research-article

Malicious interface design: exploiting the user

Authors:

Edward SobieskAuthors Info & Claims

WWW '10: Proceedings of the 19th international conference on World wide web

Pages 271 - 280

https://doi.org/10.1145/1772690.1772719

Published: 26 April 2010 Publication History

Abstract

In an ideal world, interface design is the art and science of helping users accomplish tasks in a timely, efficient, and pleasurable manner. This paper studies the inverse situation, the vast emergence of deliberately constructed malicious interfaces that violate design best practices in order to accomplish goals counter to those of the user. This has become a commonplace occurrence both on and off the desktop, particularly on the web. A primary objective of this paper is to formally define this problem, including construction of a taxonomy of malicious interface techniques and a preliminary analysis of their impact on users. Findings are presented that gauge the self-reported tolerance and expectation levels of users with regard to malicious interfaces as well as the effectiveness and ease of use of existing countermeasures. A second objective of this paper is to increase awareness, dialogue, and research in a domain that we consider largely unexplored but critical to future usability of the WWW. Our results were accomplished through significant compilation of malicious interface techniques based on review of thousands of web sites and by conducting three surveys. Ultimately, this paper concludes that malicious interfaces are a ubiquitous problem that demands intervention by the security and human computer interaction communities in order to reduce the negative impact on the global user population.

References

[1]

Rogers accused of hijacking other web pages. Canadian Broadcasting Corporation News, 11 December 2007. http://www.cbc.ca/technology/story/2007/12/11/tech-rogers.html, last accessed 1November 2009.

[2]

Road Runner Intercepting Domain Typos. Slashdot, 26 February 2008. http://slashdot.org/article.pl?sid=08/02/26/1741253&tid=95, last accessed 1 November 2009.

[3]

Kaminsky, D. Black Ops 2007: Design Reviewing the Web. Black Hat USA, 2007.

[4]

Web Accessibility Initiative. World Wide Web Consortium, 16 July 2008. http://www.w3.org/WAI/, last accessed 1 November 2009.

[5]

Disability Discrimination Act 1995. Office of Public Sector Information, United Kingdom. http://www.opsi.gov.uk/acts/acts1995/ukpga_19950050_en_1#19, last accessed 1 November 2009.

[6]

Americans with Disabilities Act Home Page. United States Department of Justice, 25 July 2008. http://www.ada.gov/, last accessed 1 November 2009.

[7]

The Rehabilitation Act. United States Department of Education, 13 December 2004.

[8]

Poulsen, K. Hackers Assault Epilepsy Patients via Computer. Wired, 28 March 2008. http://www.wired.com/politics/security/news/2008/03/epilepsy, last accessed 1 November 2009.

[9]

Cooper, A., Reimann, R., and Cronin, D. About Face. Wiley, 2007.

[10]

Dix, A., Finlay, J., Abowd, G., and Beale, R. Human-Computer Interaction. Prentice Hall, 2003.

Digital Library

[11]

Nielsen, J. Designing Web Usability. Peachpit Press, 1999.

Digital Library

[12]

Norman, D. The Design of Everyday Things. Basic Books, 2002.

Digital Library

[13]

Shneiderman, B. and Plaisant, C. Designing the User Interface. Addison-Wesley, 2004.

Digital Library

[14]

Tidwell, J. Designing Interfaces, O'Reilly, 2005.

Digital Library

[15]

Flanders, V. and Peters, D. Son of Web Pages That Suck. Sybex, 2002.

[16]

Johnson, J. GUI Bloopers 2.0. Morgan Kaufmann, 2007.

[17]

Nielsen, J. and Tahir, M. Homepage Usability. New Riders Press, 2001.

Digital Library

[18]

Parberry, I. The Internet and the Aspiring Games Programmer. Proceedings of DAGS 95, Electronic Publishing and the Information Superhighway, pp. 155--159, 1995.

[19]

Good, N., Dhamija, R., Grossklags, J., Thaw, D., Aronowitz, S., Mulligan, D., and Konstan, J. Stopping Spyware at the Gate: A User Study of Privacy, Notice and Spyware. Symposium on Usable Privacy and Security, 2005.

Digital Library

[20]

Jagatic, T., Johnson, N., Jakobsson, M., and Menczer, F. Social Phishing. Communications of the ACM, Vol. 50, Issue 10, pp. 94--100.

