Ankit Kariryaa, University of Copehagen & University of Bremen; Gian-Luca Savino and Carolin Stellmacher, University of Bremen; Johannes Schöning, University of Bremen & University of St. Gallen
Browser extensions enrich users' browsing experience, e.g., by blocking unwanted advertisements on websites. To perform these functions, users must grant certain permissions during the installation process. These permissions, however, give very limited information about the fact that they allow the extension to access user's personal data and browsing behaviour, posing security and privacy risks. To understand users' awareness of these privileges and the associated threats, we conducted an online survey with 353 participants, focusing on users' attitude, knowledge, and preference towards extensions' permission requests. We found that users report interest in seeking information, trust the developers but do little to protect their data. They have limited knowledge about the technical abilities of browser extensions and prefer permission statements that evoke a clear mental model. Based on our findings we derive recommendations for the improvement of browser extension permission dialogues through clear language, technical improvements and distinct responsibilities.
SOUPS 2021 Open Access Videos Sponsored by
Ethyca
Open Access Media
USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.
author = {Ankit Kariryaa and Gian-Luca Savino and Carolin Stellmacher and Johannes Sch{\"o}ning},
title = {Understanding Users{\textquoteright} Knowledge about the Privacy and Security of Browser Extensions},
booktitle = {Seventeenth Symposium on Usable Privacy and Security (SOUPS 2021)},
year = {2021},
isbn = {978-1-939133-25-0},
pages = {99--118},
url = {https://www.usenix.org/conference/soups2021/presentation/kariryaa},
publisher = {USENIX Association},
month = aug
}