Tales from the Dark Side: Privacy Dark Strategies and Privacy Dark Patterns

Authors: Christoph Bösch (Institute of Distributed Systems, Ulm University), Benjamin Erb (Institute of Distributed Systems, Ulm University), Frank Kargl (Institute of Distributed Systems, Ulm University), Henning Kopp (Institute of Distributed Systems, Ulm University), Stefan Pfattheicher (Department of Social Psychology, Ulm University)

Volume: 2016
Issue: 4
Pages: 237–254
DOI: https://doi.org/10.1515/popets-2016-0038

Download PDF

Abstract: Privacy strategies and privacy patterns are fundamental concepts of the privacy-by-design engineering approach. While they support a privacy-aware development process for IT systems, the concepts used by malicious, privacy-threatening parties are generally less understood and known. We argue that understanding the “dark side”, namely how personal data is abused, is of equal importance. In this paper, we introduce the concept of privacy dark strategies and privacy dark patterns and present a framework that collects, documents, and analyzes such malicious concepts. In addition, we investigate from a psychological perspective why privacy dark strategies are effective. The resulting framework allows for a better understanding of these dark concepts, fosters awareness, and supports the development of countermeasures. We aim to contribute to an easier detection and successive removal of such approaches from the Internet to the benefit of its users.

Keywords: Privacy, Patterns

Copyright in PoPETs articles are held by their authors. This article is published under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 license.