{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,13]],"date-time":"2026-04-13T22:53:20Z","timestamp":1776120800768,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":126,"publisher":"ACM","license":[{"start":{"date-parts":[[2025,4,25]],"date-time":"2025-04-25T00:00:00Z","timestamp":1745539200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2025,4,26]]},"DOI":"10.1145\/3706598.3713493","type":"proceedings-article","created":{"date-parts":[[2025,4,24]],"date-time":"2025-04-24T05:30:26Z","timestamp":1745472626000},"page":"1-22","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":5,"title":["From Awareness to Action: The Effects of Experiential Learning on Educating Users about Dark Patterns"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0009-0006-6564-4386","authenticated-orcid":false,"given":"Jingzhou","family":"Ye","sequence":"first","affiliation":[{"name":"Computer and Information Science, The University of Central Florida, Orlando, Florida, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-5662-0784","authenticated-orcid":false,"given":"Yao","family":"Li","sequence":"additional","affiliation":[{"name":"University of Central Florida, Orlando, Florida, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-2476-289X","authenticated-orcid":false,"given":"Wenting","family":"Zou","sequence":"additional","affiliation":[{"name":"Education Psychology, The Pennsylvania State University, State college, Pennsylvania, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-9038-4460","authenticated-orcid":false,"given":"Xueqiang","family":"Wang","sequence":"additional","affiliation":[{"name":"University of Central Florida, Orlando, Florida, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2025,4,25]]},"reference":[{"key":"e_1_3_3_3_2_2","unstructured":"[n. d.]. Federal Trade Commission. https:\/\/www.ftc.gov\/. Accessed: 2024-09-11."},{"key":"e_1_3_3_3_3_2","unstructured":"[n. d.]. Free Online Survey Maker Tool - Qualtrics. https:\/\/www.qualtrics.com\/free-account\/. Accessed: 2024-09-11."},{"key":"e_1_3_3_3_4_2","unstructured":"2007. The Mann \u2010 Whitney U: A Test for Assessing Whether Two Independent Samples Come from the Same Distribution. https:\/\/api.semanticscholar.org\/CorpusID:59357756"},{"key":"e_1_3_3_3_5_2","unstructured":"2018. Dark Patterns. https:\/\/darkpatterns.uxp2.com\/."},{"key":"e_1_3_3_3_6_2","unstructured":"2023. Microsoft Security \u2013 Cybersecurity | Microsoft. https:\/\/www.microsoft.com\/en-us\/security?rtc=1 Accessed: 2023-06-20."},{"key":"e_1_3_3_3_7_2","doi-asserted-by":"crossref","unstructured":"Ritu Agarwal and Elena Karahanna. 2000. Time flies when you\u2019re having fun: Cognitive absorption and beliefs about information technology usage. MIS quarterly (2000) 665\u2013694.","DOI":"10.2307\/3250951"},{"key":"e_1_3_3_3_8_2","unstructured":"I Ajzen. 2002. Constructing a TPB questionnaire: Conceptual and methodological considerations. University of Massechusetts Amherst Office of Information Technologies (2002)."},{"key":"e_1_3_3_3_9_2","doi-asserted-by":"publisher","DOI":"10.1145\/3532105.3535013"},{"key":"e_1_3_3_3_10_2","doi-asserted-by":"crossref","unstructured":"Eirik Albrechtsen and Jan Hovden. 2010. Improving information security awareness and behaviour through dialogue participation and collective reflection. An intervention study. Computers & Security 29 4 (2010) 432\u2013445.","DOI":"10.1016\/j.cose.2009.12.005"},{"key":"e_1_3_3_3_11_2","doi-asserted-by":"crossref","unstructured":"Nalin Asanka\u00a0Gamagedara Arachchilage Steve Love and Konstantin Beznosov. 2016. Phishing threat avoidance behaviour: An empirical investigation. Computers in Human Behavior 60 (2016) 185\u2013197.","DOI":"10.1016\/j.chb.2016.02.065"},{"key":"e_1_3_3_3_12_2","doi-asserted-by":"crossref","unstructured":"Shahryar Baki and Rakesh\u00a0M Verma. 