Kazaa, which boasts millions of users performing more than 85 million downloads a day, is one of the most popular P-to-P applications available. But although users are well aware of its song and movie-swapping capabilities, a significant number of them do not realise that all the files on their computers are, potentially, up for grabs, the report said.
"Our research shows that people are sharing and downloading personal files from Kazaa and are capable of doing so with users oblivious to any private data being shared," wrote researcher Nathaniel Good, from Hewlett-Packard Laboratories' Information Dynamics Lab, and Aaron Krekelberg, from the University of Minnesota's Office of Information Technology.
Good and Krekelberg's report, which was posted on Hewlett-Packard's Web site Wednesday, describe how the design of Kazaa's user interface prompts unintentional sharing of users' private files.
"While facilitating file sharing and searching, the systems do a poor job of preventing users from sharing potentially personal files," the researchers said.
One of the main problems the researchers discovered with the interface is the way in which the application creates a default directory of files to be shared, which Kazaa calls the "download folder."
Many users do not realize that when they add files to the download folder, all the files in the directory, as well as the directories below it can be recursively shared.
The report also criticises the way the software searches for files to be shared, noting that it does not give criteria for discovering folders to be shared, such as searching only for media files.
Therefore, when it discovers a folder to be shared, "it presumes that users have a perfect knowledge of what kinds of files are contained in those folders and what will be shared," the researchers wrote.
These usability issues have led a significant number of users to swap personal files, without knowing it, the report states.
In a series of test, Good and Krekelberg sought to discover just how prevalent the swapping of private files was on the P-to-P network.
Over a 12-hour period, the researchers performed regular searches for Microsoft Outlook Express e-mail files, figuring that users did not intend to share personal e-mail messages on the Kazaa network.
Of 443 searches performed over the 12-hour period, 61% of the searches returned one or more hits for the e-mail files.
Additionally, other tests turned up word processing documents, Web browser caches and cookies and financial software files.
Dismayed with the results, the researchers wrote, "While Kazaa is not a security application ... it nonetheless shares similar responsibilities to its users."
Kazaa spokeswoman Kelly Larabe said Friday that the company was grateful for the report since it points out issues that need to be addressed.
"We feel strongly that they have done us a service," Larabe said, adding that Kazaa "will do everything it can do to improve and grow."
While the spokeswoman could not confirm that the researchers' suggestions would be incorporated into the next version of the Kazaa software, she did say that the company planned to post additional educational tips for users on its Web site within the next couple of days.