ABSTRACT
Third-party identity management services enable cross-site information sharing, making Web access seamless but also raise significant privacy implications for the users. Using a combination of manual analysis of identified third-party identity management relationships and targeted case studies we capture how the protocol usage and third-party selection is changing, profile what information is requested to be shared (and actions to be performed) between websites, and identify privacy issues and practical problems that occur when using multiple accounts (associated with these services). The study highlights differences in the privacy leakage risks associated with different classes of websites, and shows that the use of multiple third-party websites, in many cases, can cause the user to lose (at least) partial control over which information is shared/posted on their behalf.
- R. Dhamija and L. Dusseault. The seven flaws of identity management: Usability and security challenges. IEEE Security & Privacy, 6(2):24-29, Mar/Apr. 2008. Google ScholarDigital Library
- S.-T. Sun, E. Pospisil, I. Muslukhov, N. Dindar, K. Hawkey, and K. Beznosov. Investigating user's perspective of web single sign-on: Conceptual gaps, alternative design and acceptance model. ACM Trans. on Internet Technology, 13(1):2:1--2:35, Nov. 2013. Google ScholarDigital Library
- A. Vapen, N. Carlsson, A. Mahanti, and N. Shahmehri. Information sharing and user privacy in the third-party identity management landscape. Technical report, 2014.Google Scholar
- A. Vapen, N. Carlsson, A. Mahanti, and N. Shahmehri. Third-party identity management usage on the web. In Proc. PAM, Mar. 2014. Google ScholarDigital Library
Index Terms
- Information Sharing and User Privacy in the Third-party Identity Management Landscape
Recommendations
Privacy-enhanced user-centric identity management
ICC'09: Proceedings of the 2009 IEEE international conference on CommunicationsUser-centric identity management approaches have received significant attention for managing private and critical identity attributes from the user's perspective. User-centric identity management allows users to control their own digital identities. ...
A Look at the Third-Party Identity Management Landscape
Many websites act as relying parties (RPs) by allowing access to their services via third-party identity providers (IDPs), such as Facebook and Google. Using IDPs simplifies account creation, login activity, and information sharing across websites. ...
The effects of attacker identity and individual user characteristics on the value of information privacy
Past research indicates that people have strong concerns about their information privacy. This study applies multi-attribute utility theory to conceptualize the concern for smartphone privacy and examine how people value smartphone privacy protection. ...
Comments