User Intent
From MgmtWiki
Full Title or Meme
User Intent implies free will exercised by a fully informed and competent user.
Context
- In the past User Intent was inferred from postings of Privacy Policy written in dense legalese supported by a Contract of Adhesion which was typically supplied as a Terms of Service which were typically invoked by references with a URL to more dense legalese. Some Web Sites realizing that they were on shaky legal ground began requiring users to page though a long PDF of the Terms of Service as proof that the users were fully informed. Everyone involved in that stratagem knew it as a sham, but continued it none-the-less.
- Meaning of intent: Intention purpose meaning (from the French)[1]
Problems
- A user who checks those boxes will have a hard time arguing later that they didn't understand what they were signing. -- Digital signatures – no proof of intent. http://www.pcworld.com/article/253523/how_to_make_sure_that_digital_signature_is_legit.html
- The human prover signals her intent to authenticate to a particular verify by acquiring the verifier’s QR code with her Pico device. https://books.google.com/books?id=TGUcBQAAQBAJ&pg=PA175&lpg=PA175&dq=prove+user+intent+computer&source=bl&ots=PJla77v1n1&sig=JGbBd9O8ydEsoacW50igG_VDp1Y&hl=en&sa=X&ved=0CCwQ6AEwAzgoahUKEwja2N6Iy77IAhXEOogKHZxAAZI#v=onepage&q=prove%20user%20intent%20computer&f=false
- Current practice is to try to infer user intent. http://www-ksl.stanford.edu/people/glass/GlassDissertation.pdf
- http://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=69&cad=rja&uact=8&ved=0CFUQFjAIODxqFQoTCKef6qLNvsgCFdBIiAodS2QBYQ&url=http%3A%2F%2Fdl.acm.org%2Fcitation.cfm%3Fid%3D1242739&usg=AFQjCNExvyQaXUTMc9wgINbxCBoc-GyDxw&sig2=BdgpttgU_0HAjxbh2vm2gA&bvm=bv.104819420,d.cGU
- User intent used to detect malware http://www.covert.io/research-papers/security/Gyrus%20-%20A%20Framework%20for%20User-Intent%20Monitoring%20of%20Text-Based%20Networked%20Applications.pdf
Solutions
- Remove SPC User Activation Requirement March 2023
To help developers reduce friction in SPC flows, we are removing the user activation requirement for authentication. Spam and clickjacking mitigations are put in place to ensure there’s no loss in security and privacy with this change.
References
- ↑ Walter W. Skeat, An Etymological Dictionary of the English Language. Oxford (1882)
Other Material
- See the wiki page Intentionality for a philosophic view.
- US Patent US 20110154505 A1 Unobtrusive assurance of authentic user intent (filed 2009-12-22)