Privacy Promise Vs. Tracking Reality in Pay-or-Tracking Walls-Reference-Cited by-同舟云学术

Privacy Promise Vs. Tracking Reality in Pay-or-Tracking Walls

Published:2024 Issue: Volume: Page:168-188
ISSN:0302-9743
Container-title:Lecture Notes in Computer Science
language:en
Short-container-title:

Author:

Müller-Tribbensee Timo^ORCID

Abstract

AbstractEuropean websites increasingly adopt pay-or-tracking walls, sometimes known as “consent or pay models,” “cookie paywalls,” or “pay-or-okay walls.” These walls require users to pay a fee or consent to be tracked in exchange for website access. However, initial evidence suggests that websites might continue to track users even when they pay the fee, constituting user deception. This paper comprehensively assesses whether websites employing pay-or-tracking walls keep their privacy promise to paying users as stated on the pay-or-tracking wall and safeguard their privacy. Data collection and analysis from 341 websites show that while websites reduce tracking for paying users, 32.9% of the websites fail to uphold the privacy promise declared on their pay-or-tracking wall. 80% of these websites could meet their privacy commitments by removing just one or two trackers. Notably, a group of websites offering a joint subscription allowing access to all participating websites better keeps their privacy promises than others, likely due to the implementation of an ongoing control mechanism that regularly detects tracker usage. The results show that implementing tracking-free websites remains challenging and might require continuous efforts.

Publisher

Springer Nature Switzerland

Link

https://link.springer.com/content/pdf/10.1007/978-3-031-68024-3_9

Reference27 articles.

1. Bouhoula, A., Kubicek, K., Zac, A., Cotrini, C., Basin, D.: Automated large-scale analysis of cookie notice compliance. In: 33rd USENIX Security Symposium. USENIX Security 24, USENIX Association, Philadelphia, PA, USA (2024). https://www.usenix.org/system/files/sec23winter-prepub-107-bouhoula.pdf

2. Bui, D., Tang, B., Shin, K.G.: Do opt-outs really opt me out? In: Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security, CCS 2022, pp. 425–439. Association for Computing Machinery, New York, NY, USA (2022). https://doi.org/10.1145/3548606.3560574

3. Bujlow, T., Carela-Español, V., Solé-Pareta, J., Barlet-Ros, P.: A survey on web tracking: mechanisms, implications, and defenses. Proc. IEEE 105(8), 1476–1510 (2017). https://doi.org/10.1109/JPROC.2016.2637878

4. Conference of German Data Protection Authorities: Orientierungshilfe der Aufsichtsbehörden für Anbieter:innen von Telemedien ab dem 1. Dezember 2021 (OH Telemedien 2021) Version 1.1 [Guidance from the supervisory Authorities for Telemedia Providers From December 1, 2021]. Technical report, Conference of German Data Protection Authorities (2022). https://www.datenschutzkonferenz-online.de/media/oh/20221205_oh_Telemedien_2021_Version_1_1_Vorlage_104_DSK_final.pdf

5. Du, X., Yang, Z., Lin, J., Cao, Y., Yang, M.: Withdrawing is believing? Detecting inconsistencies between withdrawal choices and third-party data collections in mobile apps. In: 2024 IEEE Symposium on Security and Privacy. IEEE Computer Society (2024). https://yinzhicao.org/mowchecker/mowchecker.pdf