D.1 This Website Uses Cookies: Users' Perceptions and Reactions to the Cookie Disclaimer

- Nina Gerber -

In the digital world, users carry out their day to day tasks via different kind of digital services, e.g. web services, sensor or social networks. While using those services, users have to make many decisions that involve providing their personal data or conducting security-critical transactions. These decisions are often made based upon multiple factors, such as the trustworthiness of the service, the risk assessment of a particular decision or an optimal trade-off between security and functionality or ease of use. The evaluation of these factors, however, is a non-trivial task for most of the users. As such, while the technically adept experts can rely on their knowledge and experience, laypersons often have no other option but to trust a given service blindly. Furthermore, even for experts a proper assessment of the risks or the trustworthiness of the service can be too time-consuming in many cases. Making wrong decisions, however, could potentially have serious consequences for the user, such as loss of social reputation (e.g., identity theft), a financial loss (e.g., phishing) and can even cause direct or indirect physical harm (e.g., critical infrastructure). The goal of the D.1 research area is to develop an “assistant for trustworthiness assessments”, called AlterEgo , which will support informed decision making of users depending on their individual knowledge and skills. The idea of AlterEgo is as follows. During the setup phase, AlterEgo and users have to get to know each other. While users become familiar with the given possible settings, especially regarding their privacy, AlterEgo has to broadly find out the key interests and the mental model of an individual user. This should allow AlterEgo to properly take actions and communicate with the user. Especially for the latter point, risk messages that inform about potential harms have be communicated in a manner that understandable for the individual user by taking the users mental models into account. For this purpose, research has to be conducted that studies the factors, heuristics and common misconceptions that the users employ in order to make privacy-related decisions in different domains, such as while deciding whether to install an app on their smartphone, or which forms to fill in on the registration website. If users’ preferences are known, special actions taken by AlterEgo should proceed automatically without extra user interaction. A resulting task is to find out if the communication of completed processes is helpful or even disturbing.