How well do people understand the privacy implications of sharing information online and how well do they apply that knowledge? According to some recent research from Carnegie Mellon University, they do much better on the understanding than they do on the application. In a paper, Strangers on a Plane: Context-dependent Willingness to Divulge Sensitive Information to be published in the February 2011 issue of the Journal of Consumer Research, Leslie K. John, Alessandro Acquisti, and George Loewenstein report on a series of experiments where they asked their subjects to fill out on-line questionnaires soliciting sensitive information. What they found was that even when people picked up on clues that the disclosure might be hazardous, they provided it anyway. Even more surprising, their likelihood of providing information was often inversely proportional to the perceived risk.
In the first experiment, 890 visitors to John Tierney's New York Times blog were invited to rate the ethicality of various behaviors, ranging from "littering in a public place" to "cheating on one’s tax return." Half the participants were asked point blank if they had themselves engaged in the questionable behavior while the other half was asked in a way that was incidental to the rating of the behavior. The result was that participants who were asked indirectly were 1.48 times as likely to admit in engaging in those activities, even though most (88%) had provided their email addresses in advance.
In a second experiment, laptop computers were placed around the CMU campus and solicited responses from 200 students to a questionnaire on "student behavior." Three versions of the questionnaire were prepared. They all ask the same questions about such sensitive and incriminating behaviors as drug use and drunk driving. One version (below left) presented a devil face with the legend "How BAD Are U???" while the other displayed the university seal and the title “Carnegie Mellon University Executive Council Survey on Ethical Behaviors” (right). A third more neutral version served as a baseline. While the subjects rated the devil-face as more risky, when it came to answering the questions they were 1.98 times as likely to admit incriminating information to that site than they were to the more professional looking version.
This result led to two possible explanations. One was that the devil-face version caused the participants to perceive the described behaviors as more socially acceptable. The other, which the experimenters favored, was that the unprofessional interface caused the questions to be perceived as less intrusive.
In a third experiment, the subjects were asked to rate the intrusiveness of the questions and the desirability of the behaviors, with the finding that the desirability of the behaviors were the same on both versions but questions on the devil-face version were perceived as less intrusive.
The final experiment was designed to see if the amount of information revealed could be affected by raising the subjects' privacy concerns before asking the questions. The control group was given a (neutral) photo-identification task - to "find the endangered fish" while the other group was given the privacy-sensitizing task of identifying phishing emails. As the experimenters suggested, when subjects were this pre-sensitized, there was no difference in the amount of disclosed information no matter which version of the web site was presented.
At the end of the paper, the authors explain the "Strangers on a Plane" allusion, which refers to the tendency of people to tell things to total strangers under the assumption that they are unlikely to see that person again, i.e. "What happens in Vegas, stays in Vegas." Like Las Vegas, web sites often lack the cues that would remind us of the consequences of our actions.