Tales from the Dark Side: Privacy Dark Strategies and Privacy Dark Patterns

Abstract Privacy strategies and privacy patterns are fundamental concepts of the privacy-by-design engineering approach. While they support a privacy-aware development process for IT systems, the concepts used by malicious, privacy-threatening parties are generally less understood and known. We argue that understanding the “dark side”, namely how personal data is abused, is of equal importance. In this paper, we introduce the concept of privacy dark strategies and privacy dark patterns and present a framework that collects, documents, and analyzes such malicious concepts. In addition, we investigate from a psychological perspective why privacy dark strategies are effective. The resulting framework allows for a better understanding of these dark concepts, fosters awareness, and supports the development of countermeasures. We aim to contribute to an easier detection and successive removal of such approaches from the Internet to the benefit of its users.

[1]  Matthew L. Jensen,et al.  Using an elaboration likelihood approach to better understand the persuasiveness of website privacy assurance cues for online consumers , 2012, J. Assoc. Inf. Sci. Technol..

[2]  Matthias Schneider,et al.  Privacy implications of presence sharing in mobile messaging applications , 2014, MUM.

[3]  Alfred Kobsa,et al.  The effect of personalization provider characteristics on privacy attitudes and behaviors: An Elaboration Likelihood Model approach , 2016, J. Assoc. Inf. Sci. Technol..

[4]  Alfred Kobsa,et al.  Increasing Sharing Tendency Without Reducing Satisfaction: Finding the Best Privacy-Settings User Interface for Social Networks , 2014, ICIS.

[5]  Ralph Johnson,et al.  design patterns elements of reusable object oriented software , 2019 .

[6]  Kent L. Beck,et al.  A diagram for object-oriented programs , 1986, OOPSLA 1986.

[7]  Cliff Lampe,et al.  The Benefits of Facebook "Friends: " Social Capital and College Students' Use of Online Social Network Sites , 2007, J. Comput. Mediat. Commun..

[8]  Mark Batey,et al.  A tale of two sites: Twitter vs. Facebook and the personality predictors of social media usage , 2012, Comput. Hum. Behav..

[9]  J. Reeve,et al.  Solutions to problematic polypharmacy: learning from the expertise of patients. , 2015, The British journal of general practice : the journal of the Royal College of General Practitioners.

[10]  Markus Schumacher,et al.  Security Patterns and Security Standards , 2002, EuroPLoP.

[11]  Alessandro Acquisti,et al.  Privacy in electronic commerce and the economics of immediate gratification , 2004, EC '04.

[12]  K. Stanovich,et al.  Advancing the rationality debate , 2000, Behavioral and Brain Sciences.

[13]  Lorrie Faith Cranor,et al.  Your Location has been Shared 5,398 Times!: A Field Study on Mobile App Privacy Nudging , 2015, CHI.

[14]  S. Hofmann,et al.  Why Do People Use Facebook? , 2012, Personality and individual differences.

[15]  Arvind Narayanan,et al.  The Web Never Forgets: Persistent Tracking Mechanisms in the Wild , 2014, CCS.

[16]  D. Kahneman Thinking, Fast and Slow , 2011 .

[17]  Acquisti Carnegie NudgingPrivacy The Behavioral Economics of Personal Information , 2009 .

[18]  Harsha Gangadharbatla Facebook Me , 2008 .

[19]  Gregor Hohpe,et al.  Enterprise Integration Patterns: Designing, Building, and Deploying Messaging Solutions , 2003 .

[20]  R. Fazio Multiple Processes by which Attitudes Guide Behavior: The Mode Model as an Integrative Framework , 1990 .

[21]  Jason Hong,et al.  Privacy patterns for online interactions , 2006, PLoP '06.

[22]  G. Loewenstein,et al.  The Impact of Relative Standards on the Propensity to Disclose , 2012 .

[23]  A. Tversky,et al.  Judgment under Uncertainty: Heuristics and Biases , 1974, Science.

[24]  Philippe A. Palanque,et al.  Proceedings of the SIGCHI Conference on Human Factors in Computing Systems , 2014, International Conference on Human Factors in Computing Systems.

[25]  E. Higgins Beyond Pleasure and Pain: How Motivation Works , 2011 .

[26]  P. Hustinx Privacy by design: delivering the promises , 2010 .

[27]  Y. Amichai-Hamburger,et al.  Loneliness and Internet use , 2003, Comput. Hum. Behav..

[28]  Maarten H. Everts,et al.  Designing Privacy-by-Design , 2012, APF.

[29]  Carmela Troncoso,et al.  Engineering Privacy by Design , 2011 .

[30]  Tom Rodden,et al.  Consent for all: revealing the hidden complexity of terms and conditions , 2013, CHI.

[31]  David I. Laibson,et al.  Golden Eggs and Hyperbolic Discounting , 1997 .

[32]  R. Cialdini Influence: The Psychology of Persuasion , 1993 .

[33]  Aleecia M. McDonald,et al.  The Cost of Reading Privacy Policies , 2009 .

[34]  Martin Fowler,et al.  Patterns of Enterprise Application Architecture , 2002 .

[35]  Jaap-Henk Hoepman,et al.  PDF hosted at the Radboud Repository of the Radboud University Nijmegen , 2022 .

[36]  John T. Cacioppo,et al.  The Elaboration Likelihood Model of Persuasion , 1986, Advances in Experimental Social Psychology.

[37]  Max Jacobson,et al.  A Pattern Language: Towns, Buildings, Construction , 1981 .

[38]  Ritu Agarwal,et al.  Adoption of Electronic Health Records in the Presence of Privacy Concerns: The Elaboration Likelihood Model and Individual Persuasion , 2009, MIS Q..

[39]  F. Strack,et al.  Reflective and Impulsive Determinants of Social Behavior , 2004, Personality and social psychology review : an official journal of the Society for Personality and Social Psychology, Inc.

[40]  G. Kalyanaram,et al.  Nudge: Improving Decisions about Health, Wealth, and Happiness , 2011 .

[41]  L. Festinger A Theory of Cognitive Dissonance , 1957 .

[42]  K. Williams,et al.  Cyberostracism: effects of being ignored over the Internet. , 2000, Journal of personality and social psychology.

[43]  R. Baumeister,et al.  The need to belong: desire for interpersonal attachments as a fundamental human motivation. , 1995, Psychological bulletin.

[44]  Alfred Kobsa,et al.  Counteracting the Negative Effect of Form Auto-completion on the Privacy Calculus , 2013, ICIS.

[45]  Nick Doty,et al.  Privacy Design Patterns and Anti-Patterns Patterns Misapplied and Unintended Consequences , 2013 .

[46]  M. Hafiz A collection of privacy design patterns , 2006, PLoP '06.

[47]  David Wright,et al.  PRIPARE: Integrating Privacy Best Practices into a Privacy Engineering Methodology , 2015, 2015 IEEE Security and Privacy Workshops.