How Savvy Are You About Your Online Security?

U.S. Internet users are dangerously ignorant about the types of data that Web site owners collect from them and how that data is used, a new study has found.

This lack of awareness makes U.S. Internet users vulnerable to online exploitation, such as personal information misuse, fraud, and overcharging, according a study conducted by the University of Pennsylvania's Annenberg Public Policy Center.

For the study, titled "Open to Exploitation: American Shoppers Online and Offline" and released today, 1500 adult U.S. Internet users were asked true-or-false questions about topics such as Web site privacy policies and retailers' pricing schemes.

Failing Grades

Most respondents failed the test, correctly answering, on average, 6.7 of the 17 questions. The study's interviews, conducted between early February and mid-March 2005, yielded some findings the authors consider alarming, including:

  • 75 percent of respondents wrongly believe that if a Web site has a privacy policy, it will not share their information with third parties.
  • Almost half of respondents (49 percent) can't identify "phishing" scam e-mail messages, which information thieves dress up to look as though they came from a legitimate company, such as a bank or store, to lure users into entering sensitive information. Requested information might include Social Security numbers, passwords, and bank account numbers.
  • 62 percent of respondents don't know that an online store can simultaneously charge different prices for the same item based on information it has on different shoppers--a practice that can make users victims of what the study's authors call "price discrimination."

To address the problems identified in the study, the Annenberg Public Policy Center is proposing three measures:

  • The U.S. Federal Trade Commission should mandate that Web sites replace the term "Privacy Policy" with "Using Your Information" to combat users' misconception that those documents are Web sites' pledges not to share their information with third parties.
  • Consumer education and media literacy should be taught in elementary, middle, and high schools in the United States.
  • By government decree, online retailers should be required to disclose what data they have collected about customers, and when and how they will use that data.

If you'd like to take the test yourself, go here.

Subscribe to the Security Watch Newsletter

Comments