利用显著性目标检测识别规避GDPR的操纵性Cookie横幅 (Using Salient Object Detection to Identify Manipulative Cookie Banners that Circumvent GDPR)

The main goal of this paper is to study how often cookie banners that comply with the General Data Protection Regulation (GDPR) contain aesthetic manipulation, a design tactic to draw users' attention to the button that permits personal data sharing. As a byproduct of this goal, we also evaluate how frequently the banners comply with GDPR and the recommendations of national data protection authorities regarding banner designs. We visited 2,579 websites and identified the type of cookie banner implemented. Although 45% of the relevant websites have fully compliant banners, we found aesthetic manipulation on 38% of the compliant banners. Unlike prior studies of aesthetic manipulation, we use a computer vision model for salient object detection to measure how salient (i.e., attention-drawing) each banner element is. This enables the discovery of new types of aesthetic manipulation (e.g., button placement), and leads us to conclude that aesthetic manipulation is more common than previously reported (38% vs 27% of banners). To study the effects of user and/or website location on cookie banner design, we include websites within the European Union (EU), where privacy regulation enforcement is more stringent, and websites outside the EU. We visited websites from IP addresses in the EU and from IP addresses in the United States (US). We find that 13.9% of EU websites change their banner design when the user is from the US, and EU websites are roughly 48.3% more likely to use aesthetic manipulation than non-EU websites, highlighting their innovative responses to privacy regulation.

翻译：本文的主要目标是研究符合《通用数据保护条例》（GDPR）的Cookie横幅中包含美学操纵（一种旨在吸引用户关注允许个人数据共享按钮的设计策略）的频率。作为该目标的副产品，我们还评估了横幅在多大程度上符合GDPR及各国数据保护机构关于横幅设计的建议。我们访问了2,579个网站，识别了所实施的Cookie横幅类型。尽管45%的相关网站拥有完全合规的横幅，但我们在38%的合规横幅中发现了美学操纵。与先前关于美学操纵的研究不同，我们使用计算机视觉模型进行显著性目标检测，以量化每个横幅元素的显著性（即吸引注意力的程度）。这有助于发现新型美学操纵（例如按钮布局），并使我们得出结论：美学操纵比先前报道的更为普遍（占横幅的38%对27%）。为研究用户和/或网站地理位置对Cookie横幅设计的影响，我们纳入了欧盟（EU）内（隐私监管更为严格）及欧盟外的网站。我们分别从欧盟IP地址和美国（US）IP地址访问网站。研究发现，13.9%的欧盟网站在用户来自美国时会更改其横幅设计，且欧盟网站使用美学操纵的可能性比非欧盟网站高出约48.3%，这突显了它们对隐私监管的创新性应对策略。