This article summary is based on the research paper: 'CookieEnforcer: Automated Cookie Notice Analysis and Enforcement' Please don't forget to join our ML Subreddit Need help in creating ML Research content for your lab/startup? Talk to us [email protected]
A team of researchers from the University of Wisconsin-Madison and Google claims to have discovered a way to use artificial intelligence to combat the pervasiveness of manipulative cookie consent pop-ups on the web. The project, dubbed CookieEnforcer, was announced this month to automate the clicking through of options in these online authorization forms to disable all non-essential cookies on a website. As a result, the resulting software can save netizens from having to manually reject cookies presented by a website.
According to the project’s paper, many users click “accept all” when confronted with cookie pop-ups required by European law and other legislation, even though unnecessary cookies may compromise privacy. To discourage people from disabling tracking cookies, some organizations forced to implement these pop-ups have designed them to be challenging to navigate or to use dark patterns to trick someone into selecting the opposite desired option.
It’s such a problem that France fined Google and Facebook €200 million in January for designing their pages, so refusing cookies was more difficult than accepting them.
The CookieEnforcer team eliminated the need for users to navigate through lengthy consent forms, claiming that it took an average of 12 clicks to disable non-essential cookies. Because the layout of these forms varies from site to site, the software must be capable of automatically detecting and determining which controls must be selected. Rather than using previous methods that rely heavily on manual analysis and configuration, the team chose a machine-learning model that is far more scalable to the “breadth and depth of cookie notices.”
When taught how to successfully manipulate cookie controls on a website, the software works in three stages: when one visits a webpage, the trained software detects the location of the cookie notice; it then predicts the actions required to flip the controls to disable non-essential cookies; and finally, it does so while simulating the user’s mouse clicks. CookieEnforcer accomplishes all this in the background, “without interfering with the user experience.”
Google resumes dumping information into its “Privacy Sandbox” European watchdog: All information gathered about users via the ad-consent pop-up system must be deleted. Cookie form detection is accomplished by resolving the problem as a sequence-to-sequence task that converts cookie and website data into some clicks that disable tracking cookies. Eventually, CookieEnforcer was packaged as a Chrome extension.
During testing, it was discovered that CookieEnforcer was 91% effective at automatically disabling cookies on more than 500 top websites, according to Tranco. CookieEnforcer’s error rate was also relatively low, according to the sources: It was tested against 500 domains, 250 of which had a cookie notice, 247 of which had cookie notices, and only one of those was a false positive. A few domains were overlooked due to unusual practices, such as placing the cookie notice in a unique site element or automatically blocking automated tools.
If you want to try CookieEnforcer, you’re out of luck: it’s not yet publicly available. The researcher team stated they are preparing the browser extension for general release but did not specify a date. Refer to the published researcher paper for more information.