1. bookVolume 2021 (2021): Issue 4 (October 2021)
Journal Details
License
Format
Journal
First Published
16 Apr 2015
Publication timeframe
4 times per year
Languages
English
access type Open Access

Privacy Preference Signals: Past, Present and Future

Published Online: 23 Jul 2021
Page range: 249 - 269
Received: 28 Feb 2021
Accepted: 16 Jun 2021
Journal Details
License
Format
Journal
First Published
16 Apr 2015
Publication timeframe
4 times per year
Languages
English
Abstract

Privacy preference signals are digital representations of how users want their personal data to be processed. Such signals must be adopted by both the sender (users) and intended recipients (data processors). Adoption represents a coordination problem that remains unsolved despite efforts dating back to the 1990s. Browsers implemented standards like the Platform for Privacy Preferences (P3P) and Do Not Track (DNT), but vendors profiting from personal data faced few incentives to receive and respect the expressed wishes of data subjects. In the wake of recent privacy laws, a coalition of AdTech firms published the Transparency and Consent Framework (TCF), which defines an optin consent signal. This paper integrates post-GDPR developments into the wider history of privacy preference signals. Our main contribution is a high-frequency longitudinal study describing how TCF signal gained dominance as of February 2021. We explore which factors correlate with adoption at the website level. Both the number of third parties on a website and the presence of Google Ads are associated with higher adoption of TCF. Further, we show that vendors acted as early adopters of TCF 2.0 and provide two case-studies describing how Consent Management Providers shifted existing customers to TCF 2.0. We sketch ways forward for a pro-privacy signal.

Keywords

[1] Pedro Giovanni Leon, Lorrie Faith Cranor, Aleecia M Mc-Donald, and Robert McGuire. Token attempt: The misrepresentation of website privacy policies through the misuse of P3P compact policy tokens. In ACM Workshop on Privacy in the Electronic Society, pages 93–104, 2010. Search in Google Scholar

[2] Electronic Privacy Information Center and Junkbusters. Pretty Poor Privacy: An Assessment of P3P and Internet Privacy. https://epic.org/reports/prettypoorprivacy.html, 2000. Search in Google Scholar

[3] Tracking Protection Working Group. WG closed. https://github.com/w3c/dnt/commit/5d85d6c, 2019. Search in Google Scholar

[4] Interactive Advertising Bureau. “Do Not Track” set to “On” by Default in Internet Explorer 10—IAB Response. https://www.iab.com/news/do-not-track-set-to-on-by-default-in-internet-explorer-10iab-response/, 2012. Search in Google Scholar

[5] Pam Dixon. The Network Advertising Initiative: Failing at Consumer Protection and at Self-Regulation. World Privacy Forum, 2007. http://www.worldprivacyforum.org/wp-content/uploads/2007/11/WPF_NAI_report_Nov2_2007fs.pdf. Search in Google Scholar

[6] Martha K. Landesberg, Toby Milgrom Levin, Caroline G. Curtin, and Ori Lev. Privacy online: A Report to Congress. US Federal Trade Commission, 1998. Search in Google Scholar

[7] Christine Utz, Martin Degeling, Sascha Fahl, Florian Schaub, and Thorsten Holz. (Un)informed Consent: Studying GDPR Consent Notices in the Field. In Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, CCS ’19, pages 973–990. ACM, 2019. Search in Google Scholar

[8] Célestin Matte, Nataliia Bielova, and Cristiana Santos. Do Cookie Banners Respect my Choice? Measuring Legal Compliance of Banners from IAB Europe’s Transparency and Consent Framework. In IEEE Symposium on Security and Privacy, pages 791–809. IEEE, 2020. Search in Google Scholar

[9] Midas Nouwens, Ilaria Liccardi, Michael Veale, David Karger, and Lalana Kagal. Dark Patterns after the GDPR: Scraping Consent Pop-Ups and Demonstrating Their Influence. In Proceedings of the 2020 CHI Conference on Human Factors in Computing Systems, CHI ’20. ACM, 2020. Search in Google Scholar

[10] Dominique Machuletz and Rainer Böhme. Multiple Purposes, Multiple Problems: A User Study of Consent Dialogs after GDPR. Proceedings on Privacy Enhancing Technologies, (2):481–498, 2020. Search in Google Scholar

