CookieEnforcer: Automated Cookie Notice Analysis and Enforcement

04/08/2022
by   Rishabh Khandelwal, et al.
0

Online websites use cookie notices to elicit consent from the users, as required by recent privacy regulations like the GDPR and the CCPA. Prior work has shown that these notices use dark patterns to manipulate users into making website-friendly choices which put users' privacy at risk. In this work, we develop CookieEnforcer, a new system for automatically discovering cookie notices and deciding on the options that result in disabling all non-essential cookies. In order to achieve this, we first build an automatic cookie notice detector that utilizes the rendering pattern of the HTML elements to identify the cookie notices. Next, CookieEnforcer analyzes the cookie notices and predicts the set of actions required to disable all unnecessary cookies. This is done by modeling the problem as a sequence-to-sequence task, where the input is a machine-readable cookie notice and the output is the set of clicks to make. We demonstrate the efficacy of CookieEnforcer via an end-to-end accuracy evaluation, showing that it can generate the required steps in 91 cases. Via a user study, we show that CookieEnforcer can significantly reduce the user effort. Finally, we use our system to perform several measurements on the top 5k websites from the Tranco list (as accessed from the US and the UK), drawing comparisons and observations at scale.

READ FULL TEXT

page 6

page 7

page 13

page 15

page 18

page 19

research
07/16/2019

Dark Patterns at Scale: Findings from a Crawl of 11K Shopping Websites

Dark patterns are user interface design choices that benefit an online s...
research
08/16/2023

Invisible, Unreadable, and Inaudible Cookie Notices: An Evaluation of Cookie Notices for Users with Visual Impairments

This paper investigates the accessibility of cookie notices on websites ...
research
06/21/2022

The Impact of Visibility on the Right to Opt-out of Sale under CCPA

The California Consumer Protection Act (CCPA) gives users the right to o...
research
02/17/2021

User Tracking in the Post-cookie Era: How Websites Bypass GDPR Consent to Track Users

During the past few years, mostly as a result of the GDPR and the CCPA, ...
research
04/12/2021

Accept All: The Landscape of Cookie Banners in Greece and the UK

Cookie banners are devices implemented by websites to allow users to man...
research
09/02/2023

Are Current CCPA Compliant Banners Conveying User's Desired Opt-Out Decisions? An Empirical Study of Cookie Consent Banners

The California Consumer Privacy Act (CCPA) secures the right to Opt-Out ...
research
05/01/2018

How to end password reuse on the web

We present a framework by which websites can coordinate to make it diffi...

Please sign up or login with your details

Forgot password? Click here to reset