We performed a laboratory experiment to study the privacy tradeoff offered by Facebook Connect: disclosing Facebook profile data to third-party websites for the convenience of logging in without creating separate accounts. We controlled for trustworthiness and amount of information each website requested, as well as the consent dialog layout. We discovered that these factors had no observable effects, likely because participants did not read the dialogs. Yet, 15% still refused to use Facebook Connect, citing privacy concerns. A likely explanation for subjects ignoring the dialogs while also understanding the privacy tradeoff – our exit survey indicated that 88% broadly understood what data would be collected – is that subjects were already familiar with the dialogs prior to the experiment. We discuss how our results demonstrate informed consent, but also how habituation prevented subjects from understanding the nuances between individual websites’ data collection policies.
Serge Egelman. My profile is my password, verify me!: the privacy/convenience tradeoff of facebook connect. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (CHI ’13). ACM, New York, NY, USA, 2369-2378. 2013.