Explaining the Technology Use Behavior of Privacy-Enhancing Technologies: The Case of Tor and JonDonym

  • 1 Goethe University Frankfurt, , Germany
  • 2 Goethe University Frankfurt, , Germany
  • 3 Goethe University Frankfurt, , Germany

Abstract

Today’s environment of data-driven business models relies heavily on collecting as much personal data as possible. Besides being protected by governmental regulation, internet users can also try to protect their privacy on an individual basis. One of the most famous ways to accomplish this, is to use privacy-enhancing technologies (PETs). However, the number of users is particularly important for the anonymity set of the service. The more users use the service, the more difficult it will be to trace an individual user. There is a lot of research determining the technical properties of PETs like Tor or JonDonym, but the use behavior of the users is rarely considered, although it is a decisive factor for the acceptance of a PET. Therefore, it is an important driver for increasing the user base.

We undertake a first step towards understanding the use behavior of PETs employing a mixed-method approach. We conducted an online survey with 265 users of the anonymity services Tor and JonDonym (124 users of Tor and 141 users of JonDonym). We use the technology acceptance model as a theoretical starting point and extend it with the constructs perceived anonymity and trust in the service in order to take account for the specific nature of PETs. Our model explains almost half of the variance of the behavioral intention to use the two PETs. The results indicate that both newly added variables are highly relevant factors in the path model. We augment these insights with a qualitative analysis of answers to open questions about the users’ concerns, the circumstances under which they would pay money and choose a paid premium tariff (only for JonDonym), features they would like to have and why they would or would not recommend Tor/JonDonym. Thereby, we provide additional insights about the users’ attitudes and perceptions of the services and propose new use factors not covered by our model for future research.

If the inline PDF is not rendering correctly, you can download the PDF file here.

  • [1] Ruba Abu-Salma, M Angela Sasse, Joseph Bonneau, Anastasia Danilova, Alena Naiakshina, and Matthew Smith. Obstacles to the Adoption of Secure Communication Tools. In IEEE Security & Privacy, pages 137 – 153, 2017.

  • [2] Alessandro Acquisti, Roger Dingledine, and Paul Syverson. On the Economics of Anonymity Alessandro. In International Conference on Financial Cryptography, pages 84–102. Springer Berlin Heidelberg, 2003.

  • [3] Icek Ajzen. The Theory of Planned Behavior. Organizational Behavior and Human Decision Processes, 50(2):179–211, 1991.

  • [4] Mashael Alsabah and Ian Goldberg. Performance and security improvements for tor: A survey. ACM Comput. Surv., 49(2):32:1–32:36, September 2016.

  • [5] Anonymized. Examining technology use factors of privacy-enhancing technologies: The role of perceived anonymity and trust. In 24th Americas Conference on Information Systems, AMCIS 2018, New Orleans, LA, USA, August 16-18, 2018. Association for Information Systems, 2018.

  • [6] James Ball. Hacktivists in the frontline battle for the internet. https://www.theguardian.com/technology/2012/apr/20/hacktivists-battle-internet, 2012.

  • [7] Mathieu Bédard. The underestimated economic benefits of the internet. Regulation series, The Montreal Economic Institute, 2016. Economic Notes.

  • [8] Zinaida Benenson, Anna Girard, and Ioannis Krontiris. User Acceptance Factors for Anonymous Credentials: An Empirical Investigation. 14th Annual Workshop on the Economics of Information Security (WEIS), pages 1–33, 2015.

  • [9] Zinaida Benenson, Anna Girard, Ioannis Krontiris, Vassia Liagkou, Kai Rannenberg, and Yannis C. Stamatiou. User Acceptance of Privacy-ABCs: An Exploratory Study. In Human–Computer Interaction, pages 375–386, 2014.

  • [10] John J. Borking and Charles Raab. Laws, PETs and Other Technologies for Privacy Protection. Journal of Information, Law and Technology, 1:1–14, 2001.

  • [11] Franziska Brecht, Benjamin Fabian, Steffen Kunz, and Sebastian Mueller. Are You Willing to Wait Longer for Internet Privacy? In ECIS 2011 Proceedings, 2011.

  • [12] Kathy Charmaz. Constructing Grounded Theory. Sage Publications, London, 2nd editio edition, 2014.

  • [13] Wynne W. Chin. The Partial Least Squares Approach to Structural Equation Modeling. In George A. Marcoulides, editor, Modern Methods for Business Research, pages 295–336. Lawrence Erlbaum, Mahwah, NJ, 1998.

  • [14] Alina M. Chircu, Gordon B. Davis, and Robert J. Kauffman. Trust, Expertise, and E-Commerce Intermediary Adoption. In AMCIS 2000 Proceedings, 2000.

  • [15] Richard Chirgwin. CloudFlare shows Tor users the way out of CAPTCHA hell, 2016.

  • [16] Jacob Cohen. Weighted kappa: Nominal scale agreement provision for scaled disagreement or partial credit., 1968.