2022. Sixteen Years of Phishing User Studies: What Have We Learned? IEEE Transactions on Dependable and Secure Computing 20 2 (2022) 1200\u20131212.","DOI":"10.1109\/TDSC.2022.3151103"},{"key":"e_1_3_3_3_13_2","doi-asserted-by":"crossref","unstructured":"Victoria\u00a0Simpson Beck Stephanie\u00a0K Boys Hannah\u00a0J Haas and Karen\u00a0N King. 2017. How do you use experiential learning to bridge the classroom and the real world? New Directions for Teaching and Learning 2017 151 (2017) 97\u2013115.","DOI":"10.1002\/tl.20251"},{"key":"e_1_3_3_3_14_2","doi-asserted-by":"publisher","DOI":"10.1109\/RE.2016.39"},{"key":"e_1_3_3_3_15_2","unstructured":"Federal\u00a0Reserve Board. 2008. Consumer Compliance Handbook: Section 5 of the FTC Act. https:\/\/www.federalreserve.gov\/boarddocs\/supmanual\/cch\/200806\/ftca.pdf. Accessed: 2024-08-26."},{"key":"e_1_3_3_3_16_2","doi-asserted-by":"crossref","unstructured":"Christoph B\u00f6sch Benjamin Erb Frank Kargl Henning Kopp and Stefan Pfattheicher. 2016. Tales from the Dark Side: Privacy Dark Strategies and Privacy Dark Patterns. Proc. Priv. Enhancing Technol. 2016 4 (2016) 237\u2013254.","DOI":"10.1515\/popets-2016-0038"},{"key":"e_1_3_3_3_17_2","doi-asserted-by":"crossref","unstructured":"Virginia Braun and Victoria Clarke. 2006. Using thematic analysis in psychology. Qualitative research in psychology 3 2 (2006) 77\u2013101.","DOI":"10.1191\/1478088706qp063oa"},{"key":"e_1_3_3_3_18_2","unstructured":"H Brignull M Leiser C Santos and K Doshi. 2010. Dark Patterns. https:\/\/twitter.com\/darkpatterns Accessed: 2024-08-26."},{"key":"e_1_3_3_3_19_2","unstructured":"H Brignull M Leiser C Santos and K Doshi. 2010. Deceptive patterns \u2013 user interfaces designed to trick you. https:\/\/www.deceptive.design\/"},{"key":"e_1_3_3_3_20_2","unstructured":"H Brignull M Leiser C Santos and K Doshi. 2015. Forced email collection. https:\/\/www.deceptive.design\/types\/forced-action"},{"key":"e_1_3_3_3_21_2","unstructured":"H Brignull M Leiser C Santos and K Doshi. 2015. Sneaking cart. https:\/\/www.deceptive.design\/types\/sneaking"},{"key":"e_1_3_3_3_22_2","unstructured":"H Brignull M Leiser C Santos and K Doshi. 2020. Executive-committee of the Belgian DPA (GBA) v. Rossel & Cie. https:\/\/www.deceptive.design\/cases\/executive-committee-of-the-belgian-dpa-gba-v-rossel-cie"},{"key":"e_1_3_3_3_23_2","unstructured":"H Brignull M Leiser C Santos and K Doshi. 2021. Deliberation of the Restricted Committee concerning Google LLC and Google Ireland Limited. https:\/\/www.deceptive.design\/cases\/deliberation-of-the-restricted-committee-concerning-google-llc-and-google-ireland-limited#:\u00a0:text=Outcome the%20French%20Data%20Protection%20Act"},{"key":"e_1_3_3_3_24_2","unstructured":"H Brignull M Leiser C Santos and K Doshi. 2021. Preselection deceptive pattern. https:\/\/www.deceptive.design\/types\/preselection"},{"key":"e_1_3_3_3_25_2","unstructured":"H Brignull M Leiser C Santos and K Doshi. 2022. Deliberation of the restricted formation SAN-2022-027 concerning TikTok. https:\/\/www.deceptive.design\/cases\/deliberation-of-the-restricted-formation-san-2022-027-concerning-tiktok"},{"key":"e_1_3_3_3_26_2","doi-asserted-by":"publisher","DOI":"10.1109\/DSN58367.2023.00052"},{"key":"e_1_3_3_3_27_2","doi-asserted-by":"publisher","DOI":"10.1145\/3586183.3606783"},{"key":"e_1_3_3_3_28_2","volume-title":"ASE@ USENIX Security Symposium","author":"Chothia Tom","year":"2017","unstructured":"Tom Chothia, Sam Holdcroft, Andreea-Ina Radu, and Richard\u00a0J Thomas. 2017. Jail, Hero or Drug Lord? Turning a Cyber Security Course Into an 11 Week Choose Your Own Adventure Story.. In ASE@ USENIX Security Symposium."},{"key":"e_1_3_3_3_29_2","doi-asserted-by":"publisher","DOI":"10.1145\/3270316.3273042"},{"key":"e_1_3_3_3_30_2","unstructured":"Federal\u00a0Trade Commission. [n. d.]. Restore Online Shoppers\u2019 Confidence Act. https:\/\/www.ftc.gov\/legal-library\/browse\/statutes\/restore-online-shoppers-confidence-act. Accessed: 2024-08-26."