Emotional and Practical Considerations Towards the Adoption and Abandonment of VPNs as a Privacy-Enhancing Technology

Open access

Abstract

Virtual Private Networks (VPNs) can help people protect their privacy. Despite this, VPNs are not widely used among the public. In this survey study about the adoption and usage of VPNs, we investigate people’s motivation to use VPNs and the barriers they encounter in adopting them. Using data from 90 technologically savvy participants, we find that while nearly all (98%; 88) of the participants have knowledge about what VPNs are, less than half (42%; 37) have ever used VPNs primarily as a privacy-enhancing technology. Of these, 18% (7) abandoned using VPNs while 81% (30) continue to use them to protect their privacy online. In a qualitative analysis of survey responses, we find that people who adopt and continue to use VPNs for privacy purposes are primarily motivated by emotional considerations, including the strong desire to protect their privacy online, wide fear of surveillance and data tracking not only from Internet service providers (ISPs) but also governments and Internet corporations such as Facebook and Google. In contrast, people who are mainly motivated by practical considerations are more likely to abandon VPNs, especially once their practical need no longer exists. These people cite their access to alternative technologies and the effort required to use a VPN as reasons for abandonment. We discuss implications of these findings and provide suggestions on how to maximize adoption of privacy-enhancing technologies such as VPNs, focusing on how to align them with people’s interests and privacy risk evaluation.

If the inline PDF is not rendering correctly, you can download the PDF file here.

  • [1] J. Penney “Internet surveillance regulation and chilling effects online: a comparative case study” 2017.

  • [2] F. Schaub “The implications of the fcc’s net neutrality repeal” Media and Communication vol. 6 no. 3 pp. 69–72 2018.

  • [3] J. Gillula “Five creepy things your isp could do if congress repeals the fcc’s privacy protections” Mar 2017. [Online]. Available: https://www.eff.org/deeplinks/2017/03/five-creepy-things-your-isp-could-do-if-congress-repeals-fccs-privacy-protections

  • [4] A. Kalia “Here’s how to protect your privacy from your internet service provider” 3rd Apr 2017. [Online]. Available: https://www.eff.org/deeplinks/2017/04/heres-how-protect-your-privacy-your-internet-service-provider

  • [5] P. Ferguson and G. Huston “What is a vpn?” Tech. Rep. 1st June 1998. [Online]. Available: https://www.cisco.com/c/en/us/about/press/internet-protocol-journal/back-issues/table-contents-18/what-is-a-vpn.html

  • [6] M. T. Khan J. DeBlasio G. M. Voelker A. C. Snoeren C. Kanich and N. Vallina-Rodriguez “An empirical analysis of the commercial vpn ecosystem” in Proceedings of the Internet Measurement Conference 2018. ACM 2018 pp. 443–456.

  • [7] A. Acquisti L. Brandimarte and G. Loewenstein “Privacy and human behavior in the age of information” Science vol. 347 no. 6221 pp. 509–514 2015.

  • [8] O. Valentine “Vpn usage and trends around the world in 2018 - globalwebindex” 2nd Jul 2018. [Online]. Available: https://blog.globalwebindex.com/chart-of-theday/vpn-usage-2018/

  • [9] R. Marvin “Breaking down vpn usage around the world” 21st Sep 2018. [Online]. Available: https://www.pcmag.com/news/363869/breaking-down-vpn-usage-around-the-world

  • [10] A. Smith and A. Smith “What americans knows about cybersecurity” Tech. Rep. 22nd Mar 2017. [Online]. Available: http://www.pewinternet.org/2017/03/22/what-the-public-knows-about-cybersecurity/

  • [11] M. E. Johnson and N. Willey “Usability failures and healthcare data hemorrhages” IEEE Security & Privacy vol. 9 no. 2 pp. 35–42 2011.

  • [12] J. J. Borking “Why adopting privacy enhancing technologies (pets) takes so much time” in Computers privacy and data protection: an element of choice. Springer 2011 pp. 309–341.

  • [13] T. Caulfield C. Ioannidis and D. Pym “On the adoption of privacy-enhancing technologies” in International Conference on Decision and Game Theory for Security. Springer 2016 pp. 175–194.

  • [14] R. Knight “National security or consumer privacy a question even siri couldn’t answer” IPCLJ vol. 1 pp. 1–11 2016.

  • [15] R. W. Reeder I. Ion and S. Consolvo “152 simple steps to stay safe online: Security advice for non-tech-savvy users” IEEE Security Privacy vol. 15 no. 5 pp. 55–64 2017.