[11] Hana Habib, Sarah Pearman, Jiamin Wang, Yixin Zou, Alessandro Acquisti, Lorrie Faith Cranor, Norman Sadeh, and Florian Schaub. "It’s a Scavenger Hunt": Usability of Websites’ Opt-Out and Data Deletion Choices. In Proceedings of the 2020 CHI Conference on Human Factors in Computing Systems, CHI ’20. ACM, 2020. Search in Google Scholar

[12] Sean O’Connor, Ryan Nurwono, and Eleanor Birrell. (Un)clear and (In)conspicuous: The right to opt-out of sale under CCPA, 2020. Search in Google Scholar

[13] Maximilian Hils, Daniel W Woods, and Rainer Böhme. Measuring the Emergence of Consent Management on the Web. In Proceedings of the Internet Measurement Conference 2020, IMC ’20. ACM, 2020. Search in Google Scholar

[14] Daniel W Woods and Rainer Böhme. The commodification of consent. In 20th Annual Workshop on the Economics of Information Security, WEIS, 2020. Search in Google Scholar

[15] Gunes Acar, Christian Eubank, Steven Englehardt, Marc Juarez, Arvind Narayanan, and Claudia Diaz. The Web Never Forgets: Persistent Tracking Mechanisms in the Wild. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, CCS ’14, pages 674–689. ACM, 2014. Search in Google Scholar

[16] Steven Englehardt, Dillon Reisman, Christian Eubank, Peter Zimmerman, Jonathan Mayer, Arvind Narayanan, and Edward W. Felten. Cookies That Give You Away: The Surveil-lance Implications of Web Tracking. In Proceedings of the 24th International Conference on World Wide Web, WWW ’15, pages 289–299, Republic and Canton of Geneva, CHE, 2015. International World Wide Web Conferences Steering Committee. Search in Google Scholar

[17] Steven Englehardt and Arvind Narayanan. Online Tracking: A 1-Million-Site Measurement and Analysis. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, CCS ’16, pages 1388–1401. ACM, 2016. Search in Google Scholar

[18] Pierre Laperdrix, Nataliia Bielova, Benoit Baudry, and Gildas Avoine. Browser Fingerprinting: A Survey. ACM Trans. Web, 14(2), April 2020. Search in Google Scholar

[19] T. Bujlow, V. Carela-Español, J. Solé-Pareta, and P. Barlet-Ros. A Survey on Web Tracking: Mechanisms, Implications, and Defenses. Proceedings of the IEEE, 105(8):1476–1510, 2017. Search in Google Scholar

[20] Simon Byers, Lorrie Faith Cranor, and David Kormann. Automated analysis of P3P-enabled web sites. In Proceedings of the 5th International Conference on Electronic Commerce, pages 326–338, 2003. Search in Google Scholar

[21] Patricia Beatty, Ian Reay, Scott Dick, and James Miller. P3P adoption on e-commerce web sites: a survey and analysis. IEEE Internet Computing, 11(2):65–71, 2007. Search in Google Scholar

[22] Ian Reay, Patricia Beatty, Scott Dick, and James Miller. Privacy policies and national culture on the internet. Information Systems Frontiers, 15(2):279–292, 2013. Search in Google Scholar

[23] Riva Richmond. A loophole big enough for a cookie to fit through. New York Times, 2010. https://nyti.ms/2mDvTBQ. Search in Google Scholar

[24] Lorrie Faith Cranor, Manjula Arjula, and Praveen Guduru. Use of a P3P user agent by early adopters. In Proceedings of the 2002 ACM Workshop on Privacy in the Electronic Society, pages 1–10, 2002. Search in Google Scholar

[25] World Wide Web Consortium. Tracking Protection Working Group. https://www.w3.org/2011/tracking-protection/, 2011. Search in Google Scholar

[26] Julia Angwin. Microsoft’s “Do Not Track” Move Angers Advertising Industry. https://www.wsj.com/articles/BLDGB-24506, 2012. Search in Google Scholar

[27] Chrome Blog. Longer battery life and easier website permissions. https://chrome.googleblog.com/2012/11/longer-battery-life-and-easier-website.html, 2012. Search in Google Scholar

[28] Future of Privacy Forum. Companies that have implemented Do Not Track. https://allaboutdnt.com/companies/, 2020. Search in Google Scholar

[29] Alex Fowler. Mozilla’s new Do Not Track dashboard: Firefox users continue to seek out and enable DNT. https://blog.mozilla.org/netpolicy/2013/05/03/mozillasnew-do-not-track-dashboard-firefox-users-continue-to-seek-out-and-enable-dnt/, 2013. Search in Google Scholar

