slider

A Large-Scale Study of Cookie Banner Interaction Tools and Their Impact on Users’ Privacy - Prof. Dr. Norbert Pohlmann

A Large-Scale Study of Cookie Banner Interaction Tools and Their Impact on Users’ Privacy

A Large-Scale Study of Cookie Banner Interaction Tools

N. Demir, Norbert Pohlmann (Institut für Internet-Sicherheit), T. Urban, C. Wressnegger:
„A Large-Scale Study of Cookie Banner Interaction Tools and their Impact on Users’ Privacy”,
23rd Privacy Enhancing Technologies Symposium (PETS) 2024


ABSTRACT
Cookie notices (or cookie banners) are a popular mechanism for websites to provide (European) Internet users a tool to choose which cookies the site may set. Banner implementations range from merely providing information that a site uses cookies over offering the choice to accepting or denying all cookies to allowing fine-grained control of cookie usage. Users frequently get annoyed by the banner’s pervasiveness as they interrupt “natural” browsing on the Web. As a remedy, different browser extensions have been developed to automate the interaction with cookie banners.


In this work, we perform a large-scale measurement study comparing the effectiveness of extensions for “cookie banner interaction.” We configured the extensions to express different privacy choices (e.g., accepting all cookies, accepting functional cookies, or rejecting all cookies) to understand their capabilities to execute a user’s preferences. The results show statistically significant differences in which cookies are set, how many of them are set, and which types are set—even for extensions that aim to implement the same cookie choice. Extensions for “cookie banner interaction” can effectively reduce the number of set cookies compared to no interaction with the banners. However, all extensions increase the
tracking requests significantly except when rejecting all cookies.

1 INTRODUCTION
Websites make rich use of HTTP cookies for various means (e.g., user tracking). To provide (European) Internet users more control over the usage of cookies, many website providers embed so-called
“cookie banners” on their webpages [8, 13, 17]. Some banners allow fine-grained control over the type of cookies to be used (e.g., rejecting advertising cookies), while others only inform users about their usage [44]. Cookie banners are meant to help users but are often designed in a way that nudges the user to accept all types of cookies rather than to reject them (“Dark Patterns” [15, 27]), and
their the omnipresence has started to annoy users [29].


Different tools help users cope with cookie banners by automatizing the interaction process [4, 24, 33, 34, 39]. These tools are usually implemented as a browser extension and often use rule-based approaches to identify and interact with banners. More specifically, the tools identify the banners and corresponding buttons on predefined patterns, similar to ad blockers that block URLs based on filter lists. Some tools offer the option to choose the cookie type the user consents to be set (e.g., “functional cookies” only). Users hence need to configure these tools according to their own privacy needs.
However, the impact of these tools on the user’s privacy still needs to be better understood. One challenge is that the interaction with these banners is neither standardized nor is it (legally) defined what
the purpose of a cookie is or how it can be determined. Thus, while users rely on these tools for convenience and to implement their choice, it is still being determined if these tools even meet these
expectations and which impact the tools have on users’ privacy.


In this work, we perform a measurement study to understand the effects of six extensions for “cookie banner interaction.“ We analyze five tools used in the field and one custom extension developed for
this study. In our experiments, we investigate (1) which and how many cookies a website sets, (2) the purpose of the used cookies, and (3) various deferred effects, such as the impact on tracking
requests. With this study, we aim to understand the impact and potential benefits of the different tools for users’ privacy. To do so, we visit 298k distinct pages on 30k websites once with each
tool and uncover statistically significant differences in the analyzed extensions’ effectiveness. We show that the number of cookies, category of used cookies, and individual cookies in terms of their
key names differ based on the used extension.


Previous studies have either analyzed the design of different banners [8, 15, 41, 44] or have built new tools to interact with banners in a meaningful way [4, 34]. While we build upon prior work by utilizing some of the presented tools in this work, we investigate an entirely different problem: The effectiveness of different tools that automatically interact with cookie banners. To the best of our knowledge, this is the first work comparing the impact of “cookie banner interaction” tools on the user’s privacy at a large scale

….


kostenlos downloaden



Weitere Informationen zum Thema “A Large-Scale Study of Cookie Banner Interaction Tools”



The Unwanted Sharing Economy: An Analysis of Cookie Syncing and User Transparency under GDPR

Sharing is Caring: Towards Analyzing Attack Surfaces on Shared Hosting Providers

Ex schola pro vita – Studien- und Fortbildungsangebote zur Cybersicherheit

Towards Understanding First-Party Cookie Tracking in the Field

Dreiklang der IT-Sicherheit: Menschen, Prozesse, Technologie



Lehrbuch Cyber-Sicherheit

Übungsaufgaben und Ergebnisse zum Lehrbuch Cyber-Sicherheit

Bücher im Bereich Cyber-Sicherheit und IT-Sicherheit zum kostenlosen Download

Trusted Computing – Ein Weg zu neuen IT-Sicherheitsarchitekturen



Vorlesungen zum Lehrbuch Cyber-Sicherheit

Die Notwendigkeit von neuen IT Sicherheitskonzepten – Zero Trust

Vorstellung der eco Umfrage IT-Sicherheit 2024

Internet Security Survey 2024

Neue IT-Sicherheitskonzepte

Kommunale IT-Sicherheit



Forschungsinstitut für Internet-Sicherheit (IT-Sicherheit, Cyber-Sicherheit)

Master-Studiengang Internet-Sicherheit (IT-Sicherheit, Cyber-Sicherheit)

Marktplatz IT-Sicherheit

Marktplatz IT-Sicherheit: IT-Notfall

Marktplatz IT-Sicherheit: IT-Sicherheitstools

Marktplatz IT-Sicherheit: Selbstlernangebot

Vertrauenswürdigkeits-Plattform



Was wir in der Cybersicherheit angehen müssen

IT-Sicherheitstag 2022 – Der Weg zu einem guten Schutz

Ein Plädoyer für mehr IT-Sicherheit: Wie viel Sicherheit braucht unsere Freiheit?



The German Smart City Market 2021-2026

Internetwirtschaft 2020–2025: Der Start in eine digitale Dekade der Superlative



Cyber-Sicherheit braucht mehr Fokus



IT-Sicherheitsstrategie für Deutschland – Wirkungsklassen von IT-Sicherheitsmaßnahmen für unterschiedliche Schutzbedarfe

Das Manifest zur IT-Sicherheit” – Erklärung von Zielen und Absichten zur Erreichung einer angemessenen Risikolage in der IT

IT-Sicherheit für NRW 4.0 – Gemeinsam ins digitale Zeitalter. Aber sicher.

A Large-Scale Study of Cookie Banner Interaction Tools
A Large-Scale Study of Cookie Banner Interaction Tools and Their Impact on Users’ Privacy Prof. Dr. Norbert Pohlmann - Cyber-Sicherheitsexperten