  • [16] M. G. Maceli “Encouraging patron adoption of privacy-protection technologies:: Challenges for public libraries” IFLA Journal vol. 44 no. 3 pp. 195–202 2018. [Online]. Available: https://doi.org/10.1177/0340035218773786

  • [17] M. D. Molina A. Gambino and S. S. Sundar “Online privacy in public places: How do location terms and conditions and vpn influence disclosure?” in Extended Abstracts of the 2019 CHI Conference on Human Factors in Computing Systems ser. CHI EA ‘19. New York NY USA: ACM 2019 pp. LBW2616:1–LBW2616:6. [Online]. Available: http://doi.acm.org/10.1145/3290607.3312932

  • [18] R. Venkateswaran “Virtual private networks” IEEE Potentials vol. 20 no. 1 pp. 11–15 Feb 2001.

  • [19] N. P. Hoang and D. Pishva “Anonymous communication and its importance in social networking” in 16th International Conference on Advanced Communication Technology. IEEE 2014 pp. 34–39.

  • [20] S. Englehardt and A. Narayanan “Online tracking: A 1-million-site measurement and analysis” in Proceedings of the 2016 ACM SIGSAC conference on computer and communications security. ACM 2016 pp. 1388–1401.

  • [21] J. Nielsen Designing Web Usability: The Practice of Simplicity. Thousand Oaks CA USA: New Riders Publishing 1999.

  • [22] G. Norcie K. Caine and L. J. Camp “Eliminating stop-points in the installation and use of anonymity systems: a usability evaluation of the tor browser bundle” in 5th Workshop on Hot Topics in Privacy Enhancing Technologies (HotPETS). Citeseer 2012.

  • [23] A. Whitten and J. D. Tygar “Why johnny can’t encrypt: A usability evaluation of pgp 5.0.” in USENIX Security Symposium vol. 348 1999.

  • [24] R. Abu-Salma M. A. Sasse J. Bonneau A. Danilova A. Naiakshina and M. Smith “Obstacles to the adoption of secure communication tools” in 2017 IEEE Symposium on Security and Privacy (SP). IEEE 2017 pp. 137–153.

  • [25] A. Alshalan S. Pisharody and D. Huang “A survey of mobile vpn technologies” IEEE Communications Surveys & Tutorials vol. 18 no. 2 pp. 1177–1196 2016.

  • [26] H. Hamed E. Al-Shaer and W. Marrero “Modeling and verification of ipsec and vpn security policies” in 13th IEEE International Conference on Network Protocols (ICNP’05). IEEE 2005 pp. 1–10.

  • [27] W. Quesenbery “The five dimensions of usability” in Content and complexity. Routledge 2014 pp. 93–114.

  • [28] P. Lew L. Olsina and L. Zhang “Quality quality in use actual usability and user experience as key drivers for web application evaluation” in International Conference on Web Engineering. Springer 2010 pp. 218–232.

  • [29] F. D. Davis “A technology acceptance model for empirically testing new end-user information systems: Theory and results” Ph.D. dissertation Massachusetts Institute of Technology 1985.

  • [30] L. R. Vijayasarathy “Predicting consumer intentions to use on-line shopping: the case for an augmented technology acceptance model” Information & management vol. 41 no. 6 pp. 747–762 2004.

  • [31] P. J. Hu P. Y. Chau O. R. L. Sheng and K. Y. Tam “Examining the technology acceptance model using physician acceptance of telemedicine technology” Journal of management information systems vol. 16 no. 2 pp. 91–112 1999.

  • [32] C. M. Jones R. V. McCarthy L. Halawi and B. Mujtaba “Utilizing the technology acceptance model to assess the employee adoption of information systems security measures” Issues in Information Systems vol. 11 no. 1 pp. 9–16 2010.

  • [33] G. F. Loewenstein E. U. Weber C. K. Hsee and N. Welch “Risk as feelings.” Psychological bulletin vol. 127 no. 2 pp. 267–286 2001.

  • [34] R. P. Bagozzi “The legacy of the technology acceptance model and a proposal for a paradigm shift.” Journal of the association for information systems vol. 8 no. 4 pp. 243–254 2007.

  • [35] P. J. Schoemaker “The expected utility model: Its variants purposes evidence and limitations” Journal of economic literature pp. 529–563 1982.

  • [36] R. S. Laufer and M. Wolfe “Privacy as a concept and a social issue: A multidimensional developmental theory” Journal of social Issues vol. 33 no. 3 pp. 22–42 1977.

