Jump to ContentJump to Main Navigation
Show Summary Details
More options …

Proceedings on Privacy Enhancing Technologies

4 Issues per year

Open Access
See all formats and pricing
More options …

Tales from the Dark Side: Privacy Dark Strategies and Privacy Dark Patterns

Christoph Bösch / Benjamin Erb / Frank Kargl / Henning Kopp / Stefan Pfattheicher
Published Online: 2016-07-14 | DOI: https://doi.org/10.1515/popets-2016-0038


Privacy strategies and privacy patterns are fundamental concepts of the privacy-by-design engineering approach. While they support a privacy-aware development process for IT systems, the concepts used by malicious, privacy-threatening parties are generally less understood and known. We argue that understanding the “dark side”, namely how personal data is abused, is of equal importance. In this paper, we introduce the concept of privacy dark strategies and privacy dark patterns and present a framework that collects, documents, and analyzes such malicious concepts. In addition, we investigate from a psychological perspective why privacy dark strategies are effective. The resulting framework allows for a better understanding of these dark concepts, fosters awareness, and supports the development of countermeasures. We aim to contribute to an easier detection and successive removal of such approaches from the Internet to the benefit of its users.

Keywords: Privacy; Patterns


  • [1] G. Acar, C. Eubank, S. Englehardt, M. Juarez, A. Narayanan, and C. Diaz, “The Web never forgets: Persistent tracking mechanisms in the wild,” in Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security. ACM, 2014, pp. 674-689.Google Scholar

  • [2] A. Acquisti, “Privacy in electronic commerce and the economics of immediate gratification,” in Proceedings of the 5th ACM conference on Electronic commerce. ACM, 2004, pp. 21-29.Google Scholar

  • [3] -, “Nudging privacy: The behavioral economics of personal information.” IEEE Security & Privacy, vol. 7, no. 6, pp. 82-85, 2009.Web of ScienceGoogle Scholar

  • [4] A. Acquisti, L. K. John, and G. Loewenstein, “The impact of relative standards on the propensity to disclose,” Journal of Marketing Research, vol. 49, no. 2, pp. 160-174, 2012.Web of ScienceGoogle Scholar

  • [5] C. Alexander, S. Ishikawa, and M. Silverstein, A Pattern Language: Towns, Buildings, Construction (Center for Environmental Structure Series). Oxford University Press, 1977.Google Scholar

  • [6] H. Almuhimedi, F. Schaub, N. Sadeh, I. Adjerid, A. Acquisti, J. Gluck, L. F. Cranor, and Y. Agarwal, “Your location has been shared 5,398 times!: A field study on mobile app privacy nudging,” in Proceedings of the 33rd Annual ACM Conference on Human Factors in Computing Systems, ser. CHI ’15. New York, NY, USA: ACM, 2015, pp. 787-796.Google Scholar

  • [7] Y. Amichai-Hamburger and E. Ben-Artzi, “Loneliness and internet use,” Computers in Human Behavior, vol. 19, no. 1, pp. 71-80, 2003.Google Scholar

  • [8] C. M. Angst and R. Agarwal, “Adoption of electronic health records in the presence of privacy concerns: The elaboration likelihood model and individual persuasion,” MIS quarterly, vol. 33, no. 2, pp. 339-370, 2009.Google Scholar

  • [9] R. F. Baumeister and M. R. Leary, “The need to belong: desire for interpersonal attachments as a fundamental human motivation.” Psychological Bulletin, vol. 117, no. 3, pp. 497-529, 1995.Google Scholar

  • [10] K. Beck and W. Cunningham, “Using pattern languages for object oriented programs,” in Conference on Object- Oriented Programming, Systems, Languages, and Applications (OOPSLA), 1987.Google Scholar

  • [11] H. Brignull, “Dark Patterns: fighting user deception worldwide,” http://darkpatterns.org/, accessed: 2016-01-24.Google Scholar

  • [12] A. Buchenscheit, B. Könings, A. Neubert, F. Schaub, M. Schneider, and F. Kargl, “Privacy implications of presence sharing in mobile messaging applications,” in Proceedings of the 13th International Conference on Mobile and Ubiquitous Multimedia. ACM, 2014, pp. 20-21.Google Scholar

  • [13] R. Cialdini, Influence : the psychology of persuasion. New York: Morrow, 1993.Google Scholar

