Oksana Kulyk (ITU Copenhagen), Willard Rafnsson (IT University of Copenhagen), Ida Marie Borberg, Rene Hougard Pedersen

Cookies are widely acknowledged as a potential privacy issue, due to their prevalence and use for tracking users across the web. To address this issue, multiple regulations have been enacted which mandate informing users about data collection via. so-called cookie notices. Unfortunately, these notices have been shown to be ineffective; they are largely ignored, and are generally not understood by end-users. One main source of this ineffectiveness is the presence of dark patterns in notice designs, i.e. user interface design elements that nudge users into performing an action they may not otherwise do, e.g. consent to data collection.

In this paper, we investigate the mental models and behavior of users when confronted with dark patterns in cookie notices. We do this by performing a mixed-method study (on Danes in their late-20s) which integrates quantitative and qualitative insights. Our quantitative findings confirm that the design of a cookie notice does influence the decisions of users on whether or not to consent to data collection, as well as whether they recall seeing the notice at all. Our qualitative findings reveal that users do in fact recognize the presence of dark patterns in cookie notice designs, and that they are very uncomfortable with standard practices in data collection. However, they seldom take action to protect their privacy, being overall resigned due to decision fatigue. We conclude that website maintainers need to reconsider how they request consent lest they alienate their users, and that end-users need better solutions that alleviate their burden wrt. protecting their privacy whilst visiting websites that collect data.

View More Papers

Security When it is Welcome: Exploring Device Purchase as...

Simon Parkin (University College London); Elissa M. Redmiles (University of Maryland); Lynne Coventry (Northumbria University); M. Angela Sasse (Ruhr University Bochum and University College London)

Read More

Demo: A Simulator for Cooperative and Automated Driving Security

Mohammed Lamine Bouchouia (Telecom Paris - Institut Polytechnique de Paris), Jean-Philippe Monteuuis (Qualcomm), Houda Labiod (Telecom Paris - Institut Polytechnique de Paris), Ons Jelassi, Wafa Ben Jaballah (Thales) and Jonathan Petit (Telecom Paris - Institut Polytechnique de Paris)

Read More

Demo #8: Identifying Drones Based on Visual Tokens

Ben Nassi (Ben-Gurion University of the Negev), Elad Feldman (Ben-Gurion University of the Negev), Aviel Levy (Ben-Gurion University of the Negev), Yaron Pirutin (Ben-Gurion University of the Negev), Asaf Shabtai (Ben-Gurion University of the Negev), Ryusuke Masuoka (Fujitsu System Integration Laboratories) and Yuval Elovici (Ben-Gurion University of the Negev)

Read More

Uncovering Cross-Context Inconsistent Access Control Enforcement in Android

Hao Zhou (The Hong Kong Polytechnic University), Haoyu Wang (Beijing University of Posts and Telecommunications), Xiapu Luo (The Hong Kong Polytechnic University), Ting Chen (University of Electronic Science and Technology of China), Yajin Zhou (Zhejiang University), Ting Wang (Pennsylvania State University)

Read More