Navigating Cookie Consent Violations Across the Globe
Brian Tang, Duc Bui, Kang G. Shin
TL;DR
This paper introduces ConsentChk, an end-to-end system for detecting cookie consent violations across the globe, revealing regional differences and misconfigurations in cookie banner implementations affecting user privacy.
Contribution
The paper presents a formal model and system for systematically detecting and analyzing cookie consent violations on a large scale across multiple regions.
Findings
Cookie consent violations are prevalent and region-dependent.
Many cookie banners are misleading or incorrectly configured.
Regional privacy laws influence cookie banner behavior.
Abstract
Online services provide users with cookie banners to accept/reject the cookies placed on their web browsers. Despite the increased adoption of cookie banners, little has been done to ensure that cookie consent is compliant with privacy laws around the globe. Prior studies have found that cookies are often placed on browsers even after their explicit rejection by users. These inconsistencies in cookie banner behavior circumvent users' consent preferences and are known as cookie consent violations. To address this important problem, we propose an end-to-end system, called ConsentChk, that detects and analyzes cookie banner behavior. ConsentChk uses a formal model to systematically detect and categorize cookie consent violations. We investigate eight English-speaking regions across the world, and analyze cookie banner behavior across 1,793 globally-popular websites. Cookie behavior, cookie…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Code & Models
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsPrivacy, Security, and Data Protection · Web Application Security Vulnerabilities · Spam and Phishing Detection