DarkDialogs: Automated detection of 10 dark patterns on cookie dialogs

Daniel Kirkman,Kami Vaniea,Daniel W. Woods

Published 2023 in European Symposium on Security and Privacy

ABSTRACT

In theory, consent dialogs allow users to express privacy preferences regarding how a website and its partners process the user’s personal data. In reality, dialogs often employ subtle design techniques known as dark patterns that nudge users towards accepting more data processing than the user would otherwise accept. Dark patterns undermine user autonomy and can violate privacy laws. We build a system, DarkDialogs, that automatically extracts arbitrary consent dialogs from a website and detects the presence of 10 dark patterns. Evaluating DarkDialogs against a hand-labelled dataset reveals it extracts dialogs with an accuracy of 98.7% and correctly classifies 99% of the studied dark patterns. We deployed DarkDialogs on a sample of 10,992 websites, where it successfully collected 2,417 consent dialogs and found 3,744 different dark patterns automatically present on the consent dialogs. We then test whether dark pattern prevalence is associated with each of: the website’s popularity, the presence of a third-party consent management provider, and the number of ID-like cookies.

PUBLICATION RECORD

Publication year
2023
Venue
European Symposium on Security and Privacy
Publication date
2023-07-01
Fields of study
Computer Science
Identifiers
DOI 10.1109/EuroSP57164.2023.00055
External record
Open on Semantic Scholar
Source metadata
Semantic Scholar

CITATION MAP

EXTRACTION MAP

CLAIMS

No claims are published for this paper.

CONCEPTS

No concepts are published for this paper.