},{"key":"e_1_3_3_3_31_2","unstructured":"Federal\u00a0Trade Commission. 2011. Facebook Settles FTC Charges That It Deceived Consumers by Failing to Keep Privacy Promises. https:\/\/www.ftc.gov\/news-events\/news\/press-releases\/2011\/11\/facebook-settles-ftc-charges-it-deceived-consumers-failing-keep-privacy-promises. Accessed: 2024-08-26."},{"key":"e_1_3_3_3_32_2","unstructured":"Federal\u00a0Trade Commission. 2019. FTC Imposes $5 Billion Penalty and Sweeping New Privacy Restrictions on Facebook. https:\/\/www.ftc.gov\/news-events\/news\/press-releases\/2019\/07\/ftc-imposes-5-billion-penalty-sweeping-new-privacy-restrictions-facebook. Accessed: 2024-08-26."},{"key":"e_1_3_3_3_33_2","unstructured":"Federal\u00a0Trade Commission. 2021. FTC to Ramp Up Enforcement Against Illegal Dark Patterns That Trick or Trap Consumers into Subscriptions. https:\/\/www.ftc.gov\/news-events\/news\/press-releases\/2021\/10\/ftc-ramp-enforcement-against-illegal-dark-patterns-trick-or-trap-consumers-subscriptions. Accessed: 2024-08-26."},{"key":"e_1_3_3_3_34_2","doi-asserted-by":"crossref","unstructured":"Benjamin\u00a0D Cone Cynthia\u00a0E Irvine Michael\u00a0F Thompson and Thuy\u00a0D Nguyen. 2007. A video game for cyber security training and awareness. computers & security 26 1 (2007) 63\u201372.","DOI":"10.1016\/j.cose.2006.10.005"},{"key":"e_1_3_3_3_35_2","doi-asserted-by":"publisher","DOI":"10.1007\/0-387-33406-8_37"},{"key":"e_1_3_3_3_36_2","volume-title":"Practical nonparametric statistics","author":"Conover WJ","year":"1999","unstructured":"WJ Conover. 1999. Practical nonparametric statistics. John Wiley & Sons, Inc."},{"key":"e_1_3_3_3_37_2","doi-asserted-by":"publisher","DOI":"10.1145\/1772690.1772719"},{"key":"e_1_3_3_3_38_2","doi-asserted-by":"publisher","DOI":"10.1145\/3626252.3630757"},{"key":"e_1_3_3_3_39_2","doi-asserted-by":"crossref","unstructured":"Lee\u00a0J Cronbach. 1951. Coefficient alpha and the internal structure of tests. psychometrika 16 3 (1951) 297\u2013334.","DOI":"10.1007\/BF02310555"},{"key":"e_1_3_3_3_40_2","first-page":"143","volume-title":"10th Symposium On Usable Privacy and Security ({ SOUPS} 2014)","author":"Das Sauvik","year":"2014","unstructured":"Sauvik Das, Tiffany Hyun-Jin Kim, Laura\u00a0A Dabbish, and Jason\u00a0I Hong. 2014. The effect of social influence on security sensitivity. In 10th Symposium On Usable Privacy and Security ({ SOUPS} 2014). 143\u2013157."},{"key":"e_1_3_3_3_41_2","doi-asserted-by":"publisher","DOI":"10.1145\/3173574.3173575"},{"key":"e_1_3_3_3_42_2","doi-asserted-by":"publisher","DOI":"10.1109\/CIC50333.2020.00027"},{"key":"e_1_3_3_3_43_2","doi-asserted-by":"crossref","unstructured":"Siddhartha Datta Konrad Kollnig and Nigel Shadbolt. 2022. GreaseVision: Rewriting the rules of the interface. arXiv preprint arXiv:https:\/\/arXiv.org\/abs\/2204.03731 (2022).","DOI":"10.18653\/v1\/2022.dadc-1.2"},{"key":"e_1_3_3_3_44_2","doi-asserted-by":"publisher","DOI":"10.1145\/3490099.3511152"},{"key":"e_1_3_3_3_45_2","doi-asserted-by":"publisher","DOI":"10.1145\/2508859.2516753"},{"key":"e_1_3_3_3_46_2","unstructured":"Deceptive Design. 2023. French Data Protection Act Article 82. https:\/\/www.deceptive.design\/laws\/french-data-protection-act-article-82. Accessed: 2024-08-26."},{"key":"e_1_3_3_3_47_2","unstructured":"Deceptive Design. 2023. Section 6:3:3A of the Dutch Civil Code: Unfair Commercial Practices. https:\/\/www.deceptive.design\/laws\/section-6-3-3a-of-the-dutch-civil-code-unfair-commercial-practices. Accessed: 2024-08-26."},{"key":"e_1_3_3_3_48_2","doi-asserted-by":"publisher","DOI":"10.1145\/3313831.3376600"},{"key":"e_1_3_3_3_49_2","doi-asserted-by":"crossref","unstructured":"Ersin Dincelli and InduShobha Chengalur-Smith. 