DarkDialogs: Automated detection of 10 dark patterns on cookie dialogs

Abstract

In theory, consent dialogs allow users to express privacy preferences regarding how a website and its partners process the user’s personal data. In reality, dialogs often employ subtle design techniques known as dark patterns that nudge users towards accepting more data processing than the user would otherwise accept. Dark patterns undermine user autonomy and can violate privacy laws. We build a system, DarkDialogs, that automatically extracts arbitrary consent dialogs from a website and detects the presence of 10 dark patterns. Evaluating DarkDialogs against a hand-labelled dataset reveals it extracts dialogs with an accuracy of 98.7% and correctly classifies 99% of the studied dark patterns. We deployed DarkDialogs on a sample of 10,992 websites, where it successfully collected 2,417 consent dialogs and found 3,744 different dark patterns automatically present on the consent dialogs. We then test whether dark pattern prevalence is associated with each of: the website’s popularity, the presence of a third-party consent management provider, and the number of ID-like cookies.

Publication
In Proceedings of the 8th IEEE European Symposium on Security and Privacy (EuroSP'23)