained behavior is not necessary. Other users claim to always use throw-a-way e-mail addresses. That's another preventive measure. But having multiple temporary accounts can be tedious should users decide to check them, and if users never check them, they risk missing some e-mails that may have actually been of interest to them (e.g. relevant newsletters, daily horoscopes or matches from a dating site). Defensive e-mail behavior may be effective, but it would not be necessary if users knew ahead of time which sites will protect their e-mail addresses. With McAfee SiteAdvisor, users can see what happened to our inbox before they decide to submit their own e-mail addresses. We get spammed so they won't have to.