2020. Choose your own training adventure: designing a gamified SETA artefact for improving information security and privacy through interactive storytelling. European Journal of Information Systems 29 6 (2020) 669\u2013687.","DOI":"10.1080\/0960085X.2020.1797546"},{"key":"e_1_3_3_3_50_2","doi-asserted-by":"publisher","DOI":"10.1145\/3236024.3236045"},{"key":"e_1_3_3_3_51_2","doi-asserted-by":"publisher","DOI":"10.1145\/3377814.3381710"},{"key":"e_1_3_3_3_52_2","unstructured":"Federal Trade Commission. 2021. Age Learning Inc. (ABCmouse). https:\/\/www.ftc.gov\/legal-library\/browse\/cases-proceedings\/172-3186-age-learning-inc-abcmouse Accessed: 2024-08-26."},{"key":"e_1_3_3_3_53_2","unstructured":"Federal Trade Commission. 2021. Bringing Dark Patterns to Light: FTC Workshop. https:\/\/www.ftc.gov\/news-events\/events\/2021\/04\/bringing-dark-patterns-light-ftc-workshop Accessed: 2024-08-26."},{"key":"e_1_3_3_3_54_2","unstructured":"Federal Trade Commission. 2022. FTC Report Shows Rise in Sophisticated \"Dark Patterns\" Designed to Trick and Trap Consumers. https:\/\/www.ftc.gov\/news-events\/news\/press-releases\/2022\/09\/ftc-report-shows-rise-sophisticated-dark-patterns-designed-trick-trap-consumers."},{"key":"e_1_3_3_3_55_2","unstructured":"Chris Fennell and Rick Wash. 2019. Do stories help people adopt two-factor authentication? Studies 1 2 (2019) 3."},{"key":"e_1_3_3_3_56_2","doi-asserted-by":"publisher","DOI":"10.1145\/3677525.3678679"},{"key":"e_1_3_3_3_57_2","doi-asserted-by":"crossref","unstructured":"Susanne Furman Mary\u00a0Frances Theofanos Yee-Yin Choong and Brian Stanton. 2011. Basing cybersecurity training on user perceptions. IEEE Security & Privacy 10 2 (2011) 40\u201349.","DOI":"10.1109\/MSP.2011.180"},{"key":"e_1_3_3_3_58_2","volume-title":"6th Workshop on Cyber Security Experimentation and Test ({ CSET} 13)","author":"Gondree Mark","year":"2013","unstructured":"Mark Gondree and Zachary\u00a0NJ Peterson. 2013. Valuing security by getting [d0x3d!]: Experiences with a network security board game. In 6th Workshop on Cyber Security Experimentation and Test ({ CSET} 13)."},{"key":"e_1_3_3_3_59_2","doi-asserted-by":"crossref","unstructured":"John\u00a0R Goodall Wayne\u00a0G Lutters and Anita Komlodi. 2009. Developing expertise for network intrusion detection. Information Technology & People 22 2 (2009) 92\u2013108.","DOI":"10.1108\/09593840910962186"},{"key":"e_1_3_3_3_60_2","doi-asserted-by":"publisher","DOI":"10.1145\/3357236.3395486"},{"key":"e_1_3_3_3_61_2","doi-asserted-by":"publisher","DOI":"10.1145\/3173574.3174108"},{"key":"e_1_3_3_3_62_2","doi-asserted-by":"crossref","unstructured":"JOHANNA GUNAWAN AMOGH PRADEEP DAVID CHOFFNES WOODROW HARTZOG and CHRISTO WILSON. 2021. A Comparative Study of Dark Patterns Across Mobile and Web Modalities. (2021).","DOI":"10.1145\/3479521"},{"key":"e_1_3_3_3_63_2","first-page":"411","volume-title":"SOUPS@ USENIX Security Symposium","author":"Haney Julie\u00a0M","year":"2018","unstructured":"Julie\u00a0M Haney and Wayne\u00a0G Lutters. 2018. \"It\u2019s Scary... It\u2019s Confusing... It\u2019s Dull\": How Cybersecurity Advocates Overcome Negative Perceptions of Security.. In SOUPS@ USENIX Security Symposium. 411\u2013425."},{"key":"e_1_3_3_3_64_2","doi-asserted-by":"crossref","unstructured":"Stephen Hart Andrea Margheri Federica Paci and Vladimiro Sassone. 2020. Riskio: A serious game for cyber security awareness and education. Computers & Security 95 (2020) 101827.","DOI":"10.1016\/j.cose.2020.101827"},{"key":"e_1_3_3_3_65_2","unstructured":"Stephanie\u00a0D Hight. 2005. The importance of a security education training and awareness program November 2005. City of Raleigh (2005) 1\u20135."},{"key":"e_1_3_3_3_66_2","doi-asserted-by":"crossref","unstructured":"Sebastian Hobert Asbj\u00f8rn F\u00f8lstad and Effie Lai-Chong Law. 2023. Chatbots for active learning: A case of phishing email identification. International Journal of Human-Computer Studies 179 (2023) 103108.","DOI":"10.1016\/j.ijhcs.2023.103108"},{"key":"e_1_3_3_3_67_2","doi-asserted-by":"crossref","unstructured":"David\u00a0Michael Hull Sebastian\u00a0Walter Schuetz and Paul\u00a0Benjamin Lowry. 