Oksana Kulyk (ITU Copenhagen), Willard Rafnsson (IT University of Copenhagen), Ida Marie Borberg, Rene Hougard Pedersen

Cookies are widely acknowledged as a potential privacy issue, due to their prevalence and use for tracking users across the web. To address this issue, multiple regulations have been enacted which mandate informing users about data collection via. so-called cookie notices. Unfortunately, these notices have been shown to be ineffective; they are largely ignored, and are generally not understood by end-users. One main source of this ineffectiveness is the presence of dark patterns in notice designs, i.e. user interface design elements that nudge users into performing an action they may not otherwise do, e.g. consent to data collection.

In this paper, we investigate the mental models and behavior of users when confronted with dark patterns in cookie notices. We do this by performing a mixed-method study (on Danes in their late-20s) which integrates quantitative and qualitative insights. Our quantitative findings confirm that the design of a cookie notice does influence the decisions of users on whether or not to consent to data collection, as well as whether they recall seeing the notice at all. Our qualitative findings reveal that users do in fact recognize the presence of dark patterns in cookie notice designs, and that they are very uncomfortable with standard practices in data collection. However, they seldom take action to protect their privacy, being overall resigned due to decision fatigue. We conclude that website maintainers need to reconsider how they request consent lest they alienate their users, and that end-users need better solutions that alleviate their burden wrt. protecting their privacy whilst visiting websites that collect data.

View More Papers

Shipping security at scale in the Chrome browser

Adriana Porter Felt (Director of Engineering for Chrome)

Read More

The Walls Have Ears: Gauging Security Awareness in a...

Gokul Jayakrishnan, Vijayanand Banahatti, Sachin Lodha (TCS Research Tata Consultancy Services Ltd.)

Read More

Context-Sensitive and Directional Concurrency Fuzzing for Data-Race Detection

Zu-Ming Jiang (Tsinghua University), Jia-Ju Bai (Tsinghua University), Kangjie Lu (University of Minnesota), Shi-Min Hu (Tsinghua University)

Read More

Cybercrime Investigators are Users Too! Understanding the Socio-Technical Challenges...

Mariam Nouh (University of Oxford); Jason R. C. Nurse (University of Kent); Helena Webb, Michael Goldsmith (University of Oxford)

Read More