[30] Robin Berjon, Sebastian Zimmeck, Ashkan Soltani, David Harbage, and Peter Synder. Global Privacy Control (GPC) Unofficial Draft 15 October 2020. https://globalprivacycontrol.github.io/gpc-spec/, 2020. Search in Google Scholar

[31] IAB Europe. What is the Transparency and Consent Framework (TCF)? https://iabeurope.eu/transparency-consent-framework/, 2020. Search in Google Scholar

[32] J. R. Mayer and J. C. Mitchell. Third-party web tracking: Policy and technology. In 2012 IEEE Symposium on Security and Privacy, pages 413–427. IEEE, 2012. Search in Google Scholar

[33] Balachander Krishnamurthy and Craig E Wills. On the leakage of personally identifiable information via online social networks. In Proceedings of the 2nd ACM workshop on online social networks, pages 7–12, 2009. Search in Google Scholar

[34] Gunes Acar, Steven Englehardt, and Arvind Narayanan. No boundaries: data exfiltration by third parties embedded on web pages. Proceedings on Privacy Enhancing Technologies, 2020(4):220 – 238, 2020. Search in Google Scholar

[35] Shehroze Farooqi, Maaz Musa, Zubair Shafiq, and Fareed Zaffar. Canarytrap: Detecting data misuse by third-party apps on online social networks. Proceedings on Privacy Enhancing Technologies, 2020(4):336 – 354, 2020. Search in Google Scholar

[36] Irwin Reyes, Primal Wijesekera, Joel Reardon, Amit Elazari Bar On, Abbas Razaghpanah, Narseo Vallina-Rodriguez, and Serge Egelman. “Won’t Somebody Think of the Children?” Examining COPPA Compliance at Scale. Proceedings on Privacy Enhancing Technologies, 2018(3):63 – 83, 2018. Search in Google Scholar

[37] Hamza Saleem and Muhammad Naveed. SoK: Anatomy of Data Breaches. Proceedings on Privacy Enhancing Technologies, 2020(4):153 – 174, 2020. Search in Google Scholar

[38] Sébastien Henri, Gines Garcia-Aviles, Pablo Serrano, Albert Banchs, and Patrick Thiran. Protecting against Website Fingerprinting with Multihoming. Proceedings on Privacy Enhancing Technologies, 2020(2):89 – 110, 01 Apr. 2020. Search in Google Scholar

[39] Miti Mazmudar and Ian Goldberg. Mitigator: Privacy policy compliance using trusted hardware. Proceedings on Privacy Enhancing Technologies, 2020(3):204 – 221, 2020. Search in Google Scholar

[40] Martino Trevisan, Stefano Traverso, Eleonora Bassi, and Marco Mellia. 4 Years of EU Cookie Law: Results and Lessons Learned. Proceedings on Privacy Enhancing Technologies, 2019(2):126 – 145, 2019. Search in Google Scholar

[41] Daniel W. Woods and Rainer Böhme. SoK: Quantifying cyber risk. In IEEE Symposium on Security and Privacy, May 2021. Search in Google Scholar

[42] Laura Shipp and Jorge Blasco. How private is your period?: A systematic analysis of menstrual app privacy policies. Proceedings on Privacy Enhancing Technologies, 2020(4):491 – 510, 2020. Search in Google Scholar

[43] Ryan Amos, Gunes Acar, Elena Lucherini, Mihir Kshirsagar, Arvind Narayanan, and Jonathan Mayer. Privacy Policies over Time: Curation and Analysis of a Million-Document Dataset. arXiv preprint arXiv:2008.09159, 2020. Search in Google Scholar

[44] Martin Degeling, Christine Utz, Christopher Lentzsch, Henry Hosseini, Florian Schaub, and Thorsten Holz. We Value Your Privacy ... Now Take Some Cookies: Measuring the GDPR’s Impact on Web Privacy. In 26th Annual Network and Distributed System Security Symposium, NDSS ’19. The Internet Society, 2019. Search in Google Scholar

[45] Thomas Linden, Rishabh Khandelwal, Hamza Harkous, and Kassem Fawaz. The Privacy Policy Landscape After the GDPR. Proceedings on Privacy Enhancing Technologies, 2020(1):47 – 64, 01 Jan. 2020. Search in Google Scholar

