[en] AbstractThere has been a burst of discussions about how to characterize and recognize online dark patterns — i.e., web design strategies that aim to steer user choices towards what favours service providers or third parties like advertisers rather than what is in the best interest of users. Dark patterns are common in cookie banners where they are used to influence users to accept being tracked for more purposes than a data protection by default principle would dictate. Despite all the discussions, an objective, transparent, and verifiable assessment of dark patterns’ qualities is still missing. We contribute to bridging this gap by studying several cookie processes, in particular their multi-layered information flow —that we represent as message sequence charts—, and by identifying a list of observable and measurable features that we believe can help describing the presence of dark patterns in digital consent flows. We propose thirty one of such properties that can be operationalised into metrics and therefore into objective procedures for the detection of dark patterns.
Centre de recherche :
Interdisciplinary Centre for Security, Reliability and Trust (SnT) > IRiSC - Socio-Technical Cybersecurity
Disciplines :
Sciences informatiques
Auteur, co-auteur :
KOCYIGIT, Emre ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > IRiSC
ROSSI, Arianna ; Sant'Anna School of Advanced Studies > LIDER Lab
LENZINI, Gabriele ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > IRiSC
Co-auteurs externes :
no
Langue du document :
Anglais
Titre :
Towards Assessing Features of Dark Patterns in Cookie Consent Processes
Date de publication/diffusion :
01 juin 2023
Titre de l'ouvrage principal :
IFIP Advances in Information and Communication Technology
Deceptive design-user interfaces crafted to trick you. https://www.deceptive. design/
Bollinger, D., Kubicek, K., Cotrini, C., Basin, D.: Automating cookie consent and gdpr violation detection. In: 31st USENIX Security Symposium (USENIX Security 22). USENIX Association (2022)
Brignull, H.: Dark patterns: dirty tricks designers use to make people do stuff. Retrieved Sept 29 2019 (2010)
Géron, A.: Hands-on machine learning with Scikit-Learn, Keras, and TensorFlow. “O’Reilly Media, Inc.” (2022)
Gray, C.M., Kou, Y., Battles, B., Hoggatt, J., Toombs, A.L.: The dark (patterns) side of ux design. In: Proceedings of the 2018 CHI conference on human factors in computing systems. pp. 1–14 (2018)
Gray, C.M., Santos, C., Bielova, N., Toth, M., Clifford, D.: Dark patterns and the legal requirements of consent banners: An interaction criticism perspective. In: Proceedings of the 2021 CHI Conference on Human Factors in Computing Systems. pp. 1–18 (2021)
Hausner, P., Gertz, M.: Dark patterns in the interaction with cookie banners. arXiv preprint arXiv:2103.14956 (2021)
Krisam, C., Dietmann, H., Volkamer, M., Kulyk, O.: Dark patterns in the wild: Review of cookie disclaimer designs on top 500 german websites. In: European Symposium on Usable Security 2021, pp. 1–8 (2021)
Luguri, J., Strahilevitz, L.J.: Shining a light on dark patterns. Journal of Legal Analysis 13(1), 43–109 (2021)
Lupiáñez-Villanueva, F., Boluda, A., Bogliacino, F., Liva, G., Lechardoy, L., de las Heras Ballell, T.R.: Behavioural study on unfair commercial practices in the digital environment: dark patterns and manipulative personalisation. European Commission, Directorate-General for Justice and Consumers, final report. May (2022)
Mathur, A., et al.: Dark patterns at scale: Findings from a crawl of 11k shopping websites. In: Proceedings of the ACM on Human-Computer Interaction 3(CSCW), pp. 1–32 (2019)
Mathur, A., Kshirsagar, M., Mayer, J.: What makes a dark pattern… dark? design attributes, normative considerations, and measurement methods. In: Proceedings of the 2021 CHI Conference on Human Factors in Systems, pp. 1–18 (2021)
Matte, C., Bielova, N., Santos, C.: Do cookie banners respect my choice?: Measuring legal compliance of banners from iab europe’s transparency and consent framework. In: 2020 IEEE Symposium on Security and Privacy (SP), pp. 791–809. IEEE (2020)
Narayanan, A., Mathur, A., Chetty, M., Kshirsagar, M.: Dark patterns: past, present, and future: the evolution of tricky user interfaces. Queue 18(2), 67–92 (2020)
Nouwens, M., Liccardi, I., Veale, M., Karger, D., Kagal, L.: Dark patterns after the gdpr: Scraping consent pop-ups and demonstrating their influence. In: Proceedings of the 2020 CHI Conference on Human Factors in Computing Systems, pp. 1–13 (2020)
Soe, T.H., Nordberg, O.E., Guribye, F., Slavkovik, M.: Circumvention by design-dark patterns in cookie consent for online news outlets. In: Proceedings of the 11th Nordic Conference on Human-Computer Interaction: Shaping Experiences, Shaping Society, pp. 1–12 (2020)
Soe, T.H., Santos, C.T., Slavkovik, M.: Automated detection of dark patterns in cookie banners: how to do it poorly and why it is hard to do it any other way. arXiv preprint arXiv:2204.11836 (2022)
