Papers
Topics
Authors
Recent
Search
2000 character limit reached

Invisible, Unreadable, and Inaudible Cookie Notices: An Evaluation of Cookie Notices for Users with Visual Impairments

Published 16 Aug 2023 in cs.HC and cs.CR | (2308.11643v2)

Abstract: This paper investigates the accessibility of cookie notices on websites for users with visual impairments (VI) via a set of system studies on top UK websites (n=46) and a user study (n=100). We use a set of methods and tools--including accessibility testing tools, text-only browsers, and screen readers, to perform our system studies. Our results demonstrate that the majority of cookie notices on these websites have some form of accessibility issues including contrast issues, not having headings, and not being read aloud immediately when the page is loaded. We discuss how such practises impact the user experience and privacy and provide a set of recommendations for multiple stakeholders for more accessible websites and better privacy practises for users with VIs. To complement our technical contribution we conduct a user study and finding that people with VIs generally have a negative view of cookie notices and believe our recommendations could help their online experience. We also find a disparity in how users wish to respond to cookie notices as apposed to how they do in reality.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (83)
  1. Challenges and Adaptations to Public Involvement with Marginalised Groups during the COVID-19 Pandemic: Commentary with Illustrative Case Studies in the Context of Patient Safety Research. Research Involvement and Engagement 8, 1 (April 2022), 13. https://doi.org/10.1186/s40900-022-00345-x
  2. Privacy Concerns and Behaviors of People with Visual Impairments. In Proceedings of the 33rd Annual ACM Conference on Human Factors in Computing Systems. ACM, Seoul Republic of Korea, 3523–3532. https://doi.org/10.1145/2702123.2702334
  3. ”I am uncomfortable sharing what I can’t see”: Privacy Concerns of the Visually Impaired with Camera Based Assistive Applications. In 29th USENIX Security Symposium (USENIX Security 20). USENIX Association, online, 1929–1948. https://www.usenix.org/conference/usenixsecurity20/presentation/akter
  4. This Website Uses Nudging: MTurk Workers’ Behaviour on Cookie Consent Notices. Proceedings of the ACM on Human-Computer Interaction 5, CSCW2 (2021), 1–22.
  5. Review of Quantitative Empirical Evaluations of Technology for People with Visual Impairments. In Proceedings of the 2020 CHI Conference on Human Factors in Computing Systems (Honolulu, HI, USA) (CHI ’20). Association for Computing Machinery, New York, NY, USA, 1–14. https://doi.org/10.1145/3313831.3376749
  6. Sambhavi Chandrashekar. 2010. Is hearing believing? Perception of online information credibility by screen reader users who are blind or visually impaired. Ph. D. Dissertation. University of Toronto Toronto, ON.
  7. Access Computing. n.d.. 30 Web Accessibility Tips. Access Computing. https://www.washington.edu/accesscomputing/30-web-accessibility-tips
  8. Kovila PL Coopamootoo and Thomas Groß. 2017. Why privacy is all but forgotten. Proceedings on Privacy Enhancing Technologies 2017, 4 (2017), 97–118.
  9. ”I feel invaded, annoyed, anxious and I may protect myself”: Individuals’ Feelings about Online Tracking and their Protective Behaviour across Gender and Country. In 31st USENIX Security Symposium (USENIX Security 22). USENIX Association, Boston, MA, 287–304. https://www.usenix.org/conference/usenixsecurity22/presentation/coopamootoo
  10. Michael Davidson. 2006. The Work of Disability in an Age of Globalization. The disability studies reader (2006), 117. ISBN: 0415953340 Publisher: Taylor & Francis.
  11. We Value Your Privacy… Now Take Some Cookies. Informatik Spektrum 42, 5 (2019), 345–346.
  12. Chrome Developers. 2019. Lighthouse Accessibility Scoring. https://developer.chrome.com/docs/lighthouse/accessibility/scoring/
  13. Serge Egelman and Eyal Peer. 2015. The Myth of the Average User: Improving Privacy and Security Systems through Individualization. In Proceedings of the 2015 New Security Paradigms Workshop. ACM, Twente Netherlands, 16–28. https://doi.org/10.1145/2841113.2841115