[46] Judith S Olson, Jonathan Grudin, and Eric Horvitz. A study of preferences for sharing and privacy. In CHI’05 extended abstracts on Human factors in Computing Systems, pages 1985–1988, 2005. Search in Google Scholar

[47] Mark S Ackerman, Lorrie Faith Cranor, and Joseph Reagle. Privacy in e-commerce: examining user scenarios and privacy preferences. In Proceedings of the 1st ACM Conference on Electronic commerce, pages 1–8, 1999. Search in Google Scholar

[48] Ben Weinshel, Miranda Wei, Mainack Mondal, Euirim Choi, Shawn Shan, Claire Dolin, Michelle L. Mazurek, and Blase Ur. Oh, the Places You’ve Been! User Reactions to Longitudinal Transparency About Third-Party Web Tracking and Inferencing. In Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, CCS ’19, pages 149–166. ACM, 2019. Search in Google Scholar

[49] Sarah Spiekermann, Jens Grossklags, and Bettina Berendt. E-Privacy in 2nd Generation E-Commerce: Privacy Preferences versus Actual Behavior. In Proceedings of the 3rd ACM Conference on Electronic Commerce, EC ’01, pages 38–47. ACM, 2001. Search in Google Scholar

[50] Susanne Barth and Menno DT De Jong. The privacy paradox – Investigating discrepancies between expressed privacy concerns and actual online behavior – A systematic literature review. Telematics and informatics, 34(7):1038–1058, 2017. Search in Google Scholar

[51] Nina Gerber, Paul Gerber, and Melanie Volkamer. Explaining the privacy paradox: A systematic review of literature investigating privacy attitude and behavior. Computers & Security, 77:226–261, 2018. Search in Google Scholar

[52] Lorrie Faith Cranor. P3P: Making privacy policies more useful. IEEE Security & Privacy, 1(6):50–55, 2003. Search in Google Scholar

[53] Rakesh Agrawal, Jerry Kiernan, Ramakrishnan Srikant, and Yirong Xu. XPref: a preference language for P3P. Computer Networks, 48(5):809 – 827, 2005. Web Security. Search in Google Scholar

[54] Johnson Iyilade and Julita Vassileva. P2U: a privacy policy specification language for secondary data sharing and usage. In 2014 IEEE Security and Privacy Workshops, pages 18–22. IEEE, 2014. Search in Google Scholar

[55] Jean Yang, Kuat Yessenov, and Armando Solar-Lezama. A language for automatically enforcing privacy policies. ACM SIGPLAN Notices, 47(1):85–96, 2012. Search in Google Scholar

[56] Monir Azraoui, Kaoutar Elkhiyaoui, Melek Önen, Karin Bernsmed, Anderson Santana De Oliveira, and Jakub Sendor. A-PPL: An Accountability Policy Language. In Data Privacy Management, Autonomous Spontaneous Security, and Security Assurance, pages 319–326, Cham, 2015. Springer. Search in Google Scholar

[57] Lalana Kagal, Chris Hanson, and Daniel Weitzner. Using dependency tracking to provide explanations for policy management. In 2008 IEEE Workshop on Policies for Distributed Systems and Networks, pages 54–61. IEEE, 2008. Search in Google Scholar

[58] Ponnurangam Kumaraguru, Lorrie Cranor, Jorge Lobo, and Seraphin Calo. A survey of privacy policy languages. In Workshop on Usable IT Security Management (USM 07): Proceedings of the 3rd Symposium on Usable Privacy and Security, ACM, 2007. Search in Google Scholar

[59] Jun Zhao, Reuben Binns, Max Van Kleek, and Nigel Shad-bolt. Privacy languages: Are we there yet to enable user controls? In Proceedings of the 25th International Conference Companion on World Wide Web, WWW ’16 Companion, pages 799–806. International World Wide Web Conferences Steering Committee, 2016. Search in Google Scholar

[60] Saffija Kasem-Madani and Michael Meier. Security and privacy policy languages: A survey, categorization and gap identification. CoRR, abs/1512.00201, 2015. Search in Google Scholar

[61] Victor Morel and Raúl Pardo. SoK: Three facets of privacy policies. In WPES’20: Proceedings of the 19th Workshop on Privacy in the Electronic Society, Virtual Event, USA, November 9, 2020, pages 41–56. ACM, 2020. Search in Google Scholar

[62] Lorrie Faith Cranor, Serge Egelman, Steve Sheng, Aleecia M McDonald, and Abdur Chowdhury. P3P deployment on websites. Electronic Commerce Research and Applications, 7(3):274–293, 2008. Search in Google Scholar

