{"id":"https://openalex.org/W4385517833","doi":"https://doi.org/10.56553/popets-2023-0119","title":"Everybody's Looking for SSOmething: A large-scale evaluation on the privacy of OAuth authentication on the web","display_name":"Everybody's Looking for SSOmething: A large-scale evaluation on the privacy of OAuth authentication on the web","publication_year":2023,"publication_date":"2023-08-03","ids":{"openalex":"https://openalex.org/W4385517833","doi":"https://doi.org/10.56553/popets-2023-0119"},"language":"en","primary_location":{"id":"doi:10.56553/popets-2023-0119","is_oa":true,"landing_page_url":"https://doi.org/10.56553/popets-2023-0119","pdf_url":"https://petsymposium.org/popets/2023/popets-2023-0119.pdf","source":{"id":"https://openalex.org/S4210183172","display_name":"Proceedings on Privacy Enhancing Technologies","issn_l":"2299-0984","issn":["2299-0984"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320322","host_organization_name":"De Gruyter Open","host_organization_lineage":["https://openalex.org/P4310320322","https://openalex.org/P4310313990"],"host_organization_lineage_names":["De Gruyter Open","De Gruyter"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings on Privacy Enhancing Technologies","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"hybrid","oa_url":"https://petsymposium.org/popets/2023/popets-2023-0119.pdf","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5050616031","display_name":"Yana Dimova","orcid":"https://orcid.org/0000-0001-6558-2062"},"institutions":[{"id":"https://openalex.org/I196972281","display_name":"Imec the Netherlands","ror":"https://ror.org/01ezq2j76","country_code":"NL","type":"facility","lineage":["https://openalex.org/I196972281"]},{"id":"https://openalex.org/I99464096","display_name":"KU Leuven","ror":"https://ror.org/05f950310","country_code":"BE","type":"education","lineage":["https://openalex.org/I99464096"]}],"countries":["BE","NL"],"is_corresponding":true,"raw_author_name":"Yana Dimova","raw_affiliation_strings":["imec-DistriNet, KU Leuven"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"imec-DistriNet, KU Leuven","institution_ids":["https://openalex.org/I196972281","https://openalex.org/I99464096"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5061602585","display_name":"Tom Van Goethem","orcid":"https://orcid.org/0000-0001-6846-9081"},"institutions":[{"id":"https://openalex.org/I1291425158","display_name":"Google (United States)","ror":"https://ror.org/00njsd438","country_code":"US","type":"company","lineage":["https://openalex.org/I1291425158","https://openalex.org/I4210128969"]},{"id":"https://openalex.org/I99464096","display_name":"KU Leuven","ror":"https://ror.org/05f950310","country_code":"BE","type":"education","lineage":["https://openalex.org/I99464096"]}],"countries":["BE","US"],"is_corresponding":false,"raw_author_name":"Tom Van Goethem","raw_affiliation_strings":["Google / imec-DistriNet, KU Leuven"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Google / imec-DistriNet, KU Leuven","institution_ids":["https://openalex.org/I1291425158","https://openalex.org/I99464096"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5054031138","display_name":"Wouter Joosen","orcid":"https://orcid.org/0000-0002-7710-5092"},"institutions":[{"id":"https://openalex.org/I196972281","display_name":"Imec the Netherlands","ror":"https://ror.org/01ezq2j76","country_code":"NL","type":"facility","lineage":["https://openalex.org/I196972281"]},{"id":"https://openalex.org/I99464096","display_name":"KU Leuven","ror":"https://ror.org/05f950310","country_code":"BE","type":"education","lineage":["https://openalex.org/I99464096"]}],"countries":["BE","NL"],"is_corresponding":false,"raw_author_name":"Wouter Joosen","raw_affiliation_strings":["imec-DistriNet, KU Leuven"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"imec-DistriNet, KU Leuven","institution_ids":["https://openalex.org/I196972281","https://openalex.org/I99464096"]}]}],"institutions":[],"countries_distinct_count":3,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5050616031"],"corresponding_institution_ids":["https://openalex.org/I196972281","https://openalex.org/I99464096"],"apc_list":null,"apc_paid":null,"fwci":5.5033,"has_fulltext":true,"cited_by_count":10,"citation_normalized_percentile":{"value":0.95537696,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":95,"max":99},"biblio":{"volume":"2023","issue":"4","first_page":"452","last_page":"467"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11045","display_name":"Privacy, Security, and