Tales from the Dark Side: Privacy Dark Strategies and Privacy Dark Patterns

Open access

Abstract

Privacy strategies and privacy patterns are fundamental concepts of the privacy-by-design engineering approach. While they support a privacy-aware development process for IT systems, the concepts used by malicious, privacy-threatening parties are generally less understood and known. We argue that understanding the “dark side”, namely how personal data is abused, is of equal importance. In this paper, we introduce the concept of privacy dark strategies and privacy dark patterns and present a framework that collects, documents, and analyzes such malicious concepts. In addition, we investigate from a psychological perspective why privacy dark strategies are effective. The resulting framework allows for a better understanding of these dark concepts, fosters awareness, and supports the development of countermeasures. We aim to contribute to an easier detection and successive removal of such approaches from the Internet to the benefit of its users.

If the inline PDF is not rendering correctly, you can download the PDF file here.

  • [1] G. Acar C. Eubank S. Englehardt M. Juarez A. Narayanan and C. Diaz “The Web never forgets: Persistent tracking mechanisms in the wild” in Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security. ACM 2014 pp. 674-689.

  • [2] A. Acquisti “Privacy in electronic commerce and the economics of immediate gratification” in Proceedings of the 5th ACM conference on Electronic commerce. ACM 2004 pp. 21-29.

  • [3] - “Nudging privacy: The behavioral economics of personal information.” IEEE Security & Privacy vol. 7 no. 6 pp. 82-85 2009.

  • [4] A. Acquisti L. K. John and G. Loewenstein “The impact of relative standards on the propensity to disclose” Journal of Marketing Research vol. 49 no. 2 pp. 160-174 2012.

  • [5] C. Alexander S. Ishikawa and M. Silverstein A Pattern Language: Towns Buildings Construction (Center for Environmental Structure Series). Oxford University Press 1977.

  • [6] H. Almuhimedi F. Schaub N. Sadeh I. Adjerid A. Acquisti J. Gluck L. F. Cranor and Y. Agarwal “Your location has been shared 5398 times!: A field study on mobile app privacy nudging” in Proceedings of the 33rd Annual ACM Conference on Human Factors in Computing Systems ser. CHI ’15. New York NY USA: ACM 2015 pp. 787-796.

  • [7] Y. Amichai-Hamburger and E. Ben-Artzi “Loneliness and internet use” Computers in Human Behavior vol. 19 no. 1 pp. 71-80 2003.

  • [8] C. M. Angst and R. Agarwal “Adoption of electronic health records in the presence of privacy concerns: The elaboration likelihood model and individual persuasion” MIS quarterly vol. 33 no. 2 pp. 339-370 2009.

  • [9] R. F. Baumeister and M. R. Leary “The need to belong: desire for interpersonal attachments as a fundamental human motivation.” Psychological Bulletin vol. 117 no. 3 pp. 497-529 1995.

  • [10] K. Beck and W. Cunningham “Using pattern languages for object oriented programs” in Conference on Object- Oriented Programming Systems Languages and Applications (OOPSLA) 1987.

  • [11] H. Brignull “Dark Patterns: fighting user deception worldwide” http://darkpatterns.org/ accessed: 2016-01-24.

  • [12] A. Buchenscheit B. Könings A. Neubert F. Schaub M. Schneider and F. Kargl “Privacy implications of presence sharing in mobile messaging applications” in Proceedings of the 13th International Conference on Mobile and Ubiquitous Multimedia. ACM 2014 pp. 20-21.

  • [13] R. Cialdini Influence : the psychology of persuasion. New York: Morrow 1993.

  • [14] N. Doty and M. Gupta “Privacy Design Patterns and Anti- Patterns” in Trustbusters Workshop at the Symposium on Usable Privacy and Security 2013.

  • [15] N. B. Ellison C. Steinfield and C. Lampe “The benefits of facebook "friends:" social capital and college students’ use of online social network sites” Journal of Computer- Mediated Communication vol. 12 no. 4 pp. 1143-1168 2007.

  • [16] R. H. Fazio “Multiple processes by which attitudes guide behavior: The MODE model as an integrative framework” Advances in Experimental Social Psychology vol. 23 pp. 75-109 1990.

  • [17] L. Festinger A theory of cognitive dissonance. Stanford university press 1962 vol. 2.

  • [18] M. Fowler Patterns of Enterprise Application Architecture. Boston: Addison-Wesley Professional 2003.

  • [19] E. Gamma R. Helm R. Johnson and J. Vlissides Design patterns: elements of reusable object-oriented software. Pearson Education 1994.

  • [20] H. Gangadharbatla “Facebook me: Collective self-esteem need to belong and internet self-efficacy as predictors of the igeneration’s attitudes toward social networking sites” Journal of interactive advertising vol. 8 no. 2 pp. 5-15 2008.

  • [21] S. Gürses C. Troncoso and C. Diaz “Engineering privacy by design” Computers Privacy & Data Protection vol. 14 2011.

  • [22] M. Hafiz “A collection of privacy design patterns” in Proceedings of the 2006 conference on Pattern languages of programs. ACM 2006 p. 7.

