skip to main content
10.1145/2660460.2660471acmconferencesArticle/Chapter ViewAbstractPublication PagescosnConference Proceedingsconference-collections
research-article

Cognitive disconnect: understanding facebook connect login permissions

Published: 01 October 2014 Publication History

Abstract

We study Facebook Connect's permissions system using crawling, experimentation, and user surveys. We find several areas in which it it works differently than many users and developers expect. More permissions can be granted than developers intend. In particular, permissions that allow a site to post to the user's profile are granted on an all-or-nothing basis. While users generally understand what data sites can read from their profile, they generally do not understand the full extent of what sites can post. In the case of write permissions, we show that user expectations are influenced by the identity of the requesting site although this has no impact on what is actually enforced. We also find that users generally do not understand the way Facebook Connect permissions interact with Facebook's privacy settings. Our results suggest that users understand detailed, granular messages better than those that are broad and vague.

References

[1]
Personal correspondence with Facebook Security representative (Neal), April 2014.
[2]
Report of Data Protection Audit of Facebook Ireland, December 2011.
[3]
Facebook Developer Reference-Facebook Login. https://developers.facebook.com/docs/facebook-login/, 2014.
[4]
Facebook Developer Reference-Getting Started with Custom Stories. https://developers.facebook.com/docs/opengraph/getting-started/, 2014.
[5]
Facebook Developer Reference-Graph API Reference. https://developers.facebook.com/docs/graph-api/reference/, 2014.
[6]
Facebook Developer Reference-Permissions. https://developers.facebook.com/docs/reference/fql/permissions/, 2014.
[7]
Facebook Developer Reference-Permissions with Facebook Login. https://developers.facebook.com/docs/facebook-login/permissions, 2014.
[8]
Facebook Developer Reference-Platform Policy. https://developers.facebook.com/policy/, 2014.
[9]
Facebook Developer Reference-Privacy for Apps & Websites. https://www.facebook.com/help/403786193017893, 2014.
[10]
J. Bonneau and S. Preibusch. The Privacy Jungle: On the Market for Privacy in Social Networks. In WEIS '09: Proceedings of the 8 Workshop on the Economics of Information Security, June 2009.
[11]
A. Chaabane, Y. Ding, R. Dey, M. A. Kaafar, and K. W. Ross. A Closer Look at Third-Party OSN Applications: Are They Leaking Your Personal Information? In Passive and Active Measurement Conference (2014), Los Angeles, March 2014. Springer.
[12]
L. Chen. Streamlining publish\_stream and publish actions permissions. Facebook Blog, April 2012.
[13]
P. H. Chia, Y. Yamamoto, and N. Asokan. Is This App Safe?: A Large Scale Study on Application Permissions and Risk Signals. In WWW '12 Proceedings of the 21st International Conference on the World Wide Web. ACM, April 2012.
[14]
S. Egelman. My profile is my password, verify me!: The privacy/convenience tradeoff of Facebook Connect. In CHI '13 Proceedings of the SIGCHI Conference on Human Factors in Computing Systems. ACM, 2013.
[15]
M. Frank, B. Dong, A. P. Felt, and D. Song. Mining Permission Request Patterns from Android and Facebook Applications. In The 12th IEEE International Conference on Data Mining. IEEE, 2012.
[16]
J. K. Goodman, C. E. Cryder, and A. Cheema. Data Collection in a Flat World: The Strengths and Weaknesses of Mechanical Turk Samples. Behavioral Decision Making, 26(3):213--224, 2013.
[17]
M. Huber, M. Mulazzani, S. Schrittwieser, and E. Weippl. AppInspect: Large-scale Evaluation of Social Networking Apps. In COSN '13 Proceedings of the First ACM Conference on Online Social Networks. ACM, 2013.
[18]
D. Morin. Announcing Facebook Connect. Facebook Blog, May 2008.
[19]
H. Nissenbaum. Privacy as contextual integrity. Washington Law Review, 79, 2004.
[20]
M. S. Rahman, T.-K. Huang, H. V. Madhy, and M. Faloutsos. FRAppE: Detecting Malicious Facebook Applications. In CoNEXT '12 Proceedings of the 8th International Conference on Emerging Networking Experiments and Technologies. ACM, 2012.
[21]
P. Sovis, F. Kohlar, and J. Schwenk. Security Analysis of OpenID. In Securing Electronic Business Processes - Highlights of the Information Security Solutions Europe 2010 Conference, 2010.
[22]
J. Spehar. The New Facebook Login and Graph API 2.0. Facebook Blog, April 2014.
[23]
S.-T. Sun and K. Beznosov. The Devil is in the (Implementation) Details: An Empirical Analysis of OAuth SSO Systems. In Proceedings of ACM Conference on Computer and Communications Security '12. LERSSE, October 2012.
[24]
S.-T. Sun, Y. Boshmaf, K. Hawkey, and K. Beznosov. A Billion Keys, but Few Locks: The Crisis of Web Single Sign-On. In NSPW '10: Proceedings of the 2010 New Security Paradigms Workshop. ACM, 2010.
[25]
S.-T. Sun, E. Pospisil, I. Muslukhov, N. Dindar, K. Hawkey, and K. Beznosov. Investigating User's Perspective of Web Single Sign-On: Conceptual Gaps, Alternative Design and Acceptance Model. ACM Transactions on Internet Technology, 2013.
[26]
A. Wyler. Providing people greater clarity and control. Facebook Blog, December 2012.

