Effective Notification Campaigns on the Web: A Matter of Trust, Framing, and Support

by   Max Maass, et al.

Misconfigurations and outdated software are a major cause of compromised websites and data leaks. Past research has proposed and evaluated sending automated security notifications to the operators of misconfigured websites, but encountered issues with reachability, mistrust, and a perceived lack of importance. In this paper, we seek to understand the determinants of effective notifications. We identify a data protection misconfiguration that affects 12.7 Using a subset of 4754 websites, we conduct a multivariate randomized controlled notification experiment, evaluating contact medium, sender, and framing of the message. We also include a link to a public web-based self-service tool that is run by us in disguise and conduct an anonymous survey of the notified website owners (N=477) to understand their perspective. We find that framing a misconfiguration as a problem of legal compliance can increase remediation rates, especially when the notification is sent as a letter from a legal research group, achieving remediation rates of 76.3 compared to 33.9 about a privacy issue. Across all groups, 56.6 the issue, compared to 9.2 factors that lead website owners to trust a notification, show what framing of the notification brings them into action, and how they can be supported in remediating the issue.


page 2

page 4

page 7

page 8

page 10

page 11

page 16

page 17


Snail Mail Beats Email Any Day: On Effective Operator Security Notifications in the Internet

In the era of large-scale internet scanning, misconfigured websites are ...

Performance Evaluation of Shared Hosting Security Methods

Shared hosting is a kind of web hosting in which multiple websites resid...

Legitimate Interest is the New Consent – Large-Scale Measurement and Legal Compliance of IAB TCF Paywalls

Cookie paywalls allow visitors of a website to access its content only a...

Hide and seek in Slovakia: utilizing tracking code data to uncover untrustworthy website networks

The proliferation of misleading or false information spread by untrustwo...

Privacy Rarely Considered: Exploring Considerations in the Adoption of Third-Party Services by Websites

Modern websites frequently use and embed third-party services to facilit...

Trollthrottle – Raising the Cost of Astroturfing

Astroturfing, i.e., the fabrication of public discourse by private or st...

Towards an automated repository for indexing, analysis and characterization of municipal e-government websites in Mexico

This article addresses a problem in the electronic government discipline...

Please sign up or login with your details

Forgot password? Click here to reset