Helping Johnny to Make Informed Decisions in the Context of Social Login
Farzaneh Karegar, Nina Gerber, Melanie Volkamer, Simone Fischer-Hübner
Users have to make two privacy-related decisions when signing up for a new web service: (1) whether to use an existing Single Sign-On (SSO) account of an Identity Provider (IdP) and (2) what information the IdP is allowed to share and for how long with the Service Provider (SP). From a privacy point of view, the use of existing social network-based SSO solutions (i.e. social login) is not recommended. This recommendation, however, is accompanied by drawbacks regarding security, usability, and functionality. Thus, in principle, it should be up to the user to consider all advantages and disadvantages of using SSO and to consent to requested permissions, provided that she is well informed. Another issue is that existing social login sign-up interfaces are often not compliant with legal privacy requirements for informed consent and Privacy by Default. Accordingly, our research focuses on enabling informed decisions and consent in this context. To this end, we identified users' problems and usability issues from the literature and we conducted an expert cognitive walkthrough and elicited end user and legal privacy requirements for user interfaces (UIs) providing informed consent. We used this input to develop a tutorial for informing users about the pros and cons of sign-up methods and to design SSO sign-up UIs for privacy. We tested both the tutorial and the UIs in a between-subject lab study with 80 participants. The results indicate that we were able to increase the level to which users are informed when deciding and providing consent in the context of social login.
The 33rd ACM/SIGAPP Symposium On Applied Computing
Place and Date
Pau, France, April 9 - 13, 2018.