PrivacyOnline Users Manipulated into Sharing Private Information Online

Published 23 December 2020

Online users are more likely to reveal private information based on how website forms are structured to elicit data, BGU researchers have determined.

Online users are more likely to reveal private information based on how website forms are structured to elicit data, Ben Gurion University researchers have determined.

The intriguing study, “Online Disclosure Depends on How You Ask for Information,” was presented at the 41st International Conference on Information Systems (ICIS 2020), held virtually this year, December 12-16. The BGU researchers’ findings convey significant implications for user privacy as well as online data capture.

“The objective was to demonstrate that we are able to cause smartphone and PC users of online services to disclose more information by measuring the likelihood that they sign-up for a service simply by manipulating the way information items (name, address, email) were presented,” says Prof. Lior Fink (pictured above), head of the BGU Behavioral Information Technologies (BIT) Lab and a member of the Department of Industrial Management and Engineering.

The BGU researchers showed that by using digital “foot-in-the-door” techniques, such as requesting personal information from less important to more private (ascending privacy-intrusion order), websites can successfully entice users to reveal more of their private information. Similarly, by placing each request on consecutive, separate webpages, users are more likely to reveal more private data. Websites can further manipulate their users by spreading out information requests over the course of several pages, rather than consolidating all requests on one page.

The researchers collaborated with Rewire, a Tel Aviv neobank (a virtual or online bank) providing international money transfer services. They examined the activities of 2,504 users who were asked to provide their country, full name, phone number, and email address as part of the sign-up process.

“We found that both manipulations independently increased the likelihood of sign-up and conversion,” Fink says. “The ascending privacy intrusion manipulation increased sign-up by 35% and the multiple-page manipulation increased sign-up by 55%.”

The general public and regulators should be made aware of these vulnerabilities since it is so easy to capture more private information, despite their privacy concerns,” says lead researcher and BGU student Naama Ilany-Tzur. “At the same time, this research has important marketing implications as legitimate companies and marketers are always seeking to maximize the amount of data they can capture on individuals and the optimal way to achieve this.”