Human-Computer Interaction Institute
School of Computer Science, Carnegie Mellon University


Incognito Online: Why and How People Hide Their Information

Ruogo Kang

September 2015

Ph.D. Thesis


Keywords: Internet, human-computer interaction, computer-mediated communication, privacy, security, privacy threat, anonymity, information disclosure, online community, social media, technical knowledge, mental model, privacy protective strategies.

The online communication landscape has changed significantly from the early days of the Internet. In most developed countries, people are constantly connected through the Internet to almost everyone else in their lives, everywhere they go. The Internet makes their lives more convenient, but unintentional exposure of personal information to unexpected audiences can cause them emotional and tangible damage. After information leakage, some people adopt remedies such as selfcensoring posts on social media, changing their passwords, not registering on websites, and using anonymous communication tools. Many people, however, do not take any action. Some feel that anything they do will be ineffective. This thesis investigates the circumstances under which people hide their information online, their motivations, and how they do so.

Understanding people's attempts to hide their information is important because there are many potential threats from different sources to their privacy online. Much prior research in information privacy focuses on how people manage their privacy in relation to organizations such as advertisers and companies; other work examines how people manage privacy in relation to other individuals. We still lack a comprehensive understanding of how people understand different privacy threats in their daily use of the Internet, and how they make decisions to protect their privacy from different sources of threat.

The first part of this thesis explores the motivations and strategies of those who have tried to hide their identity online. I conducted two interview studies: one a study of people who have sought anonymity online, and the other of those who have used anonymous communication applications, such as Whisper, YikYak and Secret, on mobile phones. Participants' reasons for seeking anonymity ranged widely, from protecting family from unpleasant gossip (a threat to social privacy) to hiding from hackers or government surveillance (a threat to information privacy). Their personal background and experiences influenced how they identified sources of privacy threat and took action to hide from those threats.

The second part of this dissertation examines various factors that influence people's intentions and decisions to protect their information and social privacy online. I conducted two surveys to examine how individuals' social orientation, past negative experiences, and technical knowledge shaped their perceptions of different privacy threats, and how those perceptions motivated their use of different strategies to hide from each kind of threat. Building on those surveys, I conducted a think-aloud interview study to understand, in depth, how technical knowledge of the Internet and computing affects people's perception of threat and their behaviors mitigating privacy threats online. Participants were asked to draw how they thought the Internet works and how their information passed over the Internet. I found that nontechnical participants lacked awareness of the complex structure and important entities in the Internet. Technical participants were more knowledgeable but they tended to be overconfident, leading them to potentially overlook or misplace some privacy threats to their personal information. Based on that study, I designed and conducted an online experiment to examine the effects of different visualizations of the Internet on people’s perceptions of privacy threat and their intentions and actions to protect their privacy. Participants' technical knowledge and awareness of personal information access (as informed by system interfaces) had mixed effects on their behavioral intentions. An increased awareness of sources of social privacy threat (measured as perceived access of other individuals to their data) led to an increased intention to take privacy protection actions, but this intention did not translate into actual disclosure behavior. I conclude with a discussion of the possible reasons why participants' behavior did not change, including a poor mapping of intention to behavior measures and contextual reasons for not protecting privacy.

My findings across several studies showed that many people who use the Internet, at least sometimes, want to hide their identity, content, and interactions from threats to their information and social privacy. However, their concerns are not closely linked to their privacy protective actions. These findings suggest that a higher level of system transparency or more user education might not be effective in influencing people to take more secure online action. The findings suggest we need more research effort to improve policies and systems that can protect users' privacy and security online without undue reliance on their own behavior.

170 pages

Thesis Committee:
Sara Kiesler (Chair)
Laura Dabbish
Lorrie Cranor
Alessandro Acquisti

Anind K. Dey, Head, Human-Computer Interaction Institute
Andrew W. Moore, Dean, School of Computer Science

Return to: SCS Technical Report Collection
School of Computer Science homepage

This page maintained by