2023. Tell me a story: The effects that narratives exert on meaningful-engagement outcomes in antiphishing training. Computers & Security 129 (2023) 103252.","DOI":"10.1016\/j.cose.2023.103252"},{"key":"e_1_3_3_3_68_2","doi-asserted-by":"publisher","DOI":"10.1145\/3613904.3642674"},{"key":"e_1_3_3_3_69_2","doi-asserted-by":"publisher","DOI":"10.5555\/1121597"},{"key":"e_1_3_3_3_70_2","doi-asserted-by":"crossref","unstructured":"Keith\u00a0S Jones Akbar\u00a0Siami Namin and Miriam\u00a0E Armstrong. 2018. The core cyber-defense knowledge skills and abilities that cybersecurity students should learn in school: Results from interviews with cybersecurity professionals. ACM Transactions on Computing Education (TOCE) 18 3 (2018) 1\u201312.","DOI":"10.1145\/3152893"},{"key":"e_1_3_3_3_71_2","doi-asserted-by":"crossref","unstructured":"Jin Kang and Audrey Girouard. 2022. Impact of UX internships on human-computer interaction graduate students: a qualitative analysis of internship reports. ACM Transactions on Computing Education (TOCE) 22 4 (2022) 1\u201325.","DOI":"10.1145\/3517132"},{"key":"e_1_3_3_3_72_2","doi-asserted-by":"crossref","unstructured":"Mari Karjalainen and Mikko Siponen. 2011. Toward a new meta-theory for designing information systems (IS) security training approaches. Journal of the Association for Information Systems 12 8 (2011) 3.","DOI":"10.17705\/1jais.00274"},{"key":"e_1_3_3_3_73_2","volume-title":"Experiential learning: Experience as the source of learning and development","author":"Kolb David\u00a0A","year":"2014","unstructured":"David\u00a0A Kolb. 2014. Experiential learning: Experience as the source of learning and development. FT press."},{"key":"e_1_3_3_3_74_2","doi-asserted-by":"publisher","DOI":"10.1145\/3411763.3451632"},{"key":"e_1_3_3_3_75_2","doi-asserted-by":"crossref","unstructured":"Ponnurangam Kumaraguru Steve Sheng Alessandro Acquisti Lorrie\u00a0Faith Cranor and Jason Hong. 2010. Teaching Johnny not to fall for phish. ACM Transactions on Internet Technology (TOIT) 10 2 (2010) 1\u201331.","DOI":"10.1145\/1754393.1754396"},{"key":"e_1_3_3_3_76_2","unstructured":"UXP2 Lab. 2024. Dawn of War III: Required Secondary Subscription. https:\/\/darkpatterns.uxp2.com\/pattern\/required-secondary-subscription\/."},{"key":"e_1_3_3_3_77_2","unstructured":"UXP2 Lab. 2024. Google Location Services: Spam. https:\/\/darkpatterns.uxp2.com\/pattern\/google-location-services-spam\/."},{"key":"e_1_3_3_3_78_2","unstructured":"UXP2 Lab. 2024. Instagram - No Option for No. https:\/\/darkpatterns.uxp2.com\/pattern\/instagram-no-option-for-no\/."},{"key":"e_1_3_3_3_79_2","unstructured":"UXP2 Lab. 2024. Quora: Automatic Opt-In. https:\/\/darkpatterns.uxp2.com\/pattern\/quora-automatic-opt-in\/."},{"key":"e_1_3_3_3_80_2","doi-asserted-by":"publisher","DOI":"10.1145\/3125659.3125686"},{"key":"e_1_3_3_3_81_2","unstructured":"Danyang Li. 2022. The FTC and the CPRA\u2019s regulation of dark patterns in cookie consent notices. The University of Chicago Business Law Review 1 1 (2022) 19."},{"key":"e_1_3_3_3_82_2","first-page":"57","volume-title":"11th USENIX symposium on networked systems design and implementation (NSDI 14)","author":"Liu Bin","year":"2014","unstructured":"Bin Liu, Suman Nath, Ramesh Govindan, and Jie Liu. 2014. { DECAF} : Detecting and characterizing ad fraud in mobile apps. In 11th USENIX symposium on networked systems design and implementation (NSDI 14). 57\u201370."},{"key":"e_1_3_3_3_83_2","doi-asserted-by":"crossref","unstructured":"Jamie Luguri and Lior\u00a0Jacob Strahilevitz. 2021. Shining a light on dark patterns. Journal of Legal Analysis 13 1 (2021) 43\u2013109.","DOI":"10.1093\/jla\/laaa006"},{"key":"e_1_3_3_3_84_2","unstructured":"Maximilian Maier. 