Friction is a technique used to slow down Internet users, either to maintain government control or to reduce the burden on customer service. Autocratic governments that want to maintain control through state surveillance without jeopardizing their public legitimacy make frequent use of this technique. Friction involves building frustrating experiences into the design of websites and apps so that users who try to avoid monitoring or censorship become so a nuisance that they eventually give up.
My latest research sought to understand how website cookie notifications are used in the US to create friction and influence user behavior†
To do this research, I looked at the concept of mindless docility, an idea made infamous by Yale psychologist Stanley Milgram. Milgram’s Experiments— now considered a radical violation of research ethics — asked participants to administer electric shocks to fellow students to test obedience to authority.
Milgram’s research shows that people often agree to a request from an authority without first considering whether it is the right choice. In a much more routine case, I suspected this was also happening with website cookies.
I conducted a large, nationally representative experiment where users were presented with a pop-up message containing a default browser cookie, similar to the message you may have encountered on your way to reading this article.
I evaluated whether the cookie message elicited an emotional response – either anger or fear, both expected responses to online friction. And then I assessed how these cookie notifications affected Internet users’ willingness to express themselves online.
Online expression is central to democratic life, and various types of internet monitoring are known to suppress it†
The results showed that cookie notifications elicited strong feelings of anger and fear, suggesting that website cookies are no longer seen as the useful online tool they were designed for. Instead, they hinder access to information and make informed choices about one’s privacy rights.
And, as suspected, cookie notifications also reduced people’s expressed desire to express opinions, seek information, and go against the status quo.
Legislation regulating cookie notifications such as the EU General Data Protection Regulation and California Consumer Privacy Act are designed with the audience in mind. But reporting online tracking creates an unintended boomerang effect.
Second, cookie consents change regularly, and what data is requested and how it will be used should be paramount.
And third, US Internet users should have the right to be forgotten, or the right to delete online information about themselves that is harmful or not used for its original purpose, including the data collected by tracking cookies. This is a provision allowed under the General Data Protection Regulation, but does not apply to US Internet users.
Elizabeth Stoycheff is an associate professor of communications at Wayne State University.