  • [23] E. T. Higgins Beyond pleasure and pain: How motivation works. Oxford University Press 2011.

  • [24] J.-H. Hoepman “Privacy Design Strategies” CoRR vol. abs/1210.6621 2012.

  • [25] G. Hohpe and B. Woolf Enterprise Integration Patterns - Designing Building and Deploying Messaging Solutions 1st ed. Boston: Addison-Wesley Professional 2004.

  • [26] D. J. Hughes M. Rowe M. Batey and A. Lee “A tale of two sites: Twitter vs. Facebook and the personality predictors of social media usage” Computers in Human Behavior vol. 28 no. 2 pp. 561-569 2012.

  • [27] P. Hustinx “Privacy by design: delivering the promises” Identity in the Information Society vol. 3 no. 2 pp. 253-255 2010.

  • [28] T. Jones “Facebook’s "evil interfaces"” https://www.eff.org/de/deeplinks/2010/04/facebooks-evil-interfaces accessed: 2016-02-25.

  • [29] D. Kahneman Thinking fast and slow. Macmillan 2011.

  • [30] B. P. Knijnenburg and A. Kobsa “Increasing sharing tendency without reducing satisfaction: Finding the best privacy-settings user interface for social networks” in Proceedings of the International Conference on Information Systems - Building a Better World through Information Systems ICIS 2014 Auckland New Zealand December 14-17 2014 2014.

  • [31] B. P. Knijnenburg A. Kobsa and H. Jin “Counteracting the negative effect of form auto-completion on the privacy calculus” in Thirty Fourth International Conference on Information Systems Milan 2013.

  • [32] A. Kobsa H. Cho and B. P. Knijnenburg “The effect of personalization provider characteristics on privacy attitudes and behaviors: An elaboration likelihood model approach” Journal of the Association for Information Science and Technology 2016 in press.

  • [33] D. Laibson “Golden eggs and hyperbolic discounting” The Quarterly Journal of Economics vol. 112 no. 2 pp. 443-478 1997.

  • [34] P. B. Lowry G. Moody A. Vance M. Jensen J. Jenkins and T. Wells “Using an elaboration likelihood approach to better understand the persuasiveness of website privacy assurance cues for online consumers” Journal of the American Society for Information Science and Technology vol. 63 no. 4 pp. 755-776 2012.

  • [35] E. Luger S. Moran and T. Rodden “Consent for all: revealing the hidden complexity of terms and conditions” in Proceedings of the SIGCHI conference on Human factors in computing systems. ACM 2013 pp. 2687-2696.

  • [36] A. M. McDonald and L. F. Cranor “Cost of reading privacy policies the” ISJLP vol. 4 p. 543 2008.

  • [37] A. Nadkarni and S. G. Hofmann “Why do people use Facebook?” Personality and Individual Differences vol. 52 no. 3 pp. 243-249 2012.

  • [38] N. Notario A. Crespo Y.-S. Martín J. M. Del Alamo D. Le Métayer T. Antignac A. Kung I. Kroener and D. Wright “PRIPARE: Integrating Privacy Best Practices into a Privacy Engineering Methodology” in Security and Privacy Workshops (SPW) 2015 IEEE. IEEE 2015 pp. 151-158.

  • [39] R. E. Petty and J. T. Cacioppo The elaboration likelihood model of persuasion. Springer 1986.

  • [40] S. Romanosky A. Acquisti J. Hong L. F. Cranor and B. Friedman “Privacy patterns for online interactions” in Proceedings of the 2006 conference on Pattern languages of programs. ACM 2006 p. 12.

  • [41] M. Schumacher “Security patterns and security standards.” in EuroPLoP 2002 pp. 289-300.

  • [42] T. Schümmer “The public privacy-patterns for filtering personal information in collaborative systems” in CHI2004: Proceedings of the Conference on Human Factors in Computing Systems 2004.

  • [43] K. E. Stanovich and R. F. West “Advancing the rationality debate” Behavioral and Brain Sciences vol. 23 no. 05 pp. 701-717 2000.

  • [44] F. Strack and R. Deutsch “Reflective and impulsive determinants of social behavior” Personality and Social Psychology Review vol. 8 no. 3 pp. 220-247 2004.

  • [45] R. Thaler Nudge : improving decisions about health wealth and happiness. New York: Penguin Books 2009.

  • [46] J. Tidwell Designing Interfaces. Sebastopol: "O’Reilly Media Inc." 2010.

  • [47] A. Tversky and D. Kahneman “Judgment under uncertainty: Heuristics and biases” science vol. 185 no. 4157 pp. 1124-1131 1974.

  • [48] J. van Rest D. Boonstra M. Everts M. van Rijn and R. van Paassen Designing privacy-by-design. Springer 2014 pp. 55-72.

  • [49] K. D. Williams C. K. Cheung and W. Choi “Cyberostracism: effects of being ignored over the internet.” Journal of Personality and Social Psychology vol. 79 no. 5 pp. 748-762 2000.

Search
Journal information
Cited By
Metrics
All Time Past Year Past 30 Days
Abstract Views 0 0 0
Full Text Views 1218 814 65
PDF Downloads 865 617 64