  14. Steven Englehardt and Arvind Narayanan. 2016. Online Tracking: A 1-Million-Site Measurement and Analysis. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. ACM, Vienna Austria, 1388–1401. https://doi.org/10.1145/2976749.2978313
  15. European Data Protection Board. adopted on 10 april 2018. Guidelines on Consent under Regulation 2016/679. https://ec.europa.eu/newsroom/article29/items/623051
  16. Christopher Frauenberger. 2015. Disability and Technology: A Critical Realist Perspective. In Proceedings of the 17th International ACM SIGACCESS Conference on Computers & Accessibility - ASSETS ’15. ACM Press, Lisbon, Portugal, 89–96. https://doi.org/10.1145/2700648.2809851
  17. Garante per la protezione dei dati personali. 2010. Video Surveillance ’ Decision. https://garanteprivacy.it:443/web/guest/home/docweb/-/docweb-display/docweb/1734653
  18. Armin Gerl and Bianca Meier. 2019. The layered privacy language Art. 12–14 GDPR Extension–privacy enhancing user interfaces. Datenschutz und Datensicherheit-DuD 43, 12 (2019), 747–752.
  19. Google Developers. 2022. Lighthouse Overview. Google. https://developer.chrome.com/docs/lighthouse/overview/
  20. GOV.UK. 2016. Results of the 2016 GOV.UK Assistive Technology Survey - Accessibility in Government. https://accessibility.blog.gov.uk/2016/11/01/results-of-the-2016-gov-uk-assistive-technology-survey/
  21. GOV.UK Design System. n.d.. Cookie Banner. https://design-system.service.gov.uk/components/cookie-banner/
  22. A survey on the use of mobile applications for people who are visually impaired. Journal of Visual Impairment & Blindness 111, 4 (2017), 307–323.
  23. Mobile assistive technologies for the visually impaired. Survey of ophthalmology 58, 6 (2013), 513–528.
  24. Writing about Accessibility. Interactions 22, 6 (Oct. 2015), 62–65. https://doi.org/10.1145/2828432
  25. Vicki L Hanson and John T Richards. 2013. Progress on website accessibility? ACM Transactions on the Web (TWEB) 7, 1 (2013), 1–30.
  26. Cooperative Privacy and Security: Learning from People with Visual Impairments and Their Allies. In Fifteenth Symposium on Usable Privacy and Security (SOUPS 2019). USENIX Association, Santa Clara, CA, 1–20. https://www.usenix.org/conference/soups2019/presentation/hayes
  27. Xuehui Hu and Nishanth Sastry. 2019. Characterising Third Party Cookie Usage in the EU after GDPR. In Proceedings of the 10th ACM Conference on Web Science. ACM, Boston Massachusetts USA, 137–141. https://doi.org/10.1145/3292522.3326039
  28. Internet Use and Cybersecurity Concerns of Individuals with Visual Impairments. Journal of Educational Technology & Society 19, 1 (2016), 28–40.
  29. Deque Systems Inc. 2022. Axe-Core. https://github.com/dequelabs/axe-core
  30. Information Commissioner’s Office. 2022. Guidance on the Use of Cookies and Similar Technologies. https://ico.org.uk/for-organisations/guide-to-pecr/guidance-on-the-use-of-cookies-and-similar-technologies/
  31. W3C Web Accessibility Initiative (WAI). n.d.. Designing for Web Accessibility – Tips for Getting Started. Web Accessibility Initiative (WAI). https://www.w3.org/WAI/tips/designing/
  32. Lars Kaczmirek and Klaus G. Wolff. 2007. Survey Design for Visually Impaired and Blind People. In Universal Acess in Human Computer Interaction. Coping with Diversity, Constantine Stephanidis (Ed.). Vol. 4554. Springer Berlin Heidelberg, Berlin, Heidelberg, 374–381. https://doi.org/10.1007/978-3-540-73279-2_41
  33. Katie Hempenius. n.d.. Best Practices for Cookie Notices. web.dev. https://web.dev/articles/cookie-notice-best-practices
  34. Blind People and the World Wide Web. UMIST. https://www.webbie.org.uk/webbie.html
  35. Cookie Banners and Privacy Policies: Measuring the Impact of the GDPR on the Web. ACM Transactions on the Web 15, 4 (July 2021), 1–42. https://doi.org/10.1145/3466722
  36. Kristen Baker. n.d.. Web Accessibility: The Ultimate Guide. HubSpot. https://blog.hubspot.com/website/web-accessibility
  37. Research methods in human-computer interaction. Morgan Kaufmann.
  38. Bradley Lewis. 2006. A mad fight: Psychiatry and disability activism. The disability studies reader 3 (2006). Publisher: Routledge New York.
  39. Jonathan Ling and Paul Van Schaik. 2002. The effect of text and background colour on visual search of Web pages. Displays 23, 5 (2002), 223–230.
  40. Brady Lund. 2021. The Brave Browser: A Monetary Opportunity for Libraries in the Cryptoverse. Library Hi Tech News 38, 6 (Jan. 2021), 15–16. https://doi.org/10.1108/LHTN-05-2021-0023