2019. Dark patterns\u2013An end user perspective."},{"key":"e_1_3_3_3_85_2","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE48619.2023.00166"},{"key":"e_1_3_3_3_86_2","doi-asserted-by":"crossref","unstructured":"Arunesh Mathur Gunes Acar Michael\u00a0J Friedman Eli Lucherini Jonathan Mayer Marshini Chetty and Arvind Narayanan. 2019. Dark patterns at scale: Findings from a crawl of 11K shopping websites. Proceedings of the ACM on Human-Computer Interaction 3 CSCW (2019) 1\u201332.","DOI":"10.1145\/3359183"},{"key":"e_1_3_3_3_87_2","doi-asserted-by":"publisher","DOI":"10.1145\/3411764.3445610"},{"key":"e_1_3_3_3_88_2","doi-asserted-by":"crossref","unstructured":"Patricia\u00a0R McCarthy and Henry\u00a0M McCarthy. 2006. When case studies are not enough: Integrating experiential learning into business curricula. Journal of Education for business 81 4 (2006) 201\u2013204.","DOI":"10.3200\/JOEB.81.4.201-204"},{"key":"e_1_3_3_3_89_2","doi-asserted-by":"publisher","DOI":"10.18690\/978-961-286-485-9.29"},{"key":"e_1_3_3_3_90_2","doi-asserted-by":"crossref","unstructured":"Marisa Meyer Victoria Adkins Nalingna Yuan Heidi\u00a0M Weeks Yung-Ju Chang and Jenny Radesky. 2019. Advertising in young children\u2019s apps: A content analysis. Journal of developmental & behavioral pediatrics 40 1 (2019) 32\u201339.","DOI":"10.1097\/DBP.0000000000000622"},{"key":"e_1_3_3_3_91_2","doi-asserted-by":"crossref","unstructured":"Abraham Mhaidli Selin Fidan An Doan Gina Herakovic Mukund Srinath Lee Matheson Shomir Wilson and Florian Schaub. 2023. Researchers\u2019 experiences in analyzing privacy policies: Challenges and opportunities. Proceedings on Privacy Enhancing Technologies (2023).","DOI":"10.56553\/popets-2023-0111"},{"key":"e_1_3_3_3_92_2","doi-asserted-by":"crossref","unstructured":"Thomas\u00a0Howard Morris. 2020. Experiential learning\u2013a systematic review and revision of Kolb\u2019s model. Interactive learning environments 28 8 (2020) 1064\u20131077.","DOI":"10.1080\/10494820.2019.1570279"},{"key":"e_1_3_3_3_93_2","doi-asserted-by":"publisher","DOI":"10.1145\/3290605.3300472"},{"key":"e_1_3_3_3_94_2","doi-asserted-by":"publisher","DOI":"10.1145\/3055305.3055309"},{"key":"e_1_3_3_3_95_2","volume-title":"Workforce Framework for Cybersecurity NICE Framework","author":"Studies National Initiative for Cybersecurity Careers and","year":"2022","unstructured":"National Initiative for Cybersecurity Careers and Studies. 2022. Workforce Framework for Cybersecurity NICE Framework. https:\/\/niccs.cisa.gov\/workforce-development\/nice-framework"},{"key":"e_1_3_3_3_96_2","unstructured":"United States\u00a0Court of\u00a0Appeals for\u00a0the Ninth\u00a0Circuit. 2018. 16-17197 - FTC v. AMG Capital Management LLC et al. https:\/\/www.govinfo.gov\/content\/pkg\/USCOURTS-ca9-16-17197\/pdf\/USCOURTS-ca9-16-17197-0.pdf. Accessed: 2024-08-26."},{"key":"e_1_3_3_3_97_2","volume-title":"2014 USENIX Summit on Gaming, Games, and Gamification in Security Education (3GSE 14)","author":"Olano Marc","year":"2014","unstructured":"Marc Olano, Alan Sherman, Linda Oliva, Ryan Cox, Deborah Firestone, Oliver Kubik, Milind Patil, John Seymour, Isaac Sohn, and Donna Thomas. 2014. { SecurityEmpire} : Development and evaluation of a digital game to promote cybersecurity education. In 2014 USENIX Summit on Gaming, Games, and Gamification in Security Education (3GSE 14)."},{"key":"e_1_3_3_3_98_2","unstructured":"OpenAI. 2024. ChatGPT: GPT-4 Language Model. https:\/\/chat.openai.com. Accessed: 2024-09-09."},{"key":"e_1_3_3_3_99_2","doi-asserted-by":"crossref","unstructured":"James Parker Michael Hicks Andrew Ruef Michelle\u00a0L Mazurek Dave Levin Daniel Votipka Piotr Mardziel and Kelsey\u00a0R Fulton. 