Permission Rationales in the Web Ecosystem: An Exploration of Rationale Text and Design Patterns

要旨

Modern web applications use features like camera and geolocation for personalized experiences, requiring user permission via browser prompts. To explain these requests, applications provide rationales—contextual information on why permissions are needed. Despite their importance, little is known about how often rationales appear on the web or their influence on user decisions. This paper presents the first large-scale study of how the web ecosystem handles permission rationales, covering three areas: (i) identifying webpages that use permissions, (ii) detecting and classifying permission rationales, and (iii) analyzing their attributes to understand their impact on user decisions. We examined over 770K webpages from Chrome telemetry, finding 3.6K unique rationale texts and 749 rationale UIs across 85K pages. We extracted key rationale attributes and assessed their effect on user behavior by cross-referencing them with Chrome telemetry data. Our findings reveal nine key insights, providing the first evidence of how different rationales affect user decisions.

受賞
Best Paper
著者
Yusra Elbitar
CISPA Helmholtz Center for Information Security, Saarbruecken, Germany
Soheil Khodayari
CISPA Helmholtz Center for Information Security, Saarbruecken, Germany
Marian Harbach
Google, Munich, Germany
Gianluca De Stefano
CISPA Helmholtz Center for Information Security, Saarbruecken, Germany
Balazs Csaba. Engedy
Google, Munich, Germany
Giancarlo Pellegrino
CISPA Helmholtz Center for Information Security, Saarbruecken, Germany
Sven Bugiel
CISPA Helmholtz Center for Information Security, Saarbruecken, Germany
DOI

10.1145/3706598.3713547

論文URL

https://dl.acm.org/doi/10.1145/3706598.3713547

動画

会議: CHI 2025

The ACM CHI Conference on Human Factors in Computing Systems (https://chi2025.acm.org/)

セッション: Security in HCI

Annex Hall F204
7 件の発表
2025-05-01 01:20:00
2025-05-01 02:50:00
日本語まとめ
読み込み中…