[63] Ian Reay, Scott Dick, and James Miller. An analysis of privacy signals on the World Wide Web: Past, present and future. Inf. Sci., 179(8):1102–1115, 2009. Search in Google Scholar

[64] Célestin Matte, Cristiana Santos, and Nataliia Bielova. Purposes in IAB Europe’s TCF: which legal basis and how are they used by advertisers? In Annual Privacy Forum, 2020. Search in Google Scholar

[65] Yee-Lin Lai and Kai-Lung Hui. Internet opt-in and optout: Investigating the roles of frames, defaults and privacy concerns. In Proceedings of the 2006 ACM SIGMIS CPR Conference on Computer Personnel Research, SIGMIS CPR ’06, pages 253–263. ACM, 2006. Search in Google Scholar

[66] Rainer Böhme and Stefan Köpsell. Trained to accept? A field experiment on consent dialogs. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, CHI ’10, pages 2403–2406. ACM, 2010. Search in Google Scholar

[67] Idris Adjerid, Alessandro Acquisti, Laura Brandimarte, and George Loewenstein. Sleights of privacy: Framing, disclosures, and the limits of transparency. In Proceedings of the Ninth Symposium on Usable Privacy and Security, SOUPS ’13. ACM, 2013. Search in Google Scholar

[68] Barry M Leiner, Vinton G Cerf, David D Clark, Robert E Kahn, Leonard Kleinrock, Daniel C Lynch, Jon Postel, Larry G Roberts, and Stephen Wolff. A brief history of the internet. ACM SIGCOMM Computer Communication Review, 39(5):22–31, 2009. Search in Google Scholar

[69] Mehdi Nikkhah, Aman Mangal, Constantine Dovrolis, and Roch Guérin. A statistical exploration of protocol adoption. IEEE/ACM Transactions on Networking, 25(5):2858–2871, 2017. Search in Google Scholar

[70] Jakub Czyz, Mark Allman, Jing Zhang, Scott Iekel-Johnson, Eric Osterweil, and Michael Bailey. Measuring IPv6 adoption. SIGCOMM Comput. Commun. Rev., 44(4):87–98, August 2014. Search in Google Scholar

[71] Xuequn Wang and Sebastian Zander. Extending the model of internet standards adoption: A cross-country comparison of IPv6 adoption. Information & Management, 55(4):450 – 460, 2018. Search in Google Scholar

[72] M. Nikkhah and R. Guérin. Migrating the Internet to IPv6: An Exploration of the When and Why. IEEE/ACM Transactions on Networking, 24(4):2291–2304, 2016. Search in Google Scholar

[73] Ralph Holz, Lothar Braun, Nils Kammenhuber, and Georg Carle. The SSL Landscape: A Thorough Analysis of the x.509 PKI Using Active and Passive Measurements. In Proceedings of the 2011 ACM SIGCOMM Conference on Internet Measurement Conference, IMC ’11, pages 427–444. ACM, 2011. Search in Google Scholar

[74] Andy Ozment and Stuart E Schechter. Bootstrapping the adoption of internet security protocols. In 5th Annual Workshop on the Economics of Information Security, WEIS, 2006. Search in Google Scholar

[75] Adrienne Porter Felt, Richard Barnes, April King, Chris Palmer, Chris Bentzel, and Parisa Tabriz. Measuring HTTPS adoption on the web. In Proceedings of the USENIX Security Symposium (USENIX Security 17), pages 1323–1338, 2017. Search in Google Scholar

[76] Victor Le Pochat, Tom van Goethem, Samaneh Tajalizadehkhoob, Maciej Korczynski, and Wouter Joosen. Tranco: A research-oriented top sites ranking hardened against manipulation. In 26th Annual Network and Distributed System Security Symposium, NDSS ’19. The Internet Society, 2019. Search in Google Scholar

[77] Symantec. Symantec RuleSpace: URL categorization database, 2020. Search in Google Scholar

[78] Iskander Sanchez-Rola, Matteo Dell’Amico, Platon Kotzias, Davide Balzarotti, Leyla Bilge, Pierre-Antoine Vervier, and Igor Santos. Can I Opt Out Yet? GDPR and the Global Illusion of Cookie Control. In Proceedings of the 2019 ACM Asia Conference on Computer and Communications Security, Asia CCS ’19, pages 340–351. ACM, 2019. Search in Google Scholar