2020. Build it break it fix it: Contesting secure development. ACM Transactions on Privacy and Security (TOPS) 23 2 (2020) 1\u201336.","DOI":"10.1145\/3383773"},{"key":"e_1_3_3_3_100_2","first-page":"1","volume-title":"Eighteenth Symposium on Usable Privacy and Security (SOUPS 2022)","author":"Pfeffer Katharina","year":"2022","unstructured":"Katharina Pfeffer, Alexandra Mai, Edgar Weippl, Emilee Rader, and Katharina Krombholz. 2022. Replication: Stories as Informal Lessons about Security. In Eighteenth Symposium on Usable Privacy and Security (SOUPS 2022). 1\u201318."},{"key":"e_1_3_3_3_101_2","doi-asserted-by":"crossref","unstructured":"Lynette Pretorius. 2018. Experiential and self-discovery learning in digital literacy: Developing the discernment to evaluate source reliability. College & Undergraduate Libraries 25 4 (2018) 388\u2013405.","DOI":"10.1080\/10691316.2018.1530626"},{"key":"e_1_3_3_3_102_2","doi-asserted-by":"crossref","unstructured":"Petri Puhakainen and Mikko Siponen. 2010. Improving employees\u2019 compliance through information systems security training: an action research study. MIS quarterly (2010) 757\u2013778.","DOI":"10.2307\/25750704"},{"key":"e_1_3_3_3_103_2","volume-title":"R: The R Project for Statistical Computing","author":"Team R Core","year":"2023","unstructured":"R Core Team. 2023. R: The R Project for Statistical Computing. https:\/\/www.r-project.org\/"},{"key":"e_1_3_3_3_104_2","doi-asserted-by":"crossref","unstructured":"Emilee Rader and Rick Wash. 2015. Identifying patterns in informal sources of security information. Journal of Cybersecurity 1 1 (2015) 121\u2013144.","DOI":"10.1093\/cybsec\/tyv008"},{"key":"e_1_3_3_3_105_2","doi-asserted-by":"publisher","DOI":"10.1145\/2335356.2335364"},{"key":"e_1_3_3_3_106_2","doi-asserted-by":"crossref","unstructured":"Jenny Radesky Alexis Hiniker Caroline McLaren Eliz Akgun Alexandria Schaller Heidi\u00a0M Weeks Scott Campbell and Ashley\u00a0N Gearhardt. 2022. Prevalence and characteristics of manipulative design in mobile applications used by children. JAMA network open 5 6 (2022) e2217641\u2013e2217641.","DOI":"10.1001\/jamanetworkopen.2022.17641"},{"key":"e_1_3_3_3_107_2","doi-asserted-by":"publisher","DOI":"10.1145\/3411764.3445658"},{"key":"e_1_3_3_3_108_2","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2016.24"},{"key":"e_1_3_3_3_109_2","doi-asserted-by":"crossref","unstructured":"Andrew Reeves Dragana Calic and P Delfabbro. 2021. \u201cGet a red-hot poker and open up my eyes it\u2019s so boring\u201d 1: Employee perceptions of cybersecurity training. Computers & security 106 (2021) 102281.","DOI":"10.1016\/j.cose.2021.102281"},{"key":"e_1_3_3_3_110_2","unstructured":"Children\u2019s\u00a0Advertising Review. 2021. Self-Regulatory Guidelines for Children\u2019s Advertising. https:\/\/bbbnp-bbbp-stf-use1-01.s3.amazonaws.com\/docs\/default-source\/caru\/caru_advertisingguidelines.pdf. Accessed: 2024-08-26."},{"key":"e_1_3_3_3_111_2","doi-asserted-by":"crossref","unstructured":"Fred\u00a0B Schneider. 2013. Cybersecurity education in universities. IEEE Security & Privacy 11 4 (2013) 3\u20134.","DOI":"10.1109\/MSP.2013.84"},{"key":"e_1_3_3_3_112_2","doi-asserted-by":"crossref","unstructured":"Roland\u00a0W Scholz Regula Steiner and Ralf Hansmann. 2004. Role of internship in higher education in environmental sciences. Journal of Research in Science Teaching: The Official Journal of the National Association for Research in Science Teaching 41 1 (2004) 24\u201346.","DOI":"10.1002\/tea.10123"},{"key":"e_1_3_3_3_113_2","volume-title":"Amazon Simple Storage Service (S3) Documentation","author":"Services Amazon\u00a0Web","year":"2024","unstructured":"Amazon\u00a0Web Services. 2024. Amazon Simple Storage Service (S3) Documentation. Accessed: 2024-09-09."},{"key":"e_1_3_3_3_114_2","doi-asserted-by":"publisher","DOI":"10.1145\/1280680.1280692"},{"key":"e_1_3_3_3_115_2","volume-title":"2014 { USENIX} Summit on Gaming, Games, and Gamification in Security Education (3GSE 14)","author":"Shostack Adam","year":"2014","unstructured":"Adam Shostack. 