Data Protection","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/3312","display_name":"Sociology and Political Science"},"field":{"id":"https://openalex.org/fields/33","display_name":"Social Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}},"topics":[{"id":"https://openalex.org/T11045","display_name":"Privacy, Security, and Data Protection","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/3312","display_name":"Sociology and Political Science"},"field":{"id":"https://openalex.org/fields/33","display_name":"Social Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}},{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":0.9995999932289124,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11644","display_name":"Spam and Phishing Detection","score":0.9980000257492065,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/login","display_name":"Login","score":0.9284846782684326},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.6749474406242371},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.5932993292808533},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.5690377950668335},{"id":"https://openalex.org/keywords/authentication","display_name":"Authentication (law)","score":0.5596526861190796},{"id":"https://openalex.org/keywords/internet-privacy","display_name":"Internet privacy","score":0.539749026298523},{"id":"https://openalex.org/keywords/process","display_name":"Process (computing)","score":0.4556872844696045},{"id":"https://openalex.org/keywords/web-application","display_name":"Web application","score":0.4116928279399872}],"concepts":[{"id":"https://openalex.org/C113324615","wikidata":"https://www.wikidata.org/wiki/Q472302","display_name":"Login","level":2,"score":0.9284846782684326},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6749474406242371},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.5932993292808533},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5690377950668335},{"id":"https://openalex.org/C148417208","wikidata":"https://www.wikidata.org/wiki/Q4825882","display_name":"Authentication (law)","level":2,"score":0.5596526861190796},{"id":"https://openalex.org/C108827166","wikidata":"https://www.wikidata.org/wiki/Q175975","display_name":"Internet privacy","level":1,"score":0.539749026298523},{"id":"https://openalex.org/C98045186","wikidata":"https://www.wikidata.org/wiki/Q205663","display_name":"Process (computing)","level":2,"score":0.4556872844696045},{"id":"https://openalex.org/C118643609","wikidata":"https://www.wikidata.org/wiki/Q189210","display_name":"Web application","level":2,"score":0.4116928279399872},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.56553/popets-2023-0119","is_oa":true,"landing_page_url":"https://doi.org/10.56553/popets-2023-0119","pdf_url":"https://petsymposium.org/popets/2023/popets-2023-0119.pdf","source":{"id":"https://openalex.org/S4210183172","display_name":"Proceedings on Privacy Enhancing Technologies","issn_l":"2299-0984","issn":["2299-0984"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320322","host_organization_name":"De Gruyter Open","host_organization_lineage":["https://openalex.org/P4310320322","https://openalex.org/P4310313990"],"host_organization_lineage_names":["De Gruyter Open","De Gruyter"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings on Privacy Enhancing Technologies","raw_type":"journal-article"},{"id":"pmh:oai:lirias2repo.kuleuven.be:20.500.12942/724955","is_oa":true,"landing_page_url":"https://lirias.kuleuven.be/handle/20.500.12942/724955","pdf_url":"https://lirias.kuleuven.be/retrieve/91c26535-570c-449a-9669-2504985c91c7","source":{"id":"https://openalex.org/S4306401954","display_name":"Lirias (KU Leuven)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I99464096","host_organization_name":"KU Leuven","host_organization_lineage":["https://openalex.org/I99464096"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"Proceedings on Privacy Enhancing Technologies, vol. 2023` (4), (452-467)","raw_type":"info:eu-repo/semantics/acceptedVersion"}],"best_oa_location":{"id":"doi:10.56553/popets-2023-0119","is_oa":true,"landing_page_url":"https://doi.org/10.56553/popets-2023-0119","pdf_url":"https://petsymposium.org/popets/2023/popets-2023-0119.pdf","source":{"id":"https://openalex.org/S4210183172","display_name":"Proceedings on Privacy Enhancing