1. bookVolume 2016 (2016): Issue 4 (October 2016)
Journal Details
License
Format
Journal
eISSN
2299-0984
First Published
16 Apr 2015
Publication timeframe
4 times per year
Languages
English
access type Open Access

Tales from the Dark Side: Privacy Dark Strategies and Privacy Dark Patterns

Published Online: 14 Jul 2016
Page range: 237 - 254
Received: 29 Feb 2016
Accepted: 02 Jun 2016
Journal Details
License
Format
Journal
eISSN
2299-0984
First Published
16 Apr 2015
Publication timeframe
4 times per year
Languages
English
Abstract

Privacy strategies and privacy patterns are fundamental concepts of the privacy-by-design engineering approach. While they support a privacy-aware development process for IT systems, the concepts used by malicious, privacy-threatening parties are generally less understood and known. We argue that understanding the “dark side”, namely how personal data is abused, is of equal importance. In this paper, we introduce the concept of privacy dark strategies and privacy dark patterns and present a framework that collects, documents, and analyzes such malicious concepts. In addition, we investigate from a psychological perspective why privacy dark strategies are effective. The resulting framework allows for a better understanding of these dark concepts, fosters awareness, and supports the development of countermeasures. We aim to contribute to an easier detection and successive removal of such approaches from the Internet to the benefit of its users.

Keywords

[1] G. Acar, C. Eubank, S. Englehardt, M. Juarez, A. Narayanan, and C. Diaz, “The Web never forgets: Persistent tracking mechanisms in the wild,” in Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security. ACM, 2014, pp. 674-689.10.1145/2660267.2660347Search in Google Scholar

[2] A. Acquisti, “Privacy in electronic commerce and the economics of immediate gratification,” in Proceedings of the 5th ACM conference on Electronic commerce. ACM, 2004, pp. 21-29.10.1145/988772.988777Search in Google Scholar

[3] -, “Nudging privacy: The behavioral economics of personal information.” IEEE Security & Privacy, vol. 7, no. 6, pp. 82-85, 2009.10.1109/MSP.2009.163Search in Google Scholar

[4] A. Acquisti, L. K. John, and G. Loewenstein, “The impact of relative standards on the propensity to disclose,” Journal of Marketing Research, vol. 49, no. 2, pp. 160-174, 2012.10.1509/jmr.09.0215Search in Google Scholar

[5] C. Alexander, S. Ishikawa, and M. Silverstein, A Pattern Language: Towns, Buildings, Construction (Center for Environmental Structure Series). Oxford University Press, 1977.Search in Google Scholar

[6] H. Almuhimedi, F. Schaub, N. Sadeh, I. Adjerid, A. Acquisti, J. Gluck, L. F. Cranor, and Y. Agarwal, “Your location has been shared 5,398 times!: A field study on mobile app privacy nudging,” in Proceedings of the 33rd Annual ACM Conference on Human Factors in Computing Systems, ser. CHI ’15. New York, NY, USA: ACM, 2015, pp. 787-796.Search in Google Scholar

[7] Y. Amichai-Hamburger and E. Ben-Artzi, “Loneliness and internet use,” Computers in Human Behavior, vol. 19, no. 1, pp. 71-80, 2003.10.1016/S0747-5632(02)00014-6Search in Google Scholar

[8] C. M. Angst and R. Agarwal, “Adoption of electronic health records in the presence of privacy concerns: The elaboration likelihood model and individual persuasion,” MIS quarterly, vol. 33, no. 2, pp. 339-370, 2009.10.2307/20650295Search in Google Scholar

[9] R. F. Baumeister and M. R. Leary, “The need to belong: desire for interpersonal attachments as a fundamental human motivation.” Psychological Bulletin, vol. 117, no. 3, pp. 497-529, 1995.10.1037/0033-2909.117.3.497Search in Google Scholar

[10] K. Beck and W. Cunningham, “Using pattern languages for object oriented programs,” in Conference on Object- Oriented Programming, Systems, Languages, and Applications (OOPSLA), 1987.10.1145/28697.28734Search in Google Scholar

[11] H. Brignull, “Dark Patterns: fighting user deception worldwide,” http://darkpatterns.org/, accessed: 2016-01-24.Search in Google Scholar