2014. Elevation of privilege: Drawing developers into threat modeling. In 2014 { USENIX} Summit on Gaming, Games, and Gamification in Security Education (3GSE 14)."},{"key":"e_1_3_3_3_116_2","unstructured":"Lori Simons Lawrence Fehr Nancy Blank Heather Connell Denise Georganas David Fernandez and Verda Peterson. 2012. Lessons Learned from Experiential Learning: What Do Students Learn from a Practicum\/Internship?. International Journal of Teaching and Learning in Higher Education 24 3 (2012) 325\u2013334."},{"key":"e_1_3_3_3_117_2","doi-asserted-by":"publisher","DOI":"10.1145\/3328778.3366816"},{"key":"e_1_3_3_3_118_2","doi-asserted-by":"crossref","unstructured":"Keith\u00a0S Taber. 2018. The use of Cronbach\u2019s alpha when developing and reporting research instruments in science education. Research in science education 48 (2018) 1273\u20131296.","DOI":"10.1007\/s11165-016-9602-2"},{"key":"e_1_3_3_3_119_2","doi-asserted-by":"publisher","DOI":"10.1145\/3544548.3580650"},{"key":"e_1_3_3_3_120_2","unstructured":"U.S. Congress. 2022. S.3330 - Deceptive Experiences To Online Users Reduction (DETOUR) Act. https:\/\/www.congress.gov\/bill\/117th-congress\/senate-bill\/3330 Accessed: 2024-08-26."},{"key":"e_1_3_3_3_121_2","doi-asserted-by":"publisher","DOI":"10.1145\/3173574.3174066"},{"key":"e_1_3_3_3_122_2","doi-asserted-by":"publisher","DOI":"10.1145\/3290605.3300338"},{"key":"e_1_3_3_3_123_2","doi-asserted-by":"crossref","unstructured":"Tingmin Wu Wanlun Ma Sheng Wen Xin Xia Cecile Paris Surya Nepal and Yang Xiang. 2021. Analysis of trending topics and text-based channels of information delivery in cybersecurity. ACM Transactions on Internet Technology (TOIT) 22 2 (2021) 1\u201327.","DOI":"10.1145\/3483332"},{"key":"e_1_3_3_3_124_2","doi-asserted-by":"crossref","unstructured":"Heng Xu Tamara Dinev Jeff Smith and Paul Hart. 2011. Information privacy concerns: Linking individual perceptions with institutional privacy assurances. Journal of the Association for Information Systems 12 12 (2011) 1.","DOI":"10.17705\/1jais.00281"},{"key":"e_1_3_3_3_125_2","volume-title":"Foundations of Digital Games 2013","author":"Zagal Jos\u00e9\u00a0P","year":"2013","unstructured":"Jos\u00e9\u00a0P Zagal, Staffan Bj\u00f6rk, and Chris Lewis. 2013. Dark patterns in the design of games. In Foundations of Digital Games 2013."},{"key":"e_1_3_3_3_126_2","doi-asserted-by":"publisher","DOI":"10.1177\/1541931214581306"},{"key":"e_1_3_3_3_127_2","doi-asserted-by":"crossref","unstructured":"Wenting Zou Amanda\u00a0Purington Drake Philipp\u00a0K Masur Janis Whitlock and Natalie\u00a0N Bazarova. 2024. Examining learners\u2019 engagement patterns and knowledge outcome in an experiential learning intervention for youth\u2019s social media literacy. Computers & Education 216 (2024) 105046.","DOI":"10.1016\/j.compedu.2024.105046"}],"event":{"name":"CHI 2025: CHI Conference on Human Factors in Computing Systems","location":"Yokohama Japan","acronym":"CHI '25","sponsor":["SIGCHI ACM Special Interest Group on Computer-Human Interaction"]},"container-title":["Proceedings of the 2025 CHI Conference on Human Factors in Computing Systems"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3706598.3713493","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3706598.3713493","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,7,4]],"date-time":"2025-07-04T05:44:33Z","timestamp":1751607873000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3706598.3713493"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,4,25]]},"references-count":126,"alternative-id":["10.1145\/3706598.3713493","10.1145\/3706598"],"URL":"https:\/\/doi.org\/10.1145\/3706598.3713493","relation":{},"subject":[],"published":{"date-parts":[[2025,4,25]]},"assertion":[{"value":"2025-04-25","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}