A Comparison of Nudging and Boosting for Privacy during Web Browsing

A Comparison of Nudging and Boosting for Privacy during Web Browsing
David Elsweiler
Anna-Marie Ortloff
David Elsweiler
Niels Henze
in Bearbeitung


People spend a lot of time online and online services collect large amounts of data from them. The General Data Protection Regulation (GDPR), which has been in effect since May 2018, regulates privacy online and offers more choices and possibilities for users to take control of their data, but these options are not necessarily used [1]. Possible consequences of the loss of privacy online are targeted advertising and discrimination based on user profiles [2,3]. Boosting and nudging are two competing strategies which can be used to induce behavioral change in users [4], and which have also been employed in the domain of privacy [5]. Nudges exploit users’ cognitive biases, while boosts aim to support them in their decision making process, for example by providing additional information [4].

Zielsetzung der Arbeit

Work in the domain of privacy often suffers from only measuring behavioral intentions and not the behavior itself [6]. This is especially worrying because users’ intentions and actions concerning privacy do not necessarily match. This phenomenon is called the privacy paradox [7]. To overcome this limitation, this thesis aims to compare the effect of nudges and boosts on online browsing behavior by deploying a browser extension to capture naturalistic behavior and expose participants to either boosts or nudges during a three-week study period.

Konkrete Aufgaben

The steps which are necessary are the following:

  • Collect data to use in boosts
  • Design nudges and boosts based on literature and previous work
  • Implement a browser extension for Chrome/Firefox to use in a naturalistic study. This includes:
    • Collecting information on participants’ browsing behavior while preserving their privacy as much as possible
    • Categorizing visited websites as a measure to preserve anonymity
    • Accumulating privacy related information on website visits
    • Implementing a database and an Application Programming Interface (API) to connect to the database from the extension
    • Presenting nudges or boosts to participants
  • Recruit a sufficient number of participants to take part in a study
  • Conduct a study with the extension
  • Analyze and interpret the results

Erwartete Vorkenntnisse


Weiterführende Quellen

[1] Utz, C., Degeling, M., Fahl, S., Schaub, F., & Holz, T. (2019). (Un)Informed consent: Studying GDPR consent notices in the field. In Proceedings of the 2019 acm sigsac conference on computer and communications security (p. 973–990). New York, NY, USA: Association for Computing Machinery.

[2] Datta, A., Tschantz, M. C., & Datta, A. (2015). Automated experiments on ad privacy settings. Proceedings on privacy enhancing technologies, 2015(1), 92–112.

[3] Mikians, J., Gyarmati, L., Erramilli, V., & Laoutaris, N. (2012). Detecting price and search discrimination on the internet. In Proceedings of the 11th acm workshop on hot topics in networks (p. 79–84). New York, NY, USA: Association for Computing Machinery.

[4] Grüne-Yanoff, T., & Hertwig, R. (2016, Mar 01). Nudge versus boost: How coherent are policy and theory? Minds and Machines, 26(1), 149–183.

[5] Acquisti, A., Adjerid, I., Balebako, R., Brandimarte, L., Cranor, L. F., Komanduri, S., … et al. (2017, 08). Nudges for privacy and security: Understanding and assisting users’ choices online. ACM Computing Surveys (CSUR), 50(3).

[6] Lowry, P. B., Dinev, T., & Willison, R. (2017). Why security and privacy research lies at the centre of the information systems (is) artefact: proposing a bold research agenda. European Journal of Information Systems, 26(6), 546-563.

[7] Norberg, P. A., Horne, D. R., & Horne, D. A. (2007). The privacy paradox: Personal information disclosure intentions versus behaviors. Journal of Consumer Affairs, 41(1), 100-126.

arbeiten/nudging_and_boosting_for_privacy.txt · Zuletzt geändert: 01.09.2020 12:54 von Niels Henze
Recent changes RSS feed Debian Powered by PHP Valid XHTML 1.0 Valid CSS Driven by DokuWiki