[12] A. Buchenscheit, B. Könings, A. Neubert, F. Schaub, M. Schneider, and F. Kargl, “Privacy implications of presence sharing in mobile messaging applications,” in Proceedings of the 13th International Conference on Mobile and Ubiquitous Multimedia. ACM, 2014, pp. 20-21.10.1145/2677972.2677980Search in Google Scholar

[13] R. Cialdini, Influence : the psychology of persuasion. New York: Morrow, 1993.Search in Google Scholar

[14] N. Doty and M. Gupta, “Privacy Design Patterns and Anti- Patterns,” in Trustbusters Workshop at the Symposium on Usable Privacy and Security, 2013.Search in Google Scholar

[15] N. B. Ellison, C. Steinfield, and C. Lampe, “The benefits of facebook "friends:" social capital and college students’ use of online social network sites,” Journal of Computer- Mediated Communication, vol. 12, no. 4, pp. 1143-1168, 2007.Search in Google Scholar

[16] R. H. Fazio, “Multiple processes by which attitudes guide behavior: The MODE model as an integrative framework,” Advances in Experimental Social Psychology, vol. 23, pp. 75-109, 1990.10.1016/S0065-2601(08)60318-4Search in Google Scholar

[17] L. Festinger, A theory of cognitive dissonance. Stanford university press, 1962, vol. 2.Search in Google Scholar

[18] M. Fowler, Patterns of Enterprise Application Architecture. Boston: Addison-Wesley Professional, 2003.Search in Google Scholar

[19] E. Gamma, R. Helm, R. Johnson, and J. Vlissides, Design patterns: elements of reusable object-oriented software. Pearson Education, 1994.Search in Google Scholar

[20] H. Gangadharbatla, “Facebook me: Collective self-esteem, need to belong, and internet self-efficacy as predictors of the igeneration’s attitudes toward social networking sites,” Journal of interactive advertising, vol. 8, no. 2, pp. 5-15, 2008.10.1080/15252019.2008.10722138Search in Google Scholar

[21] S. Gürses, C. Troncoso, and C. Diaz, “Engineering privacy by design,” Computers, Privacy & Data Protection, vol. 14, 2011.Search in Google Scholar

[22] M. Hafiz, “A collection of privacy design patterns,” in Proceedings of the 2006 conference on Pattern languages of programs. ACM, 2006, p. 7.10.1145/1415472.1415481Search in Google Scholar

[23] E. T. Higgins, Beyond pleasure and pain: How motivation works. Oxford University Press, 2011.10.1093/acprof:oso/9780199765829.001.0001Search in Google Scholar

[24] J.-H. Hoepman, “Privacy Design Strategies,” CoRR, vol. abs/1210.6621, 2012.Search in Google Scholar

[25] G. Hohpe and B. Woolf, Enterprise Integration Patterns - Designing, Building, and Deploying Messaging Solutions, 1st ed. Boston: Addison-Wesley Professional, 2004.Search in Google Scholar

[26] D. J. Hughes, M. Rowe, M. Batey, and A. Lee, “A tale of two sites: Twitter vs. Facebook and the personality predictors of social media usage,” Computers in Human Behavior, vol. 28, no. 2, pp. 561-569, 2012.10.1016/j.chb.2011.11.001Search in Google Scholar

[27] P. Hustinx, “Privacy by design: delivering the promises,” Identity in the Information Society, vol. 3, no. 2, pp. 253-255, 2010.10.1007/s12394-010-0061-zSearch in Google Scholar

[28] T. Jones, “Facebook’s "evil interfaces",” https://www.eff.org/de/deeplinks/2010/04/facebooks-evil-interfaces, accessed: 2016-02-25.Search in Google Scholar

[29] D. Kahneman, Thinking, fast and slow. Macmillan, 2011.Search in Google Scholar

[30] B. P. Knijnenburg and A. Kobsa, “Increasing sharing tendency without reducing satisfaction: Finding the best privacy-settings user interface for social networks,” in Proceedings of the International Conference on Information Systems - Building a Better World through Information Systems, ICIS 2014, Auckland, New Zealand, December 14-17, 2014, 2014.Search in Google Scholar

[31] B. P. Knijnenburg, A. Kobsa, and H. Jin, “Counteracting the negative effect of form auto-completion on the privacy calculus,” in Thirty Fourth International Conference on Information Systems, Milan, 2013.Search in Google Scholar

