Oksana Kulyk (ITU Copenhagen), Willard Rafnsson (IT University of Copenhagen), Ida Marie Borberg, Rene Hougard Pedersen

Cookies are widely acknowledged as a potential privacy issue, due to their prevalence and use for tracking users across the web. To address this issue, multiple regulations have been enacted which mandate informing users about data collection via. so-called cookie notices. Unfortunately, these notices have been shown to be ineffective; they are largely ignored, and are generally not understood by end-users. One main source of this ineffectiveness is the presence of dark patterns in notice designs, i.e. user interface design elements that nudge users into performing an action they may not otherwise do, e.g. consent to data collection.

In this paper, we investigate the mental models and behavior of users when confronted with dark patterns in cookie notices. We do this by performing a mixed-method study (on Danes in their late-20s) which integrates quantitative and qualitative insights. Our quantitative findings confirm that the design of a cookie notice does influence the decisions of users on whether or not to consent to data collection, as well as whether they recall seeing the notice at all. Our qualitative findings reveal that users do in fact recognize the presence of dark patterns in cookie notice designs, and that they are very uncomfortable with standard practices in data collection. However, they seldom take action to protect their privacy, being overall resigned due to decision fatigue. We conclude that website maintainers need to reconsider how they request consent lest they alienate their users, and that end-users need better solutions that alleviate their burden wrt. protecting their privacy whilst visiting websites that collect data.

View More Papers

PickMail: A Serious Game for Email Phishing Awareness Training

Gokul CJ (TCS Research, Tata Consultancy Services Ltd., Pune), Vijayanand Banahatti (TCS Research, Tata Consultancy Services Ltd., Pune), Sachin Lodha (TCS Research, Tata Consultancy Services Ltd., Pune)

Read More

Let’s Authenticate: Automated Certificates for User Authentication

James Conners (Brigham Young University), Corey Devenport (Brigham Young University), Stephen Derbidge (Brigham Young University), Natalie Farnsworth (Brigham Young University), Kyler Gates (Brigham Young University), Stephen Lambert (Brigham Young University), Christopher McClain (Brigham Young University), Parker Nichols (Brigham Young University), Daniel Zappala (Brigham Young University)

Read More

RVPLAYER: Robotic Vehicle Forensics by Replay with What-if Reasoning

Hongjun Choi (Purdue University), Zhiyuan Cheng (Purdue University), Xiangyu Zhang (Purdue University)

Read More