Managing Potentially Intrusive Practices in the Browser: A User-Centered Perspective
Loading...
Permanent Link
Author/Creator ORCID
Date
2021-06-16
Type of Work
Department
Program
Citation of Original Publication
Smullen, Daniel et al.; Managing Potentially Intrusive Practices in the Browser: A User-Centered Perspective; Proceedings on Privacy Enhancing Technologies, (4):500–527, 16 June, 2021; https://www.petsymposium.org/2021/files/papers/issue4/popets-2021-0082.pdf
Rights
This item is likely protected under Title 17 of the U.S. Copyright Law. Unless on a Creative Commons license, for uses protected by Copyright Law, contact the copyright holder or the author.
Attribution-NonCommercial-NoDerivatives 4.0 International (CC BY-NC-ND 4.0)
Attribution-NonCommercial-NoDerivatives 4.0 International (CC BY-NC-ND 4.0)
Subjects
Abstract
Browser users encounter a broad array of
potentially intrusive practices: from behavioral profiling, to crypto-mining, fingerprinting, and more. We
study people’s perception, awareness, understanding,
and preferences to opt out of those practices. We conducted a mixed-methods study that included qualitative (n=186) and quantitative (n=888) surveys covering 8 neutrally presented practices, equally highlighting both their benefits and risks. Consistent with prior
research focusing on specific practices and mitigation
techniques, we observe that most people are unaware of
how to effectively identify or control the practices we
surveyed. However, our user-centered approach reveals
diverse views about the perceived risks and benefits, and
that the majority of our participants wished to both
restrict and be explicitly notified about the surveyed
practices. Though prior research shows that meaningful
controls are rarely available, we found that many participants mistakenly assume opt-out settings are common
but just too difficult to find. However, even if they were
hypothetically available on every website, our findings
suggest that settings which allow practices by default
are more burdensome to users than alternatives which
are contextualized to website categories instead. Our
results argue for settings which can distinguish among
website categories where certain practices are seen as
permissible, proactively notify users about their presence, and otherwise deny intrusive practices by default.
Standardizing these settings in the browser rather than
being left to individual websites would have the advantage of providing a uniform interface to support notification, control, and could help mitigate dark patterns. We
also discuss the regulatory implications of the findings.