A Concept and Evaluation of Usable and Fine-Grained Privacy-Friendly Cookie Settings Interface

As cookies are commonly used on websites, they can constitute a significant threat to user’s privacy by tracking surfing behaviour. The browsers provide a variety of options for cookie settings, thereby potentially enabling the user to execute some control over the extent of being tracked. However, studies show that the interfaces for these settings are often deemed too confusing or complex for lay users, often failing to provide necessary explanations, and therefore preventing the users from properly using these setting interfaces to protect themselves against tracking. In this paper, we present a concept for a privacy-friendly cookie setting interface that is meant to support the user in configuring their cookie settings. The setting interface in our concept (1) uses an assistant to guide the user towards their preferred cookie settings via a series of questions; and (2) enables the user to set their cookie settings manually, providing explanations for each of the options available to the user, including the potential advantages and disadvantages of each option. To gauge the viability of the proposal, the concept has been implemented as a Chrome extension and evaluated in a user study with 21 participants. The results have shown, that the extension is well received by the participants and provides better usability than the standard cookie settings interface in Chrome

(Un)informed Consent: Studying GDPR Consent Notices in the Field

Since the adoption of the General Data Protection Regulation (GDPR) in May 2018 more than 60 % of popular websites in Europe display cookie consent notices to their visitors. This has quickly led to users becoming fatigued with privacy notifications and contributed to the rise of both browser extensions that block these banners and demands for a solution that bundles consent across multiple websites or in the browser. In this work, we identify common properties of the graphical user interface of consent notices and conduct three experiments with more than 80,000 unique users on a German website to investigate the influence of notice position, type of choice, and content framing on consent. We find that users are more likely to interact with a notice shown in the lower (left) part of the screen. Given a binary choice, more users are willing to accept tracking compared to mechanisms that require them to allow cookie use for each category or company individually. We also show that the wide-spread practice of nudging has a large effect on the choices users make. Our experiments show that seemingly small implementation decisions can substantially impact whether and how people interact with consent notices. Our findings demonstrate the importance for regulation to not just require consent, but also provide clear requirements or guidance for how this consent has to be obtained in order to ensure that users can make free and informed choices.Comment: 18 pages, 6 figures, 2019 ACM SIGSAC Conference on Computer and Communications Security (CCS '19), November 11-15, 2019, London, United Kingdo