November 27, 2015


Cognitive disconnect: Understanding Facebook Connect login permissions

[Nicky Robinson is an undergraduate whose Junior Independent Work project, advised by Joseph Bonneau, turned into a neat research paper. — Arvind Narayanan]

When you use the Facebook Connect [1] login system, another website may ask for permission to “post to Facebook for you.” But what does this message mean? If you click “Okay”, what can the site do to your profile?

Motivated by this confusion, we explored Facebook Connect login permissions with the twin goals of understanding what permissions websites are given when a user logs in with Facebook and whether users understand that they are authorizing those permissions. Here is a working draft of our research report.
[Read more…]