Cited By

View all
  • (2025) “Sign in with ... Privacy ”: Timely Disclosure of Privacy Differences among Web SSO Login Options ACM Transactions on Privacy and Security10.1145/3711898Online publication date: 9-Jan-2025
  • (2023)"My privacy for their security"Proceedings of the 32nd USENIX Conference on Security Symposium10.5555/3620237.3620438(3583-3600)Online publication date: 9-Aug-2023
  • (2022)How gullible are web measurement tools?Proceedings of the 18th International Conference on emerging Networking EXperiments and Technologies10.1145/3555050.3569131(171-186)Online publication date: 30-Nov-2022
  • Show More Cited By

Index Terms

  1. Cognitive disconnect: understanding facebook connect login permissions

        Recommendations

        Comments

        Information & Contributors

        Information

        Published In

        cover image ACM Conferences
        COSN '14: Proceedings of the second ACM conference on Online social networks
        October 2014
        288 pages
        ISBN:9781450331982
        DOI:10.1145/2660460
        Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

        Sponsors

        Publisher

        Association for Computing Machinery

        New York, NY, United States

        Publication History

        Published: 01 October 2014

        Permissions

        Request permissions for this article.

        Check for updates

        Author Tags

        1. facebook
        2. online social networks
        3. permissions
        4. privacy

        Qualifiers

        • Research-article

        Conference

        COSN'14
        Sponsor:
        COSN'14: Conference on Online Social Networks
        October 1 - 2, 2014
        Dublin, Ireland

        Acceptance Rates

        COSN '14 Paper Acceptance Rate 25 of 87 submissions, 29%;
        Overall Acceptance Rate 69 of 307 submissions, 22%

        Contributors

        Other Metrics

        Bibliometrics & Citations

        Bibliometrics

        Article Metrics

        • Downloads (Last 12 months)8
        • Downloads (Last 6 weeks)2
        Reflects downloads up to 15 Feb 2025

        Other Metrics

        Citations

        Cited By

        View all
        • (2025) “Sign in with ... Privacy ”: Timely Disclosure of Privacy Differences among Web SSO Login Options ACM Transactions on Privacy and Security10.1145/3711898Online publication date: 9-Jan-2025
        • (2023)"My privacy for their security"Proceedings of the 32nd USENIX Conference on Security Symposium10.5555/3620237.3620438(3583-3600)Online publication date: 9-Aug-2023
        • (2022)How gullible are web measurement tools?Proceedings of the 18th International Conference on emerging Networking EXperiments and Technologies10.1145/3555050.3569131(171-186)Online publication date: 30-Nov-2022
        • (2021)Empirical Analysis and Privacy Implications in OAuth-based Single Sign-On SystemsProceedings of the 20th Workshop on Workshop on Privacy in the Electronic Society10.1145/3463676.3485600(195-208)Online publication date: 15-Nov-2021
        • (2021)Declarative Variables in Online DatingProceedings of the ACM on Human-Computer Interaction10.1145/34491745:CSCW1(1-32)Online publication date: 22-Apr-2021
        • (2019)L’État plateforme et l’identification numérique des usagersRéseaux10.3917/res.213.0211n° 213:1(211-239)Online publication date: 21-Mar-2019
        • (2018)Helping john to make informed decisions on using social loginProceedings of the 33rd Annual ACM Symposium on Applied Computing10.1145/3167132.3167259(1165-1174)Online publication date: 9-Apr-2018
        • (2018)User Evaluations of an App Interface for Cloud-Based Identity ManagementAdvances in Information Systems Development10.1007/978-3-319-74817-7_13(205-223)Online publication date: 28-Mar-2018
        • (2017)A Survey on Web Tracking: Mechanisms, Implications, and DefensesProceedings of the IEEE10.1109/JPROC.2016.2637878105:8(1476-1510)Online publication date: Aug-2017
        • (2016)Online TrackingProceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security10.1145/2976749.2978313(1388-1401)Online publication date: 24-Oct-2016
        • Show More Cited By

        View Options

        Login options

        View options

        PDF

        View or Download as a PDF file.

        PDF

        eReader

        View online with eReader.

        eReader

        Figures

        Tables

        Media

        Share

        Share

        Share this Publication link

        Share on social media