“I’m Not a Millionaire”: How Users’ Online Behaviours and Offline Behaviours Impact Their Privacy

This study found that users frequently disclose personal information online, which can lead to serious consequences. Research has shown that publicly available personal information can be used to identify individuals. A determined attacker can obtain a considerable amount of personal information through simple searches or physical proximity.

During a 90-minute in-person session,  27 participants completed a demographics questionnaire, a semi-structured interview, and two hands-on tasks to determine their publicly accessible PII online. For each social media account, the participants looked up their general account information (e.g., friend count, privacy settings), searched for specific types of PII (e.g., name, phone number), and recorded the presence of these PII. 

 Participants in the study had visible personal information on social media and web search results. Participants used various strategies to protect their personal information, such as keeping possessions close and using authentication measures. However, some participants exhibited behaviors that jeopardized their security and privacy.  

The investigators note that “The study had a small number of participants and may not be representative of the general population. Conducting the study with more participants would be valuable, but there are anticipated challenges.

Participants in a study were surprised to find that they had leaked significant amounts of personally identifiable information (PII) through their online presence and potentially further exposed it through their offline behaviors, leading them to take immediate rectifying actions.