  • [17] L. F. Cranor and S. Garfinkel. Security and Usability: Designing Secure Systems that People Can Use. O’Reilly, Farnham, 2008.

  • [18] F.D. Davis. A Technology Acceptance Model for Empirically Testing New End-User Information Systems: Theory and Results. Massachusetts Institute of Technology, 1985.

  • [19] F.D. Davis. Perceived Usefulness, Perceived Ease of Use, and User Acceptance of Information Technology. MIS Quarterly, 13(3):319–340, 1989.

  • [20] F.D. Davis, Richard P. Bagozzi, and Paul R. Warshaw. User Acceptance of Computer Technology: a Comparison of Two Theoretical Models. Management Science, 35(8):982–1003, 1989.

  • [21] Benjamin Fabian, Florian Goertz, Steffen Kunz, Sebastian Müller, and Mathias Nitzsche. Privately Waiting – A Usability Analysis of the Tor Anonymity Network. In AMCIS 2010 Proceedings, 2010.

  • [22] Martin Fishbein and Icek Ajzen. Belief, Attitude, Intention and Behavior: An Introduction to Theory and Research. Addison-Wesley, Reading, MA, 1975.

  • [23] R. A. Fisher. Statistical Methods for Research Workers. Oliver & Boyd, Edinburgh, 14 edition, 1970.

  • [24] Andrea Forte, Nazanin Andalibi, and Rachel Greenstadt. Privacy, anonymity, and perceived risk in open collaboration: A study of tor users and wikipedians. In CSCW, pages 1800–1811, 2017.

  • [25] Barney G. Glaser and Anselm L. Strauss. The Discovery of Grounded Theory. Aldine Pub., Chicago, 1967.

  • [26] J. Hair, G. Tomas M. Hult, Christian M. Ringle, and Marko Sarstedt. A Primer on Partial Least Squares Structural Equation Modeling (PLS-SEM). SAGE Publications, 2017.

  • [27] J. Hair, Christian M. Ringle, and Marko Sarstedt. PLS-SEM: Indeed a Silver Bullet. Journal of Marketing Theory and Practice, 19(2):139–152, 2011.

  • [28] David Harborth, Dominik Herrmann, Stefan Köpsell, Sebastian Pape, Christian Roth, Hannes Federrath, Dogan Kesdogan, and Kai Rannenberg. Integrating privacy-enhancing technologies into the internet infrastructure. arXiv preprint arXiv:1711.07220, 2017.

  • [29] David Harborth and Sebastian Pape. Examining Technology Use Factors of Privacy-Enhancing Technologies: The Role of Perceived Anonymity and Trust. In Twenty-fourth Americas Conference on Information Systems (AMCIS2018), pages 1–10, New Orleans, USA, 2018.

  • [30] David Harborth and Sebastian Pape. JonDonym Users’ Information Privacy Concerns. In L. Janczewski and M. Kutyłowski, editors, ICT Systems Security and Privacy Protection - 33rd IFIP TC 11 International Conference, SEC 2018, pages 170–184, Poznan, Poland, 2018. Springer, Cham.

  • [31] David Harborth and Sebastian Pape. How Privacy Concerns and Trust and Risk Beliefs Influence Users’ Intentions to Use Privacy-Enhancing Technologies - The Case of Tor. In Hawaii International Conference on System Sciences (HICSS) Proceedings, Hawaii, US, 2019.

  • [32] Dominik Herrmann, Jens Lindemann, Ephraim Zimmer, and Hannes Federrath. Anonymity online for everyone: What is missing for zero-effort privacy on the internet? In International Workshop on Open Problems in Network Security, pages 82–94. Springer, 2015.

  • [33] Rob Jansen, Marc Juarez, Rafael Galvez, Tariq Elahi, and Claudia Diaz. Inside Job: Applying Traffic Analysis to Measure Tor from Within. In Network and Distributed Systems Security (NDSS) Symposium, pages 1–15, 2018.

  • [34] Aaron Johnson, Chris Wacek, Rob Jansen, Micah Sherr, and Paul Syverson. Users get routed: Traffic correlation on tor by realistic adversaries. In Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security, CCS ’13, pages 337–348, New York, NY, USA, 2013. ACM.

  • [35] JonDos Gmbh. Official Homepage of JonDonym. https://www.anonym-surfen.de, 2018.

  • [36] Sheharbano Khattak, David Fifield, Sadia Afroz, Mobin Javed, Srikanth Sundaresan, Vern Paxson, Steven J. Murdoch, and Damon McCoy. Do you see what I see?: Differential treatment of anonymous users. In Network and Distributed System Security Symposium, 2016.

  • [37] R. Koch, M. Golling, and G. D. Rodosek. How anonymous is the tor network? a long-term black-box investigation. Computer, 49(3):42–49, Mar. 2016.

  • [38] Ioannis Krontiris, Zinaida Benenson, Anna Girard, Ahmad Sabouri, Kai Rannenberg, and Peter Schoo. Privacy-ABCs as a Case for Studying the Adoption of PETs by Users and Service Providers. In APF, pages 104–123, 2015.