  • [14] N. Doty and M. Gupta, “Privacy Design Patterns and Anti- Patterns,” in Trustbusters Workshop at the Symposium on Usable Privacy and Security, 2013.Google Scholar

  • [15] N. B. Ellison, C. Steinfield, and C. Lampe, “The benefits of facebook "friends:" social capital and college students’ use of online social network sites,” Journal of Computer- Mediated Communication, vol. 12, no. 4, pp. 1143-1168, 2007.Google Scholar

  • [16] R. H. Fazio, “Multiple processes by which attitudes guide behavior: The MODE model as an integrative framework,” Advances in Experimental Social Psychology, vol. 23, pp. 75-109, 1990.Google Scholar

  • [17] L. Festinger, A theory of cognitive dissonance. Stanford university press, 1962, vol. 2.Google Scholar

  • [18] M. Fowler, Patterns of Enterprise Application Architecture. Boston: Addison-Wesley Professional, 2003.Google Scholar

  • [19] E. Gamma, R. Helm, R. Johnson, and J. Vlissides, Design patterns: elements of reusable object-oriented software. Pearson Education, 1994.Google Scholar

  • [20] H. Gangadharbatla, “Facebook me: Collective self-esteem, need to belong, and internet self-efficacy as predictors of the igeneration’s attitudes toward social networking sites,” Journal of interactive advertising, vol. 8, no. 2, pp. 5-15, 2008.Google Scholar

  • [21] S. Gürses, C. Troncoso, and C. Diaz, “Engineering privacy by design,” Computers, Privacy & Data Protection, vol. 14, 2011.Google Scholar

  • [22] M. Hafiz, “A collection of privacy design patterns,” in Proceedings of the 2006 conference on Pattern languages of programs. ACM, 2006, p. 7.Google Scholar

  • [23] E. T. Higgins, Beyond pleasure and pain: How motivation works. Oxford University Press, 2011.Google Scholar

  • [24] J.-H. Hoepman, “Privacy Design Strategies,” CoRR, vol. abs/1210.6621, 2012.Google Scholar

  • [25] G. Hohpe and B. Woolf, Enterprise Integration Patterns - Designing, Building, and Deploying Messaging Solutions, 1st ed. Boston: Addison-Wesley Professional, 2004.Google Scholar

  • [26] D. J. Hughes, M. Rowe, M. Batey, and A. Lee, “A tale of two sites: Twitter vs. Facebook and the personality predictors of social media usage,” Computers in Human Behavior, vol. 28, no. 2, pp. 561-569, 2012.CrossrefWeb of ScienceGoogle Scholar

  • [27] P. Hustinx, “Privacy by design: delivering the promises,” Identity in the Information Society, vol. 3, no. 2, pp. 253-255, 2010.Google Scholar

  • [28] T. Jones, “Facebook’s "evil interfaces",” https://www.eff.org/de/deeplinks/2010/04/facebooks-evil-interfaces, accessed: 2016-02-25.Google Scholar

  • [29] D. Kahneman, Thinking, fast and slow. Macmillan, 2011.Google Scholar

  • [30] B. P. Knijnenburg and A. Kobsa, “Increasing sharing tendency without reducing satisfaction: Finding the best privacy-settings user interface for social networks,” in Proceedings of the International Conference on Information Systems - Building a Better World through Information Systems, ICIS 2014, Auckland, New Zealand, December 14-17, 2014, 2014.Google Scholar

  • [31] B. P. Knijnenburg, A. Kobsa, and H. Jin, “Counteracting the negative effect of form auto-completion on the privacy calculus,” in Thirty Fourth International Conference on Information Systems, Milan, 2013.Google Scholar

  • [32] A. Kobsa, H. Cho, and B. P. Knijnenburg, “The effect of personalization provider characteristics on privacy attitudes and behaviors: An elaboration likelihood model approach,” Journal of the Association for Information Science and Technology, 2016, in press.Google Scholar

  • [33] D. Laibson, “Golden eggs and hyperbolic discounting,” The Quarterly Journal of Economics, vol. 112, no. 2, pp. 443-478, 1997.Google Scholar

  • [34] P. B. Lowry, G. Moody, A. Vance, M. Jensen, J. Jenkins, and T. Wells, “Using an elaboration likelihood approach to better understand the persuasiveness of website privacy assurance cues for online consumers,” Journal of the American Society for Information Science and Technology, vol. 63, no. 4, pp. 755-776, 2012.Google Scholar

