SSO’s Utopian Promise Is Based on Flawed Assumptions

Single-sign-on authentication (SSO) for licensed library e-resources is growing in popularity, touted as a valuable tool supporting the personalization of user experiences while maintaining user privacy. Such proposals, however, are based on assumptions that are not well supported by evidence. This paper addresses three such flawed assumptions: that SSO assures privacy; that all authorized patrons have SSO credentials; and that personalization is desirable to libraries and their patrons. In reality, privacy is merely one possible SSO configuration, not a guarantee; walk-in library patrons do not have SSO credentials; and there is a growing body of evidence that existing personalization algorithms, and the data collection practices that feed them, cause great harm to users and to society. In this paper, I present Cornell University Library’s experiences and concerns surrounding these particular issues, which lead us to oppose SSO authentication for our licensed e-resources unless certain conditions are met.