438
Views
0
CrossRef citations to date
0
Altmetric
Articles

I have a Facebook account, therefore I am – authentication with social networks

ORCID Icon
Pages 211-223 | Received 01 Nov 2017, Accepted 12 Mar 2018, Published online: 29 May 2018
 

ABSTRACT

Social login is the use of a social network account to get access to other services. Since the internet in its architecture does not have the possibility to identify the internet user, for many services, social logins are the solution to authenticate users without the need to set up individual identity management systems. Social logins are not useful for all types of services, however, and the potential lock-in and lock-out of users needs to be considered.

Disclosure statement

No potential conflict of interest was reported by the author .

Notes

1 Various different identity management systems exist, for different applications (e.g. e-government, e-commerce, games and social media services, company specific internal access systems, etc.). The technology and initiatives are constantly evolving (see, for example, for an overview of the evolution of standards and technologies for user identity management from 1999 till 2013 (Jøsang Citation2014)).

2 Official term used in the literature, though sometimes also other terms are used, e.g. identity intermediary. In fact, this role can be divided across different entities, including e.g. a registration and/or an authentication authority.

3 From the Statista report, ‘Social login preference of global internet users as of 2nd quarter 2016’ Facebook has a share of 53.1%, Google+ 44.8% and Twitter, LinkedIn and others around 1% or below.

4 However, since the assessment of controller is a factual assessment, it is also possible that they could be considered joint controllers. E.g. the AG in case C-210/16 considered the administrator of a fan page on Facebook as joint controller of the processing of personal data that is carried out for the purpose of compiling viewing statistics for that fan page (Opinion of Advocate General Bot, delivered on 24 October 2017, Case C-210/16 Unabhängiges Landeszentrum für Datenschutz Schleswig-Holstein v Wirtschaftsakademie Schleswig-Holstein GmbH, nr 77). However, in that case both the administrator and Facebook use the viewing statistics, while in case of social login it seems that Facebook simply transfers the information to the relying party and therefore it is more likely a case of separate controllers.

5 However, it might still be considered, e.g. the UK NHS, see Marshall (Citation2016), and providers might use more reliable identification in future (e.g. Airbnb uses a combination of the offline identity (e.g. copy of ID card) and online identity (e.g. Facebook login) to authenticate its users (Airbnb verified ID: Airbnb. 2013. Introducing Airbnb verified ID. 30 April, 2013. https://blog.atairbnb.com/introducing-airbnb-verified-id/). In principle, Airbnb could then again become an identity provider with a more reliable identification than, e.g. Facebook.

6 For example, often the strict real name policy can be a reason for termination, as the author Salman Rushdie found, Wilson (Citation2011). Other examples: Leydon (Citation2013) and McCue (Citation2012). See also Van Alsenoy et al. (Citation2015) for more examples of Facebooks reasons for termination.

Reprints and Corporate Permissions

Please note: Selecting permissions does not provide access to the full text of the article, please see our help page How do I view content?

To request a reprint or corporate permissions for this article, please click on the relevant link below:

Academic Permissions

Please note: Selecting permissions does not provide access to the full text of the article, please see our help page How do I view content?

Obtain permissions instantly via Rightslink by clicking on the button below:

If you are unable to obtain permissions via Rightslink, please complete and submit this Permissions form. For more information, please visit our Permissions help page.