  41. Do Cookie Banners Respect my Choice? : Measuring Legal Compliance of Banners from IAB Europe’s Transparency and Consent Framework. In 2020 IEEE Symposium on Security and Privacy (SP). 2020 IEEE Symposium on Security and Privacy (SP), San Francisco, CA, USA, 791–809. https://doi.org/10.1109/SP40000.2020.00076
  42. Maryam Mehrnezhad. 2020. A Cross-Platform Evaluation of Privacy Notices and Tracking Practices. In 2020 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW). IEEE, Genoa, Italy, 97–106. https://doi.org/10.1109/EuroSPW51379.2020.00023
  43. Maryam Mehrnezhad and Teresa Almeida. 2021. Caring for Intimate Data in Fertility Technologies. In Proceedings of the 2021 CHI Conference on Human Factors in Computing Systems. ACM, Yokohama Japan, 1–11. https://doi.org/10.1145/3411764.3445132
  44. How Can and Would People Protect From Online Tracking? Proceedings on Privacy Enhancing Technologies 2022, 1 (Jan. 2022), 105–125. https://doi.org/10.2478/popets-2022-0006
  45. Preferences for Web Tracking. Proceedings on Privacy Enhancing Technologies 2016, 2 (2016), 1–20.
  46. Microsoft. n.d.. Lifecycle FAQ - Internet Explorer and Microsoft Edge. Microsoft. https://docs.microsoft.com/en-us/lifecycle/faq/internet-explorer-microsoft-edge
  47. Accept or Address? Researchers’ Perspectives on Response Bias in Accessibility Research. In Proceedings of the 23rd International ACM SIGACCESS Conference on Computers and Accessibility (Virtual Event, USA) (ASSETS ’21). Association for Computing Machinery, New York, NY, USA, Article 20, 13 pages. https://doi.org/10.1145/3441852.3471216
  48. ” I’m Literally Just Hoping This Will {{\{{Work:’}}\}}’Obstacles Blocking the Online Security and Privacy of Users with Visual Disabilities. In Seventeenth Symposium on Usable Privacy and Security (SOUPS 2021). 263–280.
  49. Dark Patterns after the GDPR: Scraping Consent Pop-ups and Demonstrating Their Influence. In Proceedings of the 2020 CHI Conference on Human Factors in Computing Systems. ACM, Honolulu HI USA, 1–13. https://doi.org/10.1145/3313831.3376321
  50. Office for National Statistics. 2020. Internet Users, UK. https://www.ons.gov.uk/businessindustryandtrade/itandinternetindustry/bulletins/internetusers/2020
  51. The European Parliament and the Council of the European Union. 2002. Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 Concerning the Processing of Personal Data and the Protection of Privacy in the Electronic Communications Sector (Directive on Privacy and Electronic Communications).
  52. Usability guidelines for accessible web design. Evidence–Based User Experience Research, Training, Consulting (2001).
  53. Differential Vulnerabilities and a Diversity of Tactics: What Toolkits Teach Us about Cybersecurity. Proceedings of the ACM on Human-Computer Interaction 2, CSCW (2018), 1–24.
  54. PowerMapper Software. 2022. Screen Reader Reliability. PowerMapper Software. https://www.powermapper.com/tests/screen-readers/
  55. Long-Term Observation on Browser Fingerprinting: Users’ Trackability and Perspective. Proceedings on Privacy Enhancing Technologies 2020, 2 (April 2020), 558–577. https://doi.org/10.2478/popets-2020-0041
  56. What Do They Know about Me? Contents and Concerns of Online Behavioral Profiles. arXiv:1506.01675 [cs]
  57. General Data Protection Regulation. 2016. General Data Protection Regulation (GDPR) – Official Legal Text. https://gdpr-info.eu/
  58. Tactile Web Browsing for Blind People. Multimedia Tools and Applications 37, 1 (March 2008), 53–69. https://doi.org/10.1007/s11042-007-0170-3
  59. Gary S. Rubin and Gordon E. Legge. 1989. Psychophysics of Reading. VI—The Role of Contrast in Low Vision. Vision Research 29, 1 (Jan. 1989), 79–91. https://doi.org/10.1016/0042-6989(89)90175-2
  60. Suzanna Schmeelk and Helen Petrie. 2022. Digital Authentication for Visually Disabled People: Initial Results of an Online Survey. In Computers Helping People with Special Needs: 18th International Conference, ICCHP-AAATE 2022, Lecco, Italy, July 11–15, 2022, Proceedings, Part II. Springer, 41–50.
  61. Karen Schnell and Kaushik Roy. 2021. Website Privacy Notification for the Visually Impaired. In 2021 IEEE Symposium Series on Computational Intelligence (SSCI). 2021 IEEE Symposium Series on Computational Intelligence (SSCI), Orlando, FL, USA, 1–6. https://doi.org/10.1109/SSCI50451.2021.9659986