Digital Library

[21]

Sheng, S., Magnien, B., Kumaraguru, P., Acquisti, A., Cranor, L., Hong, J., and Nunge, E. Anti-Phishing Phil: The Design and Evaluation of a Game That Teaches People Not to Fall for Phish. Symposium on Usable Privacy and Security, 2007.

Digital Library

[22]

Conti, G., Ahamad, M., and Stasko, J. Attacking Information Visualization System Usability: Overloading and Deceiving the Human. Symposium on Usable Privacy and Security, 2005.

Digital Library

[23]

Ahamad, M., Mark, L., Lee, W., Omicienski, E., Dos Santos, A., Liu, L. and Pu, C. Guarding the Next Internet Frontier: Countering Denial of Information Attacks. New Security Paradigms Workshop, 2002.

Digital Library

[24]

Conti, G. and Ahamad, M. A Taxonomy and Framework for Countering Denial of Information Attacks. IEEE Security and Privacy. November/December 2005.

Digital Library

[25]

Benway, J. and Lane, D. Banner Blindness: Web Searchers Often Miss "Obvious" Links. Internetworking, Issue: 1.3, December 1998.

[26]

Bayles, M. Just How 'Blind' Are We to Advertising Banners on the Web? Usability News, Vol. 2, Issue 2, July 2000.

[27]

Norman, D. Commentary: Banner Blindness, Human Cognition and Web Design. Internetworking, Issue: 2.1, March 1999.

[28]

Pagendarm, M. and Schaumburg, H. Why Are Users Banner-Blind? The Impact of Navigation Style on the Perception of Web Banners. Journal of Digital Information, Vol. 2, No. 1, 2001.

[29]

Nielsen, J. Banner Blindness: Old and New Findings. Alertbox, 20 August 2007. http://www.useit.com/alertbox/banner-blindness.html, last accessed 1 November 2009.

[30]

Rohrer, C. and Boyd, J. The Rise of Online Advertising and the Response of User Experience Research at Yahoo!. Extended Abstract. Conference on Human Factors in Computing Systems, 2004.

Digital Library

[31]

Nielsen, J. The Most Hated Advertising Techniques. Alertbox, 6 December 2004. http://www.useit.com/alertbox/20041206.html, last accessed 27 July 2008.

[32]

Conti, G. and Sobiesk, E. Malicious Interfaces and Personalization's Uninviting Future. IEEE Security and Privacy, May/June 2009.

Digital Library

Cited By

Li WFlatla DArndt F(2025)Divergent deceptions: comparative analysis of Deceptive Patterns in iOS and Android appsBehaviour & Information Technology10.1080/0144929X.2025.2452359(1-30)Online publication date: 16-Jan-2025
https://doi.org/10.1080/0144929X.2025.2452359
Kreft JBoguszewicz-Kreft M(2024)Kids on the Net. "Manipulative Patterns" of Digital Media DesignZeszyty Prasoznawcze10.4467/22996362PZ.24.038.2055967:4 (260)(43-56)Online publication date: 2024
https://doi.org/10.4467/22996362PZ.24.038.20559
Kelly DRubin V(2024)Identifying Dark Patterns in User Account Disabling Interfaces: Content Analysis ResultsSocial Media + Society10.1177/2056305123122426910:1Online publication date: 27-Jan-2024
https://doi.org/10.1177/20563051231224269
Show More Cited By

Index Terms

Malicious interface design: exploiting the user
1. Human-centered computing

Recommendations

Malicious Interfaces and Personalization's Uninviting Future

Contrary to conventional wisdom, many computer interfaces don't assist users in accomplishing tasks quickly, easily, and efficiently. A growing number of interfaces, particularly on the Web, seek to frustrate user task accomplishment, instead seeking to ...
An empirical study of factors affecting the perceived usability of websites for student Internet users

This study analysed Student Internet Users’ (SIUs’) perception of Web usability. Adopting a user testing method, seven Web Usability Factors (WUFs) were tested for their significance in affecting the ease of use of website. Several elements in websites ...
Principles for human-centred design of IR interfaces
PROMISE'12: Proceedings of the 2012 international conference on Information Retrieval Meets Information Visualization

Since the '80s, Human-Computer Interaction (HCI) researchers have performed a lot of work to identify principles, techniques, and methodologies that can support design, evaluation and implementation of interactive systems that fulfill needs and ...