  • [39] Linda Lee, David Fifield, Nathan Malkin, Ganesh Iyer, Serge Egelman, and David Wagner. A Usability Evaluation of Tor Launcher. Proceedings on Privacy Enhancing Technologies, (3):90–109, 2017.

  • [40] Naresh K. Malhotra, Sung S. Kim, and James Agarwal. Internet users’ information privacy concerns (IUIPC): The construct, the scale, and a causal model. Information Systems Research, 15(4):336–355, 2004.

  • [41] Naresh K. Malhotra, Sung S. Kim, and Ashutosh Patil. Common Method Variance in IS Research: A Comparison of Alternative Approaches and a Reanalysis of Past Research. Management Science, 52(12):1865–1883, 2006.

  • [42] Akshaya Mani, T. Wilson-Brown, Rob Jansen, Aaron Johnson, and Micah Sherr. Understanding Tor Usage with Privacy-Preserving Measurement. In 2018 Internet Measurement Conference (IMC’18), pages 1–13, 2018.

  • [43] Antonio Montieri, Domenico Ciuonzo, Giuseppe Aceto, and Antonio Pescapé. Anonymity services tor, i2p, jondonym: Classifying in the dark. In Teletraffic Congress (ITC 29), 2017 29th International, volume 1, pages 81–89. IEEE, 2017.

  • [44] Paul A. Pavlou. Consumer Acceptance of Electronic Commerce: Integrating Trust and Risk with the Technology Acceptance Model. International Journal of Electronic Commerce, 7(3):101–134, 2003.

  • [45] paysafecard.com Deutschland. Website paysafecard. https://www.paysafecard.com/de-de/, 2018.

  • [46] Andreas Pfitzmann and Marit Hansen. A terminology for talking about privacy by data minimization: Anonymity, unlinkability, undetectability, unobservability, pseudonymity, and identity management. 2010.

  • [47] Philip M Podsakoff, Scott B MacKenzie, J. Y. Lee, and Nathan P Podsakoff. Common method biases in behavioral research: a critical review of the literature and recommended remedies. Journal of Applied Psychology, 88(5):879–903, 2003.

  • [48] Christian M. Ringle, S. Wende, and Jan Michael Becker. SmartPLS 3. www.smartpls.com, 2015.

  • [49] L.D. Rosen, K. Whaling, L.M. Carrier, N.A. Cheever, and J. Rokkum. The Media and Technology Usage and Attitudes Scale: An empirical investigation. Comput Human Behav., 29(6):2501–2511, 2013.

  • [50] Saad Saleh, Junaid Qadir, and Muhammad U. Ilyas. Shedding light on the dark corners of the internet: A survey of tor research. Journal of Network and Computer Applications, 114:1 – 28, 2018.

  • [51] Carsten Schmitz. LimeSurvey Project Team. http://www.limesurvey.org, 2015.

  • [52] Blair H. Sheppard, Jon Hartwick, and Paul R. Warshaw. The Theory of Reasoned Action: A Meta-Analysis of Past Research with Recommendations for Modifications and Future Research. Journal of Consumer Research, 15(3):325–343, 1988.

  • [53] Rachee Singh, Rishab Nithyanand, Sadia Afroz, Paul Pearce, Michael Carl Tschantz, Phillipa Gill, and Vern Paxson. Characterizing the nature and dynamics of tor exit blocking. In 26th USENIX Security Symposium (USENIX Security). USENIX Association, Vancouver, BC, pages 325–341, 2017.

  • [54] Matthias Söllner, Izak Benbasat, David Gefen, Jan Marco Leimeister, and Paul A. Pavlou. Trust : An MIS Quarterly Research Curation Focus of the Research Curation. Management Information Systems Quarterly, (October):1–9, 2016.

  • [55] Sarah Spiekermann. The Desire for Privacy: Insights into the Views and Nature of the Early Adopters of Privacy Services. International Journal of Technology and Human Interaction, 1(1):74–83, 2005.

  • [56] The Tor Project. https://www.torproject.org, 2018.

  • [57] Twitter Discussion. Twitter Tweet by Edward Snowden on Tails and Tor. https://twitter.com/Snowden/status/1165297667490103302, 2019.

  • [58] G.W. van Blarkom, John J. Borking, and J.G.E. Olk. “PET”. Handbook of Privacy and Privacy-Enhancing Technologies. 2003.

  • [59] V. Venkatesh and F. D. Davis. A theoretical extension of the technology acceptance model: Four longitudinal Studies. Management Science, 46(2):186–205, 2000.

  • [60] Viswanath Venkatesh, James Thong, and Xin Xu. Consumer Acceptance and User of Information Technology: Extending the Unified Theory of Acceptance and Use of Technology. MIS Quarterly, 36(1):157–178, 2012.

OPEN ACCESS

Journal + Issues

Search