CSChecker: Revisiting GDPR and CCPA Compliance of Cookie Banners on the Web (ICSE 2024 - Research Track)

Fri 12 - Sun 21 April 2024 Lisbon, Portugal

Who

Mingxue Zhang, Wei Meng, You Zhou, Kui Ren

Track

ICSE 2024 Research Track

Time Zone

The program is currently displayed in (GMT+01:00) Lisbon.

Use conference time zone: (GMT+01:00) LisbonSelect other time zone

The GMT offsets shown reflect the offsets at the moment of the conference.

Time Band

By setting a time band, the program will dim events that are outside this time window. This is useful for (virtual) conferences with a continuous program (with repeated sessions).
The time band will also limit the events that are included in the personal iCalendar subscription service.

Display full programSpecify a time band

Save

When

Fri 19 Apr 2024 16:30 - 16:45 at Eugénio de Andrade - Static Detection Techniques Chair(s): Valentina Lenarduzzi

Abstract

Privacy regulations like GDPR and CCPA have greatly affected online advertising and tracking strategies. To comply with the regulations, websites need to display consent management UIs (i.e., cookie banners) implemented under the corresponding technical frameworks, allowing users to specify consents regarding their personal data processing. Although prior works have investigated the cookie banner compliance problems with GDPR, the technical specification has significantly changed. The compliance status under the latest framework remains unclear. There also lacks a systematic study of CCPA banner compliance. More importantly, most work have focused on detecting the regulation violations, whereas little is known about the possible culprits and causes.

In this paper, we develop CSChecker, a browser-based tool that monitors and records consent strings on websites. We use CSChecker to analyze the GDPR and CCPA cookie banners, and reveal previously unknown compliance problems under both frameworks. We also discover and analyze possible miscreants leading to the violations, e.g., consent management providers that return wrong consent data. The comparison of the two frameworks inspires several suggestions about the design of cookie banners, the implementation of opt-out mechanisms, and the enforcement of user consent choices.

Mingxue Zhang

Zhejiang University

Wei Meng

Chinese University of Hong Kong

China

You Zhou

Zhejiang University

Kui Ren

Zhejiang University

Time Zone

The program is currently displayed in (GMT+01:00) Lisbon.

Use conference time zone: (GMT+01:00) LisbonSelect other time zone

The GMT offsets shown reflect the offsets at the moment of the conference.

Time Band

Display full programSpecify a time band

Save

Session Program

Fri 19 Apr
Displayed time zone: Lisbon change

16:00 - 17:30	Static Detection TechniquesSoftware Engineering in Practice / Research Track at Eugénio de Andrade Chair(s): Valentina Lenarduzzi University of Oulu

16:00 15m Talk		MalwareTotal: Multi-Faceted and Sequence-Aware Bypass Tactics against Static Malware Detection Research Track Shuai He Huazhong University of Science and Technology, Cai Fu Huazhong University of Science and Technology, Hong Hu Pennsylvania State University, Jiahe Chen Huazhong University of Science and Technology, Jianqiang Lv Huazhong University of Science and Technology, Shuai Jiang Huazhong University of Science and Technology Link to publication
16:15 15m Talk		Semantic-Enhanced Static Vulnerability Detection in Baseband Firmware Research Track Yiming Liu Institute of Information Engineering, Chinese Academy of Sciences, Cen Zhang Nanyang Technological University, Feng Li Key Laboratory of Network Assessment Technology, Institute of Information Engineering, Chinese Academy of Sciences, China; School of CyberSpace Security at University of Chinese Academy of Sciences, China, Yeting Li Institute of Information Engineering at Chinese Academy of Sciences; University of Chinese Academy of Sciences, Jianhua Zhou Key Laboratory of Network Assessment Technology, Institute of Information Engineering, Chinese Academy of Sciences, China, Jian Wang Institute of Information Engineering, Chinese Academy of Sciences, Lanlan Zhan Institute of Information Engineering, Chinese Academy of Sciences, Yang Liu Nanyang Technological University, Wei Huo Institute of Information Engineering at Chinese Academy of Sciences
16:30 15m Talk		CSChecker: Revisiting GDPR and CCPA Compliance of Cookie Banners on the Web Research Track Mingxue Zhang Zhejiang University, Wei Meng Chinese University of Hong Kong, You Zhou Zhejiang University, Kui Ren Zhejiang University
16:45 15m Talk		Raisin: Identifying Rare Sensitive Functions for Bug Detection Research Track Jianjun Huang Renmin University of China, Jianglei Nie Renmin University of China, Yuanjun Gong Renmin University of China, Wei You Renmin University of China, Bin Liang Renmin University of China, China, Pan Bian Huawei Technologies CO., LTD., China
17:00 15m Talk		Broadly Enabling KLEE to Effortlessly Find Unrecoverable Errors in Rust Software Engineering in Practice Ying Zhang Virginia Tech, Peng Li Zoox, Yu Ding Google, Wang Lingxiang Microsoft, Dan Williams Virginia Tech, Na Meng Virginia Tech Pre-print
17:15 15m Talk		Inference for Ever-Changing Policy of Taint Analysis Software Engineering in Practice Wen-Hao Chiang Amazon Web Services, Peixuan Li Amazon Web Services, Qiang Zhou Amazon Web Services, Subarno Banerjee Amazon Web Services, Martin Schäf Amazon Web Services, Yingjun Lyu Amazon Web Services, Hoan Nguyen Amazon Web Services, Omer Tripp Amazon Web Services