Technologies","issn_l":"2299-0984","issn":["2299-0984"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320322","host_organization_name":"De Gruyter Open","host_organization_lineage":["https://openalex.org/P4310320322","https://openalex.org/P4310313990"],"host_organization_lineage_names":["De Gruyter Open","De Gruyter"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings on Privacy Enhancing Technologies","raw_type":"journal-article"},"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","score":0.4699999988079071,"display_name":"Peace, Justice and strong institutions"}],"awards":[],"funders":[{"id":"https://openalex.org/F4320322308","display_name":"KU Leuven","ror":"https://ror.org/05f950310"}],"has_content":{"grobid_xml":false,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4385517833.pdf"},"referenced_works_count":26,"referenced_works":["https://openalex.org/W88388190","https://openalex.org/W1524855119","https://openalex.org/W2089775132","https://openalex.org/W2095462340","https://openalex.org/W2099474262","https://openalex.org/W2103933416","https://openalex.org/W2112995928","https://openalex.org/W2217843339","https://openalex.org/W2229250518","https://openalex.org/W2268157125","https://openalex.org/W2535603283","https://openalex.org/W2889521075","https://openalex.org/W2943725908","https://openalex.org/W3000190958","https://openalex.org/W3006928035","https://openalex.org/W3015767612","https://openalex.org/W3029205506","https://openalex.org/W3082521871","https://openalex.org/W3094309082","https://openalex.org/W3102080910","https://openalex.org/W3106386337","https://openalex.org/W3107473573","https://openalex.org/W4225085213","https://openalex.org/W4248985555","https://openalex.org/W4287284749","https://openalex.org/W4293097428"],"related_works":["https://openalex.org/W4256170434","https://openalex.org/W4233948907","https://openalex.org/W4235220108","https://openalex.org/W4315650027","https://openalex.org/W4238894392","https://openalex.org/W2357607877","https://openalex.org/W4238771742","https://openalex.org/W4235839583","https://openalex.org/W4311722428","https://openalex.org/W2912135041"],"abstract_inverted_index":{"The":[0],"management":[1],"of":[2,36,68,78,104,122,160,185,188],"many":[3],"different":[4],"login":[5,96,132,167],"credentials":[6],"can":[7],"be":[8,73],"tricky":[9],"for":[10,83],"the":[11,28,37,44,98,123,139,158,161,179,186,194],"average":[12],"web":[13],"user.":[14,140],"OAuth":[15,107,176],"eases":[16],"this":[17],"process":[18],"by":[19,75],"invoking":[20],"identity":[21],"providers":[22],"(IdPs)":[23],"as":[24],"intermediaries,":[25],"which":[26,79],"identify":[27],"users":[29],"and":[30,61],"access":[31,150],"their":[32,41],"data":[33,190],"on":[34,94,97],"behalf":[35],"website,":[38],"without":[39],"sharing":[40],"credentials.":[42],"However,":[43],"information":[45,125,137],"that":[46,63,102,118,134,148,175],"IdPs":[47,64],"share":[48],"with":[49,168,193],"websites":[50,105,129],"is":[51,126,177],"not":[52,81,155],"always":[53],"limited":[54],"to":[55,72,151,156],"basic":[56],"data.":[57],"Our":[58],"work":[59],"observes":[60],"documents":[62],"make":[65],"a":[66,91,143,170],"variety":[67],"resources":[69],"(scopes)":[70],"available":[71],"requested":[74,124],"websites,":[76],"most":[77],"are":[80],"necessary":[82],"user":[84],"identification":[85],"(e.g.,":[86],"location,":[87],"interests).":[88],"By":[89],"performing":[90],"large-scale":[92],"analysis":[93,145],"OAuth-based":[95,166],"web,":[99],"we":[100,146,173],"show":[101,117],"18.53%":[103],"using":[106],"request":[108],"at":[109,119],"least":[110,120],"one":[111],"non-minimal":[112],"scope.":[113],"Additionally,":[114],"our":[115],"findings":[116],"part":[121],"redundant":[127],"since":[128],"provide":[130],"alternative":[131],"methods":[133],"require":[135],"less":[136],"from":[138],"Moreover,":[141],"through":[142],"manual":[144],"observe":[147],"revoking":[149],"these":[152],"scopes":[153],"seems":[154],"hinder":[157],"functionality":[159],"website.":[162,195],"Finally,":[163],"when":[164],"comparing":[165],"registering":[169],"new":[171],"account,":[172],"find":[174],"often":[178],"more":[180],"privacy-friendly":[181],"option":[182],"in":[183],"terms":[184],"amount":[187],"personal":[189],"being":[191],"shared":[192]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":2},{"year":2024,"cited_by_count":7}],"updated_date":"2026-05-21T06:26:12.895304","created_date":"2025-10-10T00:00:00"}