  • [37] R. L. Thompson C. A. Higgins and J. M. Howell “Personal computing: toward a conceptual model of utilization” MIS quarterly pp. 125–143 1991.

  • [38] H. C. Triandis “Values attitudes and interpersonal behavior.” in Nebraska symposium on motivation. University of Nebraska Press 1979.

  • [39] J. Colnago S. Devlin M. Oates C. Swoopes L. Bauer L. Cranor and N. Christin ““it’s not actually that horrible”: Exploring adoption of two-factor authentication at a university” in Proceedings of the 2018 CHI Conference on Human Factors in Computing Systems ser. CHI ‘18. New York NY USA: ACM 2018 pp. 456:1–456:11. [Online]. Available: http://doi.acm.org/10.1145/3173574.3174030

  • [40] M. Tavakol and R. Dennick “Making sense of cronbach’s alpha” International journal of medical education vol. 2 pp. 53–55 2011.

  • [41] H. Cho B. Knijnenburg A. Kobsa and Y. Li “Collective privacy management in social media: A cross-cultural validation” ACM Transactions on Computer-Human Interaction (TOCHI) vol. 25 no. 3 pp. 17–35 2018.

  • [42] M. Namara D. Wilkinson B. M. Lowens B. P. Knijnenburg R. Orji and R. L. Sekou “Cross-cultural perspectives on ehealth privacy in africa” in Proceedings of the Second African Conference for Human Computer Interaction: Thriving Communities ser. AfriCHI ‘18. New York NY USA: ACM 2018 pp. 7:1–7:11. [Online]. Available: http://doi.acm.org/10.1145/3283458.3283472

  • [43] J. S. Dumas J. S. Dumas and J. Redish A practical guide to usability testing. Intellect books 1999.

  • [44] K. Baxter C. Courage and K. Caine Understanding your users: a practical guide to user research methods. Morgan Kaufmann 2015.

  • [45] E. M. Redmiles Y. Acar S. Fahl and M. L. Mazurek “A summary of survey methodology best practices for security and privacy researchers” Tech. Rep. 2017.

  • [46] “Qualtrics: The leading research & experience software.” [Online]. Available: https://www.qualtrics.com/

  • [47] S. E. McGregor E. A. Watkins M. N. Al-Ameen K. Caine and F. Roesner “When the weakest link is strong: Secure collaboration in the case of the panama papers” in 26th {USENIX} Security Symposiumy (2017) 2017 pp. 505–522.

  • [48] M. B. Miles A. M. Huberman and J. Saldana Qualitative data analysis: A methods sourcebook. Sage 2014.

  • [49] M. Vaismoradi H. Turunen and T. Bondas “Content analysis and thematic analysis: Implications for conducting a qualitative descriptive study” Nursing & health sciences vol. 15 no. 3 pp. 398–405 2013.

  • [50] J. Cohen “A coefficient of agreement for nominal scales” Educational and psychological measurement vol. 20 no. 1 pp. 37–46 1960.

  • [51] M. L. McHugh “Interrater reliability: the kappa statistic” Biochemia medica: Biochemia medica vol. 22 no. 3 pp. 276–282 2012.

  • [52] Z. Bauman D. Bigo P. Esteves E. Guild V. Jabri D. Lyon and R. Walker “After snowden: Rethinking the impact of surveillance” International Political Sociology vol. 8 no. 2 pp. 121–144 2014.

  • [53] I. P. Act “Parliament uk. retrieved 12 january 2017” 2016.

  • [54] D. Lee “‘netflix for piracy’popcorn time saved by fans” BBC News–Technology vol. 17 2014.

  • [55] N. Manworren J. Letwat and O. Daily “Why you should care about the target data breach” Business Horizons vol. 59 no. 3 pp. 257–266 2016.

  • [56] T. Sharp “Theorizing cyber coercion: The 2014 north korean operation against sony” Journal of Strategic Studies vol. 40 no. 7 pp. 898–926 2017.

  • [57] C. Fennell and R. Wash “Do stories help people adopt two-factor authentication?” Studies vol. 1 no. 2 p. 3.

  • [58] A. M. McDonald and L. F. Cranor “The cost of reading privacy policies” Isjlp vol. 4 p. 543 2008.

  • [59] R. Tourangeau and T. Yan “Sensitive questions in surveys.” Psychological bulletin vol. 133 no. 5 pp. 859–883 2007.

Search
Journal information
Metrics
All Time Past Year Past 30 Days
Abstract Views 0 0 0
Full Text Views 12 12 12
PDF Downloads 13 13 13