Impact of Privacy Awareness on Attitudes and Behaviors Online Delfina Malandrino Dipartimento di Informatica Universit`a di Salerno I-84084, Fisciano (SA), ITALY Email: delmal@dia.unisa.it Vittorio Scarano Dipartimento di Informatica Universit`a di Salerno I-84084, Fisciano (SA), ITALY Email: vitsca@dia.unisa.it Raffaele Spinelli Dipartimento di Informatica Universit`a di Salerno I-84084, Fisciano (SA), ITALY Email: spinelli@dia.unisa.it ABSTRACT People on the Web are generating and disclosing an ever-increasing amounts of data, often without full awareness of who is recording what about them, and who is aggregating and linking pieces of data with context information, for a variety of purposes. Awareness can help users to be informed about what silently happens during their navigation while learn- ing from disclosure of personal information may help to discriminate potential harmful activities from daily and regular activities that can be performed online. Our main objective is to study whether a highly customized tool can help users to learn the value of privacy from their behaviors and make informed decisions to reduce their degree of exposure. To this aim, we present an evaluation study to analyze gen- eral perceptions, attitudes, and beliefs about privacy online, and to explore the resultant behaviors for two different groups of participants from an academic environment. I INTRODUCTION People everywhere are generating an ever-increasing amounts of data, often without being fully aware of who is tracking their actions, gathering their infor- mation, and aggregating them in order to provide free services and targeted advertising [1]. Although the behavioral advertising practice increases the ef- fectiveness of the marketer’s campaigns 1 , it also has given rise to privacy concerns since private informa- tion may be collected and centralized by a limited number of companies [3]. Targeted advertising heav- ily relies on the use of valuable information that could lead to an accurate reconstruction of users’ inter- ests profile. Private information may be leaked to third party entities [4], that often intervene as unin- vited guests during Web searches, online shopping, online business and financial transactions, social ac- tivities or during any type of communications on the Web. However, the risk is about the final use of these pseudo-anonymous data, that linked with personally identifiable information (i.e., phone number, credit card number, social security number and so on), may be disclosed or explicitly sold to third party entities. These data could be potentially used for secondary activities, such as identity theft, social engineering attacks, online and physical stalking and so on [5–8]. Recent statistics show that 63% of users agreed with a statement of concern for third party monitoring activ- ities [9]. In another study Krishnamurthy et al. high- lighted the criticality of the problem showing that 56% of sites analyzed (75% when considering userids) directly leak sensitive and identifiable information to third party aggregators [10]. The disclosure of per- sonal information to third party sites, without users’ permissions or consents, represents the greatest con- cern among Internet users, that call for more effective solutions to protect themselves against invasions into their private affairs. Various meanings and dimensions of privacy have been discussed in literature [11, 12], even without a meaningful and accepted definition for it. More specifically, privacy has been defined as synonymous of the “right to be let alone” [13], or as synonymous of the right to prevent the disclosure of personal in- formation [14]. Privacy has been also defined as the ability of the individual to control the terms under which his/her personal information is acquired and used [15]. The contextual nature is evident in sev- eral other definitions: “Individuals have privacy to the extent that others have limited access to informa- tion about them, to the intimacies of their lives, to their thoughts or their bodies” [16]. Individuals are different in their thoughts and beliefs with behaviors that change according to environmental and personal factors or user’s orientation [17]. Finally, individuals are continuously searching for a balance between the desire for privacy and the desire for personal commu- nication with others [18]. In this work we want to analyze if by making peo- ple aware of the information they reveal about them- selves, they would take steps to prevent it. To this aim, we carried out a descriptive quantitative study to analyze whether a privacy-enhancing technology 1 Behavioral advertising is more than twice as effective as non-targeted ads [2] Page 1 of 18 c ⃝ASE 2012