National Privacy Test Report


Results of the National Privacy Test Wrapped Up

National Privacy Test (NPT) is a digital security campaign that promotes cyber security and privacy among Internet users around the world. We seek to educate general public about cyber threats and the importance of data and information security in the digital age. The objective of this research is to determine the global level of awareness about online security and privacy as well as to provide practical advice.

The NPT research started on March 23, 2017, via an online survey of adult Facebook users, mainly targeting English-speaking population from the United States, the United Kingdom, Canada and Australia. At the end of the first stage, 4,636 respondents have completed the survey, with an average score of 48%. More detailed results and preliminary insights are provided on this report page.

Knowledge Questions Overview

In this section, questions were designed to test the level of knowledge Internet users possess about online privacy and security. The questions cover various topics, such as metadata collection, both public and home Wi-Fi security, and privacy threats caused by information sharing on social networks. Also, respondents were asked if they are able to recognize secure and unsecure websites based on URLs given. Answers to these knowledge questions allow drawing insights about how well Internet users are informed on security and privacy topics and whether the awareness differs among countries.

Behavior Questions Overview

The aim of the behavioral questions section is to check how Internet users react to common situations happening online, as well as how they manage their personal accounts and devices in terms of security. For example, with more and more services implementing 2-factor authentication as a security measure to prevent user accounts from being hijacked, we want to know how people are adopting this feature in practice. The questions in this section also cover antivirus usage, the way Internet users handle scam emails or if there are any signs of being overly paranoid about privacy.

Product Questions Overview

The section of product questions is focused on several categories of digital products – messaging apps, cloud storage and email providers. The questions in this short section are aimed to help to find out whether Internet users know which service providers are recommended by various security experts as the most privacy-focused. The questions were designed to feature both the most popular brands and those less mainstream but highly oriented to personal data security and privacy.

Key Takeaways

One of the main goals of this project was to find out the extent of general awareness about online privacy and security. We had a hypothesis that an average Internet user is somewhat familiar with the major threats that are featured in media frequently, but may struggle with specific actions and tools required to avoid them. The test results have largely confirmed this theory but also provided more specific insights into user assumptions and behavior.


Users are aware of basic security issues

The vast majority of those who took the test (92%) can identify a truly strong password and 95% can spot a suspicious email posing as a request from their bank.


Only main types of collected private data are well known

Most of the respondents were able to correctly identify at least the main types of private data collected by Internet service providers and web browsers. As expected, users know that their browsing habits, locations and IP addresses are tracked. However, less than 25% knew that browser tracking goes as far as collecting data about font preferences and screen resolutions.


Users hold contradictory beliefs about actions on public Wi-Fi

While checking a bank account on a public hotspot is assumed to be very risky (less than 2% agree that is safe), entering banking credentials to make a purchase online is seen as a lesser risk (23% think it is safe). This points to a lack of understanding of just how vulnerable users can be on public networks, where the level of security is unknown and anyone with basic hacking skills can access sensitive data of everyone connected.


Unexpectedly, Gmail is perceived as privacy-focused

Although most of the respondents struggled to decide which email providers are privacy-focused, 37% chose Gmail––likely because of its brand strength and overwhelming popularity. What makes this result rather unexpected is the fact that private Gmail messages are scanned by Google and then used to improve custom ad targeting.


Information overload is confusing to Internet users

Only slightly over 50% of the respondents realized that an email confirming a genuine online purchase does not pose a security threat. The outcome shows that the topics of online privacy and security can be very confusing for an average Internet user. If they are surrounded with information on various threats for long enough, every little thing starts looking like another phishing attempt.

Need exclusive insights by our security experts?

Demographic Overview

Who answered our questions?

NPT distributed a self-selected online survey on Facebook, mainly targeting English-speaking users from the United States, the United Kingdom, Canada and Australia. At the end of the first stage, 4,636 respondents have completed the survey, with an average score of 48%.

Main Countries

The survey was taken by similar numbers of respondents from the main four countries.

Respondents’ Gender

Almost half of the survey takers were male, while around a quarter chose to not disclose their gender.

Respondents’ Age

Around a quarter of respondents preferred to keep their age unknown.

Score by country

The test was targeted mainly to English-speaking Internet users from Australia, Canada, the United Kingdom and the United States. If comparing the results among countries, Australia takes the lead with the overall score of 52%. It is a slightly higher result than the average of the whole sample (48%). Australians demonstrating better knowledge regarding online security and privacy might be related to the country’s recent controversial metadata retention law, which requires telecommunications companies to collect and store customers data for at least two years.

Nevertheless, there is no significant difference between the scores of these four countries. As the average results only reach around 50%, it is clear that increasing awareness of online security and privacy is relevant to Internet users, irrespective of the country they come from.

  • Australia

    Australia average score

  • United States

    United States average score

  • United Kingdom

    United Kingdom average score

  • Canada

    Canada average score