- Web navigation enables easy access to vast amounts of information and services. However, it also poses a major risk to users' privacy. Various eavesdroppers constantly attempt to violate users' privacy by tracking their navigation activities and inferring their interests and needs (profiles). Users who wish to keep their intentions secret forego useful services to avoid exposure. The computer security community has concentrated on improving users' privacy by concealing their identity on the Web. However, users may want or need to identify themselves over the Net to receive certain services but still retain their interests, needs, and intentions in private. PRAW—a PRivAcy model for the Web suggested in this paper—is aimed at hiding users' navigation tracks to prevent eavesdroppers from inferring their profiles but still allowing them to be identified. PRAW is based on continuous generation of fake transactions in various fields of interests to confuse eavesdroppers' automated programs, thus providing them false data. A privacy measure is defined that reflects the difference between users' actual profile and the profile that eavesdroppers might infer. A prototype system was developed to examine PRAW's feasibility and conduct experiments to test its effectiveness. Encouraging results and their analysis are presented, as well as possible attacks and known limitations. © 2005 Wiley Periodicals, Inc.