"Sign in with ... Privacy'': Timely Disclosure of Privacy Differences among Web SSO Login Options

• URL: http://arxiv.org/abs/2209.04490v3
• Date: Fri, 20 Dec 2024 04:47:23 GMT
• Title: "Sign in with ... Privacy'': Timely Disclosure of Privacy Differences among Web SSO Login Options
• Authors: Srivathsan G. Morkonda, Sonia Chiasson, Paul C. van Oorschot,
• Abstract summary: Single sign-on (SSO) services allow users to grant web sites or relying parties (RPs) access to their personal profile information from identity provider (IdP) accounts.<n>Many RP sites fail to provide sufficient privacy-related information to allow users to make informed login decisions.<n>We present an empirical analysis of popular RP implementations supporting three major IdP login options (Facebook, Google, and Apple) and categorize RPs in the top 500 sites into four client-side code patterns.
• Score: 9.907956506019541
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: The number of login options on web sites has increased since the introduction of web single sign-on (SSO) protocols. Web SSO services allow users to grant web sites or relying parties (RPs) access to their personal profile information from identity provider (IdP) accounts. Many RP sites fail to provide sufficient privacy-related information to allow users to make informed login decisions. Moreover, privacy differences in permission requests across login options are largely hidden from users and are time-consuming to manually extract and compare. In this paper, we present an empirical analysis of popular RP implementations supporting three major IdP login options (Facebook, Google, and Apple) and categorize RPs in the top 500 sites into four client-side code patterns. Informed by these RP patterns, we design and implement SSOPrivateEye (SPEye), a browser extension prototype that extracts and displays to users permission request information from SSO login options in RPs covering the three IdPs.

Related papers

• Controlling What You Share: Assessing Language Model Adherence to Privacy Preferences [80.63946798650653]
  We explore how users can stay in control of their data by using privacy profiles.<n>We build a framework where a local model uses these instructions to rewrite queries.<n>To support this research, we introduce a multilingual dataset of real user queries to mark private content.
  arXiv  Detail & Related papers  (2025-07-07T18:22:55Z)
• On the Differential Privacy and Interactivity of Privacy Sandbox Reports [78.85958224681858]
  The Privacy Sandbox initiative from Google includes APIs for enabling privacy-preserving advertising functionalities. We provide an abstract model for analyzing the privacy of these APIs and show that they satisfy a formal DP guarantee.
  arXiv  Detail & Related papers  (2024-12-22T08:22:57Z)
• The Privacy-Utility Trade-off in the Topics API [0.34952465649465553]
  We analyze the re-identification risks for individual Internet users and the utility provided to advertising companies by the Topics API. We provide theoretical results dependent only on the API parameters that can be readily applied to evaluate the privacy and utility implications of future API updates.
  arXiv  Detail & Related papers  (2024-06-21T17:01:23Z)
• Mind the Privacy Unit! User-Level Differential Privacy for Language Model Fine-Tuning [62.224804688233]
  differential privacy (DP) offers a promising solution by ensuring models are 'almost indistinguishable' with or without any particular privacy unit. We study user-level DP motivated by applications where it necessary to ensure uniform privacy protection across users.
  arXiv  Detail & Related papers  (2024-06-20T13:54:32Z)
• Evaluating Google's Protected Audience Protocol [7.737740676767729]
  Google has proposed the Privacy Sandbox initiative to enable ad targeting without third-party cookies. This work focuses on analyzing linkage privacy risks for the reporting mechanisms proposed in the Protected Audience proposal.
  arXiv  Detail & Related papers  (2024-05-13T18:28:56Z)
• IDPFilter: Mitigating Interdependent Privacy Issues in Third-Party Apps [0.30693357740321775]
  Third-party apps have increased concerns about interdependent privacy (IDP) This paper provides a comprehensive investigation into the previously underinvestigated IDP issues of third-party apps. We propose IDPFilter, a platform-agnostic API that enables application providers to minimize collateral information collection.
  arXiv  Detail & Related papers  (2024-05-02T16:02:13Z)
• User Consented Federated Recommender System Against Personalized Attribute Inference Attack [55.24441467292359]
  We propose a user-consented federated recommendation system (UC-FedRec) to flexibly satisfy the different privacy needs of users. UC-FedRec allows users to self-define their privacy preferences to meet various demands and makes recommendations with user consent.
  arXiv  Detail & Related papers  (2023-12-23T09:44:57Z)
• How Do Input Attributes Impact the Privacy Loss in Differential Privacy? [55.492422758737575]
  We study the connection between the per-subject norm in DP neural networks and individual privacy loss. We introduce a novel metric termed the Privacy Loss-Input Susceptibility (PLIS) which allows one to apportion the subject's privacy loss to their input attributes.
  arXiv  Detail & Related papers  (2022-11-18T11:39:03Z)
• Cross-Network Social User Embedding with Hybrid Differential Privacy Guarantees [81.6471440778355]
  We propose a Cross-network Social User Embedding framework, namely DP-CroSUE, to learn the comprehensive representations of users in a privacy-preserving way. In particular, for each heterogeneous social network, we first introduce a hybrid differential privacy notion to capture the variation of privacy expectations for heterogeneous data types. To further enhance user embeddings, a novel cross-network GCN embedding model is designed to transfer knowledge across networks through those aligned users.
  arXiv  Detail & Related papers  (2022-09-04T06:22:37Z)
• UPPRESSO: Untraceable and Unlinkable Privacy-PREserving Single Sign-On Services [15.062365685418092]
  Single sign-on (SSO) allows a user to maintain only the credential for an identity provider (IdP) to log into multiple relying parties (RPs) This paper presents a privacy-preserving SSO scheme, called UPPRESSO, to protect an honest user's online profile against (a) an honest-but-curious IdP and (b) malicious RPs colluding with other users.
  arXiv  Detail & Related papers  (2021-10-20T06:32:38Z)
• Unsupervised Proxy Selection for Session-based Recommender Systems [15.930016839929047]
  Session-based Recommender Systems (SRSs) have been actively developed to recommend the next item of an anonymous short item sequence (i.e., session) Unlike sequence-aware recommender systems where the whole interaction sequence of each user can be used to model both the short-term interest and the general interest of the user, the absence of user-dependent information in SRSs makes it difficult to directly derive the user's general interest from data. Existing SRSs have focused on how to effectively model the information about short-term interest within the sessions, but they are insufficient to capture the general interest of
  arXiv  Detail & Related papers  (2021-07-08T02:03:06Z)
• Private Reinforcement Learning with PAC and Regret Guarantees [69.4202374491817]
  We design privacy preserving exploration policies for episodic reinforcement learning (RL) We first provide a meaningful privacy formulation using the notion of joint differential privacy (JDP) We then develop a private optimism-based learning algorithm that simultaneously achieves strong PAC and regret bounds, and enjoys a JDP guarantee.
  arXiv  Detail & Related papers  (2020-09-18T20:18:35Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.