  • [35] E. Luger, S. Moran, and T. Rodden, “Consent for all: revealing the hidden complexity of terms and conditions,” in Proceedings of the SIGCHI conference on Human factors in computing systems. ACM, 2013, pp. 2687-2696.Google Scholar

  • [36] A. M. McDonald and L. F. Cranor, “Cost of reading privacy policies, the,” ISJLP, vol. 4, p. 543, 2008.Google Scholar

  • [37] A. Nadkarni and S. G. Hofmann, “Why do people use Facebook?” Personality and Individual Differences, vol. 52, no. 3, pp. 243-249, 2012.Google Scholar

  • [38] N. Notario, A. Crespo, Y.-S. Martín, J. M. Del Alamo, D. Le Métayer, T. Antignac, A. Kung, I. Kroener, and D. Wright, “PRIPARE: Integrating Privacy Best Practices into a Privacy Engineering Methodology,” in Security and Privacy Workshops (SPW), 2015 IEEE. IEEE, 2015, pp. 151-158.Google Scholar

  • [39] R. E. Petty and J. T. Cacioppo, The elaboration likelihood model of persuasion. Springer, 1986.Google Scholar

  • [40] S. Romanosky, A. Acquisti, J. Hong, L. F. Cranor, and B. Friedman, “Privacy patterns for online interactions,” in Proceedings of the 2006 conference on Pattern languages of programs. ACM, 2006, p. 12.Google Scholar

  • [41] M. Schumacher, “Security patterns and security standards.” in EuroPLoP, 2002, pp. 289-300. Google Scholar

  • [42] T. Schümmer, “The public privacy-patterns for filtering personal information in collaborative systems,” in CHI2004: Proceedings of the Conference on Human Factors in Computing Systems, 2004.Google Scholar

  • [43] K. E. Stanovich and R. F. West, “Advancing the rationality debate,” Behavioral and Brain Sciences, vol. 23, no. 05, pp. 701-717, 2000.CrossrefGoogle Scholar

  • [44] F. Strack and R. Deutsch, “Reflective and impulsive determinants of social behavior,” Personality and Social Psychology Review, vol. 8, no. 3, pp. 220-247, 2004.Google Scholar

  • [45] R. Thaler, Nudge : improving decisions about health, wealth, and happiness. New York: Penguin Books, 2009.Google Scholar

  • [46] J. Tidwell, Designing Interfaces. Sebastopol: "O’Reilly Media, Inc.", 2010.Google Scholar

  • [47] A. Tversky and D. Kahneman, “Judgment under uncertainty: Heuristics and biases,” science, vol. 185, no. 4157, pp. 1124-1131, 1974.Google Scholar

  • [48] J. van Rest, D. Boonstra, M. Everts, M. van Rijn, and R. van Paassen, Designing privacy-by-design. Springer, 2014, pp. 55-72.Google Scholar

  • [49] K. D. Williams, C. K. Cheung, and W. Choi, “Cyberostracism: effects of being ignored over the internet.” Journal of Personality and Social Psychology, vol. 79, no. 5, pp. 748-762, 2000.Google Scholar

About the article

Received: 2016-02-29

Revised: 2016-06-02

Accepted: 2016-06-02

Published Online: 2016-07-14

Published in Print: 2016-10-01

Citation Information: Proceedings on Privacy Enhancing Technologies, Volume 2016, Issue 4, Pages 237–254, ISSN (Online) 2299-0984, DOI: https://doi.org/10.1515/popets-2016-0038.

Export Citation

© 2016. This work is licensed under the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 License. BY-NC-ND 4.0

Citing Articles

Here you can find all Crossref-listed publications in which this article is cited. If you would like to receive automatic email messages as soon as this article is cited in other publications, simply activate the “Citation Alert” on the top of this page.

Alessandro Acquisti, Manya Sleeper, Yang Wang, Shomir Wilson, Idris Adjerid, Rebecca Balebako, Laura Brandimarte, Lorrie Faith Cranor, Saranga Komanduri, Pedro Giovanni Leon, Norman Sadeh, and Florian Schaub
ACM Computing Surveys, 2017, Volume 50, Number 3, Page 1

Comments (0)

Please log in or register to comment.
Log in