View article

The General Data Protection Regulation (GDPR) and related regulations have had a profound impact on most aspects related to privacy on the Internet. By requiring the user’s consent for e.g., tracking, an affirmative action has to take place before such data collection is lawful, leading to spread of so-called cookie banners across the Web. While the privacy impact and how well companies adhere to those regulations have been studied in detail, an open question is what effect these banners have on the security of netizens.

In this work, we systematically investigate the security impact of consenting to a cookie banner. For this, we design an approach to automatically give maximum consent to these banners, enabling us to conduct a large-scale crawl. Thereby, we find that a user who consents to tracking executes 45% more third-party scripts and is exposed to 63% more security sensitive data flows on average. This …