  62. Privacy-Enhancing Technologies—Approaches and Development. Computer Standards & Interfaces 25, 2 (May 2003), 147–158. https://doi.org/10.1016/S0920-5489(03)00003-5
  63. Tom Shakespeare. 2006. The Social Model of Disability. The disability studies reader 2 (2006), 197–204.
  64. Fatemeh Shirazi and Melanie Volkamer. 2014. What Deters Jane from Preventing Identification and Tracking on the Web?. In Proceedings of the 13th Workshop on Privacy in the Electronic Society (Scottsdale, Arizona, USA) (WPES ’14). Association for Computing Machinery, New York, NY, USA, 107–116. https://doi.org/10.1145/2665943.2665963
  65. Jannick Sørensen and Sokol Kosta. 2019. Before and After GDPR: The Changes in Third Party Presence at Public and Private European Websites. In The World Wide Web Conference (WWW ’19). Association for Computing Machinery, New York, NY, USA, 1590–1600. https://doi.org/10.1145/3308558.3313524
  66. Kristina L. Southwell and Jacquelyn Slater. 2013. An Evaluation of Finding Aid Accessibility for Screen Readers. Information Technology and Libraries 32, 3 (2013), 34–46.
  67. Statcounter. n.d.. Browser Market Share Worldwide. Statcounter. https://gs.statcounter.com/browser-market-share
  68. the Brave Privacy Team. 2022. Blocking Annoying and Privacy-Harming Cookie Consent Banners. https://brave.com/privacy-updates/21-blocking-cookie-notices/
  69. 4 Years of EU Cookie Law: Results and Lessons Learned. Proceedings on Privacy Enhancing Technologies 2019, 2 (April 2019), 126–145. https://doi.org/10.2478/popets-2019-0023
  70. Union of Physically Impaired Against Segregation and The Disability Alliance. 1975. Fundamental Principles of Disability. https://disability-studies.leeds.ac.uk/wp-content/uploads/sites/40/library/UPIAS-fundamental-principles.pdf
  71. Smart, Useful, Scary, Creepy: Perceptions of Online Behavioral Advertising. In Proceedings of the Eighth Symposium on Usable Privacy and Security - SOUPS ’12. ACM Press, Washington, D.C., 1. https://doi.org/10.1145/2335356.2335362
  72. (Un)Informed Consent: Studying GDPR Consent Notices in the Field. In Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security. ACM, London United Kingdom, 973–990. https://doi.org/10.1145/3319535.3354212
  73. W3. 2023. Web Content Accessibility Guidelines (WCAG) 2.2. GOV.UK. https://www.w3.org/TR/WCAG22/
  74. W3C. 2019. How to Meet WCAG (Quickref Reference). https://www.w3.org/WAI/WCAG21/quickref/
  75. W3C. 2022. WCAG 2 Overview. W3. https://www.w3.org/WAI/standards-guidelines/wcag/
  76. W3c. n.d.. Understanding Conformance. W3. https://www.w3.org/WAI/WCAG21/Understanding/conformance#levels
  77. Yang Wang and Charlotte Emily Price. 2022. Accessible Privacy. In Modern Socio-Technical Perspectives on Privacy. Springer, Cham, 293–313.
  78. Proper Implementation of Website Features Affecting the Use of Screen Readers. Advances in Usability and User Experience, Vol. 972. Springer International Publishing.
  79. WebAIM. 2017. Screen Readers and CSS: Are We Going Out of Style (and into Content)? https://webaim.org/blog/screen-readers-and-css/
  80. WebAIM. 2021. WebAIM: Screen Reader User Survey #9 Results. WebAIM. https://webaim.org/projects/screenreadersurvey9/
  81. WebAIM. n.d.. WAVE Chrome, Firefox, and Edge Extensions. https://wave.webaim.org/extension/
  82. whotracksme. 2018. GDPR - What happened? https://whotracks.me/blog/gdpr-what-happened.html
  83. A novel multimodal interface for improving visually impaired people’s web accessibility. Virtual Reality 9, 2 (2006), 133–148.
Citations (3)
View on Semantic Scholar

Summary

No one has generated a summary of this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Sign Up to Summarize

Paper to Video (Beta)

Whiteboard

No one has generated a whiteboard explanation for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Sign Up to Generate

Open Problems

We haven't generated a list of open problems mentioned in this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Generate Now

Continue Learning

We haven't generated follow-up questions for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Generate Now

Collections

Sign up for free to add this paper to one or more collections.

User Circle Single Streamline Icon: https://streamlinehq.com Sign Up