SSOPrivateEye: Timely Disclosure of Single Sign-On Privacy Design Differences

The number of login options on websites has increased since the introduction of web single sign-on (SSO) protocols. SSO services allow users to grant websites or relying parties (RPs) access to their personal profile information from identity provider (IdP) accounts. When prompting users to select an SSO login option, many websites do not provide any privacy information that could help users make informed choices. Moreover, privacy differences in permission requests across available login options are largely hidden from users and are time consuming to manually extract and compare. In this paper, we present an empirical study of popular RP implementations supporting three major IdP login options (Facebook, Google, and Apple) and categorize RPs in the top 300 sites into four client-side code patterns. Our findings suggest a relatively uniform distribution in three code patterns. We select RPs in one of these patterns as target sites for the design and implementation of SSOPrivateEye (SPEye), a browser extension prototype that extracts comparative data on SSO login options in RPs covering the three IdPs. Our evaluation of SPEye demonstrates the viability of extracting privacy information that can inform SSO login choices in the majority of our target sites.