Skip to Main content Skip to Navigation
Conference papers

Information Sharing and User Privacy in the Third-Party Identity Management Landscape

Abstract : The cross-site information sharing and authorized actions of third-party identity management can have significant privacy implications for the users. In this paper, we use a combination of manual analysis of identified third-party identity management relationships and targeted case studies to (i) capture how the protocol usage and third-party selection is changing, (ii) profile what information is requested to be shared (and actions to be performed) between websites, and (iii) identify privacy issues and practical problems that occur when using multiple accounts (associated with these services). By characterizing and quantifying the third-party relationships based on their cross-site information sharing, the study highlights differences in the privacy leakage risks associated with different classes of websites, and provides concrete evidence for how the privacy risks are increasing. For example, many news and file/video-sharing sites ask users to authorize the site to post information to the third-party website. We also observe a general increase in the breadth of information that is shared across websites, and find that due to usage of multiple third-party websites, in many cases, the user can lose (at least) partial control over which identities they can merge/relate and the information that is shared/posted on their behalf.
Document type :
Conference papers
Complete list of metadata

Cited literature [18 references]  Display  Hide  Download
Contributor : Hal Ifip Connect in order to contact the contributor
Submitted on : Wednesday, July 13, 2016 - 10:56:38 AM
Last modification on : Wednesday, July 13, 2016 - 11:18:42 AM


Files produced by the author(s)


Distributed under a Creative Commons Attribution 4.0 International License



Anna Vapen, Niklas Carlsson, Anirban Mahanti, Nahid Shahmehri. Information Sharing and User Privacy in the Third-Party Identity Management Landscape. 30th IFIP International Information Security Conference (SEC), May 2015, Hamburg, Germany. pp.174-188, ⟨10.1007/978-3-319-18467-8_12⟩. ⟨hal-01345104⟩



Record views


Files downloads