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences

WWW '10: Proceedings of the 19th international conference on World wide web

April 2010

1407 pages

ISBN:9781605587998

DOI:10.1145/1772690

General Chairs:
Michael Rappa
North Carolina State University, USA
,
Paul Jones
University of North Carolina at Chapel Hill, USA
,
Program Chairs:
Juliana Freire
University of Utah, USA
,
Soumen Chakrabarti
Indian Institute of Technology, India

Copyright © 2010 International World Wide Web Conference Committee (IW3C2).

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 26 April 2010

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

WWW '10

WWW '10: The 19th International World Wide Web Conference

April 26 - 30, 2010

North Carolina, Raleigh, USA

Acceptance Rates

Overall Acceptance Rate 1,899 of 8,196 submissions, 23%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

99
Total Citations
View Citations
2,831
Total Downloads

Downloads (Last 12 months)294
Downloads (Last 6 weeks)21

Reflects downloads up to 05 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Li WFlatla DArndt F(2025)Divergent deceptions: comparative analysis of Deceptive Patterns in iOS and Android appsBehaviour & Information Technology10.1080/0144929X.2025.2452359(1-30)Online publication date: 16-Jan-2025
https://doi.org/10.1080/0144929X.2025.2452359
Kreft JBoguszewicz-Kreft M(2024)Kids on the Net. "Manipulative Patterns" of Digital Media DesignZeszyty Prasoznawcze10.4467/22996362PZ.24.038.2055967:4 (260)(43-56)Online publication date: 2024
https://doi.org/10.4467/22996362PZ.24.038.20559
Kelly DRubin V(2024)Identifying Dark Patterns in User Account Disabling Interfaces: Content Analysis ResultsSocial Media + Society10.1177/2056305123122426910:1Online publication date: 27-Jan-2024
https://doi.org/10.1177/20563051231224269
Baroni LPereira R(2024)Deceptive Patterns under a Sociotechnical ViewProceedings of the XXIII Brazilian Symposium on Human Factors in Computing Systems10.1145/3702038.3702081(1-13)Online publication date: 7-Oct-2024
https://dl.acm.org/doi/10.1145/3702038.3702081
Kronhardt KRolfes KGerken J(2024)Trickery: Exploring a Serious Game Approach to Raise Awareness of Deceptive PatternsProceedings of the International Conference on Mobile and Ubiquitous Multimedia10.1145/3701571.3701588(133-147)Online publication date: 1-Dec-2024
https://dl.acm.org/doi/10.1145/3701571.3701588
Schäfer RSahabi SBrocker ABorchers J(2024)Growing Up With Dark Patterns: How Children Perceive Malicious User Interface DesignsProceedings of the 13th Nordic Conference on Human-Computer Interaction10.1145/3679318.3685358(1-17)Online publication date: 13-Oct-2024
https://dl.acm.org/doi/10.1145/3679318.3685358
de Haas ELee LHuang YBermejo CHui PLin ZCai JKankanhalli MPrabhakaran BBoll SSubramanian RZheng LSingh VCesar PXie LXu D(2024)Towards Trustworthy MetaShopping: Studying Manipulative Audiovisual Designs in Virtual-Physical Commercial PlatformsProceedings of the 32nd ACM International Conference on Multimedia10.1145/3664647.3681679(68-77)Online publication date: 28-Oct-2024
https://dl.acm.org/doi/10.1145/3664647.3681679
Renaud KSengul CCoopamootoo KClift BTaylor JSpringett MMorrison B(2024)“We’re Not That Gullible!” Revealing Dark Pattern Mental Models of 11-12-Year-Old Scottish ChildrenACM Transactions on Computer-Human Interaction10.1145/366034231:3(1-41)Online publication date: 23-Apr-2024
https://dl.acm.org/doi/10.1145/3660342
Krauß VSaeghe PBoden AKhamis MMcGill MGugenheimer JNebeling M(2024)What Makes XR Dark? Examining Emerging Dark Patterns in Augmented and Virtual Reality through Expert Co-DesignACM Transactions on Computer-Human Interaction10.1145/366034031:3(1-39)Online publication date: 22-Apr-2024
https://dl.acm.org/doi/10.1145/3660340
Alberts LLyngs UVan Kleek M(2024)Computers as Bad Social Actors: Dark Patterns and Anti-Patterns in Interfaces that Act SociallyProceedings of the ACM on Human-Computer Interaction10.1145/36536938:CSCW1(1-25)Online publication date: 26-Apr-2024
https://dl.acm.org/doi/10.1145/3653693
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

EPUB

View this article in ePub.

Figures

Tables

Media

View Table of Conten