[32] A. Kobsa, H. Cho, and B. P. Knijnenburg, “The effect of personalization provider characteristics on privacy attitudes and behaviors: An elaboration likelihood model approach,” Journal of the Association for Information Science and Technology, 2016, in press.10.1002/asi.23629Search in Google Scholar

[33] D. Laibson, “Golden eggs and hyperbolic discounting,” The Quarterly Journal of Economics, vol. 112, no. 2, pp. 443-478, 1997.10.1162/003355397555253Search in Google Scholar

[34] P. B. Lowry, G. Moody, A. Vance, M. Jensen, J. Jenkins, and T. Wells, “Using an elaboration likelihood approach to better understand the persuasiveness of website privacy assurance cues for online consumers,” Journal of the American Society for Information Science and Technology, vol. 63, no. 4, pp. 755-776, 2012.10.1002/asi.21705Search in Google Scholar

[35] E. Luger, S. Moran, and T. Rodden, “Consent for all: revealing the hidden complexity of terms and conditions,” in Proceedings of the SIGCHI conference on Human factors in computing systems. ACM, 2013, pp. 2687-2696.10.1145/2470654.2481371Search in Google Scholar

[36] A. M. McDonald and L. F. Cranor, “Cost of reading privacy policies, the,” ISJLP, vol. 4, p. 543, 2008.Search in Google Scholar

[37] A. Nadkarni and S. G. Hofmann, “Why do people use Facebook?” Personality and Individual Differences, vol. 52, no. 3, pp. 243-249, 2012.10.1016/j.paid.2011.11.007333539922544987Search in Google Scholar

[38] N. Notario, A. Crespo, Y.-S. Martín, J. M. Del Alamo, D. Le Métayer, T. Antignac, A. Kung, I. Kroener, and D. Wright, “PRIPARE: Integrating Privacy Best Practices into a Privacy Engineering Methodology,” in Security and Privacy Workshops (SPW), 2015 IEEE. IEEE, 2015, pp. 151-158.10.1109/SPW.2015.22Search in Google Scholar

[39] R. E. Petty and J. T. Cacioppo, The elaboration likelihood model of persuasion. Springer, 1986.10.1007/978-1-4612-4964-1_1Search in Google Scholar

[40] S. Romanosky, A. Acquisti, J. Hong, L. F. Cranor, and B. Friedman, “Privacy patterns for online interactions,” in Proceedings of the 2006 conference on Pattern languages of programs. ACM, 2006, p. 12.10.1145/1415472.1415486Search in Google Scholar

[41] M. Schumacher, “Security patterns and security standards.” in EuroPLoP, 2002, pp. 289-300. Search in Google Scholar

[42] T. Schümmer, “The public privacy-patterns for filtering personal information in collaborative systems,” in CHI2004: Proceedings of the Conference on Human Factors in Computing Systems, 2004.Search in Google Scholar

[43] K. E. Stanovich and R. F. West, “Advancing the rationality debate,” Behavioral and Brain Sciences, vol. 23, no. 05, pp. 701-717, 2000.10.1017/S0140525X00623439Search in Google Scholar

[44] F. Strack and R. Deutsch, “Reflective and impulsive determinants of social behavior,” Personality and Social Psychology Review, vol. 8, no. 3, pp. 220-247, 2004.10.1207/s15327957pspr0803_115454347Search in Google Scholar

[45] R. Thaler, Nudge : improving decisions about health, wealth, and happiness. New York: Penguin Books, 2009.Search in Google Scholar

[46] J. Tidwell, Designing Interfaces. Sebastopol: "O’Reilly Media, Inc.", 2010.Search in Google Scholar

[47] A. Tversky and D. Kahneman, “Judgment under uncertainty: Heuristics and biases,” science, vol. 185, no. 4157, pp. 1124-1131, 1974.Search in Google Scholar

[48] J. van Rest, D. Boonstra, M. Everts, M. van Rijn, and R. van Paassen, Designing privacy-by-design. Springer, 2014, pp. 55-72.10.1007/978-3-642-54069-1_4Search in Google Scholar

[49] K. D. Williams, C. K. Cheung, and W. Choi, “Cyberostracism: effects of being ignored over the internet.” Journal of Personality and Social Psychology, vol. 79, no. 5, pp. 748-762, 2000.10.1037/0022-3514.79.5.748Search in Google Scholar

Recommended articles from Trend MD

Plan your remote conference with Sciendo