[79] Pelayo Vallina, Victor Le Pochat, Álvaro Feal, Marius Paraschiv, Julien Gamba, Tim Burke, Oliver Hohlfeld, Juan Tapiador, and Narseo Vallina-Rodriguez. Mis-shapes, Mistakes, Misfits: An Analysis of Domain Classification Services. In Proceedings of the Internet Measurement Conference 2020, IMC ’20. ACM, 2020. Search in Google Scholar

[80] Mozilla Foundation. Public suffix list. https://publicsuffix.org/, 2007–2020. Search in Google Scholar

[81] Yana Dimova, Gunes Acar, Lukasz Olejnik, Wouter Joosen, and Tom van Goethem. The CNAME of the Game: Large-scale Analysis of DNS-based Tracking Evasion. Proceedings on Privacy Enhancing Technologies, 2021. Search in Google Scholar

[82] Inside Privacy. Digital Advertising Alliance Leaves Do Not Track Group. https://www.insideprivacy.com/advertising-marketing/digital-advertising-alliance-leaves-do-not-track-group-2/, 2013. Search in Google Scholar

[83] IAB Tech Lab. Global Privacy Working Group. https://iabtechlab.com/working-groups/global-privacy-working-group/, 2011. Search in Google Scholar

[84] Andrew L Russell. ‘Rough consensus and running code’ and the Internet-OSI standards war. IEEE Annals of the History of Computing, 28(3):48–61, 2006. Search in Google Scholar

[85] Christopher Soghoian. The History of the Do Not Track Header. http://paranoia.dubfire.net/2011/01/history-of-donot-track-header.html, 2011. Search in Google Scholar

[86] Carl Shapiro, Shapiro Carl, Hal R Varian, et al. Information rules: a strategic guide to the network economy. Harvard Business Press, 1998. Search in Google Scholar

[87] Kochava Inc. Quantcast and Kochava Partnership Delivers Combined Web and Mobile App Solution for CCPA. https://www.businesswire.com/news/home/20200207005054/en/Quantcast-and-Kochava-Partnership-Delivers-Combined-Web-and-Mobile-App-Solution-for-CCPA, 2018. Search in Google Scholar

[88] Johnny Ryan. Regulatory complaint concerning massive, web-wide data breach by Google and other “ad tech” companies under Europe’s GDPR. https://brave.com/adtech-data-breach-complaint/, 2018. Search in Google Scholar

[89] Natasha Lomas. Brave Accueses European governments of GDPR resourcing failure. https://techcrunch.com/2020/04/27/brave-accuses-european-governments-of-gdpr-resourcing-failure/, 2020. Search in Google Scholar

[90] Johnny Ryan. Formal GDPR complaint against IAB Europe’s “cookie wall” and GDPR consent guidance. https://brave.com/iab-cookie-wall/, 2019. Search in Google Scholar

[91] Tue Goldschmieding. New important decision on cookies from the Danish Data Protection Agency. https://gorrissenfederspiel.com/en/knowledge/news/new-important-decision-on-cookies-from-the-danish-data-protection-agency, 2020. Search in Google Scholar

[92] Aaron Ceross and Andrew Simpson. Rethinking the Proposition of Privacy Engineering. In Proceedings of the New Security Paradigms Workshop, NSPW ’18, pages 89–102. ACM, 2018. Search in Google Scholar

[93] Carl Shapiro and Hal R Varian. The art of standards wars. California Management Review, 41(2):8–32, 1999. Search in Google Scholar

[94] Christoph Bösch, Benjamin Erb, Frank Kargl, Henning Kopp, and Stefan Pfattheicher. Tales from the dark side: Privacy dark strategies and privacy dark patterns. Proceedings on Privacy Enhancing Technologies, 2016(4):237–254, 2016. Search in Google Scholar

[95] Arunesh Mathur, Gunes Acar, Michael J Friedman, Elena Lucherini, Jonathan Mayer, Marshini Chetty, and Arvind Narayanan. Dark patterns at scale: Findings from a crawl of 11k shopping websites. Proceedings of the ACM on Human-Computer Interaction, 3(CSCW):1–32, 2019. Search in Google Scholar

[96] Arvind Narayanan, Arunesh Mathur, Marshini Chetty, and Mihir Kshirsagar. Dark Patterns: Past, Present, and Future. ACM Queue, 18(2):67–92, 2020. Search in Google Scholar

Recommended articles from Trend MD

Plan your remote conference with Sciendo