REFERENCES

Behavioral Targeting: A European Legal Perspective
2025cited by this paper
Usability and Enforceability of Global Privacy Control
2023cited by this paper
Comparing Large-Scale Privacy and Security Notifications
2023cited by this paper
Tracking on the Web, Mobile and the Internet-of-Things
2022cited by this paper
Data Protection and Consenting Communication Mechanisms: Current Open Proposals and Challenges
2022cited by this paper
On dark patterns and manipulation of website publishers by CMPs
2022cited by this paper
Cookie monster
2022cited by this paper
Automating Cookie Consent and GDPR Violation Detection
2022cited by this paper
Automated detection of dark patterns in cookie banners: how to do it poorly and why it is hard to do it any other way
2022cited by this paper
Consent Receipts For a Usable And Auditable Web of Personal Data
2022cited by this paper
Prospective Consent: The Effect of Framing on Cookie Consent Decisions
2022cited by this paper
The commodification of consent
2022cited by this paper
Website operators are not the enemy either - Analyzing options for creating cookie consent notices without dark patterns
2022cited by this paper
COnSeNT 2022: 2nd International Workshop on Consent Management in Online Services, Networks and Things
2022cited by this paper
“Developers Are Responsible”: What Ad Networks Tell Developers About Privacy
2021cited by this paper
Dark Patterns in the Wild: Review of Cookie Disclaimer Designs on Top 500 German Websites
2021cited by this paper
Cookie Banners and Privacy Policies: Measuring the Impact of the GDPR on the Web
2021cited by this paper
User compliance and remediation success after IoT malware notifications
2021cited by this paper
Conflicting Privacy Preference Signals in the Wild
2021cited by this paper
A Comparative Study of Dark Patterns Across Web and Mobile Modalities
2021cited by this paper
Consumer Consent and Firm Targeting After GDPR: The Case of a Large Telecom Provider
2021cited by this paper
Drivers and Obstacles for the Adoption of Consent Management Solutions by Ad-Tech Providers
2021cited by this paper
What Makes a Dark Pattern... Dark?: Design Attributes, Normative Considerations, and Measurement Methods
2021cited by this paper
Accept All: The Landscape of Cookie Banners in Greece and the UK
2021cited by this paper
Consent Management Platforms under the GDPR: processors and/or controllers?
2021cited by this paper
Privacy Preference Signals: Past, Present and Future
2021cited by this paper
Standardizing and Implementing Do Not Sell
2020cited by this paper
Dark Patterns after the GDPR: Scraping Consent Pop-ups and Demonstrating their Influence
2020influential reference
Are cookie banners indeed compliant with the law?
2020cited by this paper
Circumvention by design - dark patterns in cookie consent for online news outlets
2020cited by this paper
Measuring the Emergence of Consent Management on the Web
2020influential reference
The Impact of User Location on Cookie Notices (Inside and Outside of the European Union)
2019cited by this paper
GConsent - A Consent Ontology Based on the GDPR
2019cited by this paper
Can I Opt Out Yet?: GDPR and the Global Illusion of Cookie Control
2019cited by this paper
Tell Me You Fixed It: Evaluating Vulnerability Notifications via Quarantine Networks
2019cited by this paper
"We Can't Live Without Them!" App Developers' Adoption of Ad Networks and Their Considerations of Consumer Risks
2019cited by this paper
(Un)informed Consent: Studying GDPR Consent Notices in the Field
2019cited by this paper
Why We Trust Dynamic Consent to Deliver on Privacy
2019cited by this paper
Do Cookie Banners Respect my Choice? : Measuring Legal Compliance of Banners from IAB Europe’s Transparency and Consent Framework
2019influential reference
Tranco: A Research-Oriented Top Sites Ranking Hardened Against Manipulation
2018influential reference
The Dark (Patterns) Side of UX Design
2018cited by this paper
We Value Your Privacy ... Now Take Some Cookies
2018cited by this paper
Online Tracking: A 1-million-site Measurement and Analysis
2016cited by this paper
Hey, You Have a Problem: On the Feasibility of Large-Scale Web Vulnerability Notification
2016cited by this paper
You've Got Vulnerability: Exploring Effective Vulnerability Notifications
2016cited by this paper
Taming the cookie monster with Dutch law - A tale of regulatory failure
2015influential reference
Much Ado about Cookies: The European Debate on the New Provisions of the ePrivacy Directive regarding Cookies
2013cited by this paper
Trained to accept?: a field experiment on consent dialogs
2010cited by this paper
JUDGMENT OF THE COURT (Grand Chamber)
2009cited by this paper
The EU E-Privacy Directive: A Monstrous Attempt to Starve the Cookie Monster?
2005cited by this paper
Cookies and Web browser design: toward realizing informed consent online
2001cited by this paper
The legal implications
1994cited by this paper
Derivation of New Readability Formulas (Automated Readability Index, Fog Count and Flesch Reading Ease Formula) for Navy Enlisted Personnel
1975cited by this paper

CITED BY

"What I'm Interested in is Something that Violates the Law": Regulatory Practitioner Views on Automated Detection of Deceptive Design Patterns
2026influential citation
A Cross-Country Analysis of GDPR Cookie Banners and Flexible Methods For Scraping Them
2025influential citation
How Website Owners Use Consent Management Platforms: An Interview Study
2025cites this paper
DeceptiLens: an Approach supporting Transparency in Deceptive Pattern Detection based on a Multimodal Large Language Model
2025cites this paper
Using Salient Object Detection to Identify Manipulative Cookie Banners that Circumvent GDPR
2025influential citation
Shadows in the Interface: A Comprehensive Study on Dark Patterns
2024cites this paper
Access Your Data... if You Can: An Analysis of Dark Patterns Against the Right of Access on Popular Websites
2024influential citation
Who is vulnerable to deceptive design patterns? A transdisciplinary perspective on the multi-dimensional nature of digital vulnerability
2024cites this paper
ScrapeAI: A Multi-Modal Approach to Detect Dark Patterns
2024cites this paper
Measuring Compliance of Consent Revocation on the Web
2024cites this paper
Toward Transparent Web Browsing: A Design for a Privacy and Data Fairness Assessment Tool
year unknowncites this paper