Helping John to Make Informed Decisions on Using Social Login

Users make two privacy-related decisions when signing up for a new Service Provider (SP): (1) whether to use an existing Single Sign-On (SSO) account of an Identity Provider (IdP), or not, and (2) the information the IdP is allowed to share with the SP under specific conditions. From a privacy point of view, the use of existing social network-based SSO solutions (i.e. social login) is not recommended. This advice, however, comes at the expense of security, usability, and functionality. Thus, in principle, it should be up to the user to consider all advantages and disadvantages of using SSO and to consent to requested permissions, provided that she is well informed. Another issue is that existing social login sign-up interfaces are often not compliant with legal privacy requirements for informed consent and Privacy by Default. Accordingly, our research focuses on enabling informed decisions and consent in this context. To this end, we identified users’ problems and usability issues from the literature and an expert cognitive walkthrough.We also elicited end user and legal privacy requirements for user interfaces (UIs) providing informed consent. ... mehrThis input as used to develop a tutorial to inform users on the pros and cons of sign-up methods and to design SSO sign-up UIs for privacy. A between-subject laboratory study with 80 participants was used to test both the tutorial and the UIs. We demonstrate an increase in the level to which users are informed when deciding and providing consent in the context of social login.