- Privacy is becoming a serious challenge in computerized environments, especially the Web where many companies constantly attempt to violate the privacy of users. When a user requests a service on the Internet, an eavesdropper can reveal his identity, the WEB site he accesses (end server), the link between them, and infer private information about the user. The computer security community has concentrated on improving user privacy by hiding his identifiable tracks on the WEB, thus assuring his anonymity while surfing. However, users may want or need to identify themselves over the net but still retain their information needs and profile in private. The privacy model suggested in this paper is aimed at preserving users’ privacy while allowing them to identify themselves to various services, and prevents eavesdroppers from using identifiable users’ tracks to construct a user profile. The model is based on the generation of faked transactions in various fields of interest in order to prevent the eavesdropper from accurate derivation of the user profile. The basic idea underlying the model is to confuse the eavesdropper’s automated programs with wrong data. A privacy measure is defined that reflects the degree of confusion a system can cause to the eavesdropper. A prototype system was developed to check the feasibility of the model and to conduct experiments to examine its effectiveness.