Managing Potentially Intrusive Practices in the Browser: A User-Centered Perspective
dc.contributor.author | Smullen, Daniel | |
dc.contributor.author | Yao, Yaxing | |
dc.contributor.author | Feng, Yuanyuan | |
dc.contributor.author | Sadeh, Norman | |
dc.contributor.author | Edelstein, Arthur | |
dc.contributor.author | Weiss, Rebecca | |
dc.date.accessioned | 2021-07-29T15:34:49Z | |
dc.date.available | 2021-07-29T15:34:49Z | |
dc.date.issued | 2021-06-16 | |
dc.description | Proceedings on Privacy Enhancing Technologies | en_US |
dc.description.abstract | Browser users encounter a broad array of potentially intrusive practices: from behavioral profiling, to crypto-mining, fingerprinting, and more. We study people’s perception, awareness, understanding, and preferences to opt out of those practices. We conducted a mixed-methods study that included qualitative (n=186) and quantitative (n=888) surveys covering 8 neutrally presented practices, equally highlighting both their benefits and risks. Consistent with prior research focusing on specific practices and mitigation techniques, we observe that most people are unaware of how to effectively identify or control the practices we surveyed. However, our user-centered approach reveals diverse views about the perceived risks and benefits, and that the majority of our participants wished to both restrict and be explicitly notified about the surveyed practices. Though prior research shows that meaningful controls are rarely available, we found that many participants mistakenly assume opt-out settings are common but just too difficult to find. However, even if they were hypothetically available on every website, our findings suggest that settings which allow practices by default are more burdensome to users than alternatives which are contextualized to website categories instead. Our results argue for settings which can distinguish among website categories where certain practices are seen as permissible, proactively notify users about their presence, and otherwise deny intrusive practices by default. Standardizing these settings in the browser rather than being left to individual websites would have the advantage of providing a uniform interface to support notification, control, and could help mitigate dark patterns. We also discuss the regulatory implications of the findings. | en_US |
dc.description.sponsorship | This study was supported in part by grants from DARPA and AFRL under the Brandeis project on Personalized Privacy Assistants (FA8750-15-2-0277), by grants from the National Science Foundation Secure and Trustworthy Computing program (CNS-15-13957, CNS1801316, CNS-1914486) and by an unrestricted grant from Mozilla. The authors would like to also thank Dr. Steven Engelhardt (Mozilla) and Prof. Alessandro Acquisti (CMU) for their helpful suggestions on this work. The US Government is authorized to reproduce and distribute reprints for Governmental purposes not withstanding any copyright notice. The views and conclusions contained herein are those of the authors and should not be interpreted as necessarily representing the official policies or endorsements, either expressed or implied, of the NSF, DARPA, AFRL or the US Government. | en_US |
dc.description.uri | https://www.petsymposium.org/2021/files/papers/issue4/popets-2021-0082.pdf | en_US |
dc.format.extent | 28 pages | en_US |
dc.genre | conference papers and proceedings | en_US |
dc.identifier | doi:10.13016/m2yfre-zyxy | |
dc.identifier.citation | Smullen, Daniel et al.; Managing Potentially Intrusive Practices in the Browser: A User-Centered Perspective; Proceedings on Privacy Enhancing Technologies, (4):500–527, 16 June, 2021; https://www.petsymposium.org/2021/files/papers/issue4/popets-2021-0082.pdf | en_US |
dc.identifier.uri | http://hdl.handle.net/11603/22213 | |
dc.language.iso | en_US | en_US |
dc.relation.isAvailableAt | The University of Maryland, Baltimore County (UMBC) | |
dc.relation.ispartof | UMBC Information Systems Department Collection | |
dc.relation.ispartof | UMBC Faculty Collection | |
dc.rights | This item is likely protected under Title 17 of the U.S. Copyright Law. Unless on a Creative Commons license, for uses protected by Copyright Law, contact the copyright holder or the author. | |
dc.rights | Attribution-NonCommercial-NoDerivatives 4.0 International (CC BY-NC-ND 4.0) | * |
dc.rights.uri | https://creativecommons.org/licenses/by-nc-nd/4.0/ | * |
dc.title | Managing Potentially Intrusive Practices in the Browser: A User-Centered Perspective | en_US |
dc.type | Text | en_US |