Explaining the Technology Use Behavior of Privacy-Enhancing Technologies: The Case of Tor and JonDonym

Abstract Today’s environment of data-driven business models relies heavily on collecting as much personal data as possible. Besides being protected by governmental regulation, internet users can also try to protect their privacy on an individual basis. One of the most famous ways to accomplish this, is to use privacy-enhancing technologies (PETs). However, the number of users is particularly important for the anonymity set of the service. The more users use the service, the more difficult it will be to trace an individual user. There is a lot of research determining the technical properties of PETs like Tor or JonDonym, but the use behavior of the users is rarely considered, although it is a decisive factor for the acceptance of a PET. Therefore, it is an important driver for increasing the user base. We undertake a first step towards understanding the use behavior of PETs employing a mixed-method approach. We conducted an online survey with 265 users of the anonymity services Tor and JonDonym (124 users of Tor and 141 users of JonDonym). We use the technology acceptance model as a theoretical starting point and extend it with the constructs perceived anonymity and trust in the service in order to take account for the specific nature of PETs. Our model explains almost half of the variance of the behavioral intention to use the two PETs. The results indicate that both newly added variables are highly relevant factors in the path model. We augment these insights with a qualitative analysis of answers to open questions about the users’ concerns, the circumstances under which they would pay money and choose a paid premium tariff (only for JonDonym), features they would like to have and why they would or would not recommend Tor/JonDonym. Thereby, we provide additional insights about the users’ attitudes and perceptions of the services and propose new use factors not covered by our model for future research.

[1]  Fred D. Davis,et al.  User Acceptance of Computer Technology: A Comparison of Two Theoretical Models , 1989 .

[2]  Alina M. Chircu,et al.  Trust, Expertise, and E-Commerce Intermediary Adoption , 2000 .

[3]  Jacob Cohen,et al.  Weighted kappa: Nominal scale agreement provision for scaled disagreement or partial credit. , 1968 .

[4]  Sebastian Pape,et al.  JonDonym Users' Information Privacy Concerns , 2018, SEC.

[5]  Micah Sherr,et al.  Understanding Tor Usage with Privacy-Preserving Measurement , 2018, Internet Measurement Conference.

[6]  I. Ajzen The theory of planned behavior , 1991 .

[7]  A. Pfitzmann,et al.  A terminology for talking about privacy by data minimization: Anonymity, Unlinkability, Undetectability, Unobservability, Pseudonymity, and Identity Management , 2010 .

[8]  Vern Paxson,et al.  Characterizing the Nature and Dynamics of Tor Exit Blocking , 2018, USENIX Security Symposium.

[9]  Blair H. Sheppard,et al.  The Theory of Reasoned Action: A Meta-Analysis of Past Research with Recommendations for Modifications and Future Research , 1988 .

[10]  Claudia Díaz,et al.  Inside Job: Applying Traffic Analysis to Measure Tor from Within , 2018, NDSS.

[11]  Scott B. MacKenzie,et al.  Common method biases in behavioral research: a critical review of the literature and recommended remedies. , 2003, The Journal of applied psychology.

[12]  Ian Goldberg,et al.  Performance and Security Improvements for Tor , 2016, IACR Cryptol. ePrint Arch..

[13]  Naresh K. Malhotra,et al.  Common Method Variance in IS Research: A Comparison of Alternative Approaches and a Reanalysis of Past Research , 2006, Manag. Sci..

[14]  Marko Sarstedt,et al.  Partial least squares structural equation modeling (PLS-SEM): An emerging tool in business research , 2014 .

[15]  I. Ajzen,et al.  Belief, Attitude, Intention, and Behavior: An Introduction to Theory and Research , 1977 .

[16]  Kai Rannenberg,et al.  Integrating Privacy-Enhancing Technologies into the Internet Infrastructure , 2017, ArXiv.

[17]  Steffen Kunz,et al.  Are you willing to wait longer for internet privacy? , 2011, ECIS.

[18]  Roger Dingledine,et al.  On the Economics of Anonymity , 2003, Financial Cryptography.

[19]  Gabi Dreo Rodosek,et al.  How Anonymous Is the Tor Network? A Long-Term Black-Box Investigation , 2016, Computer.

[20]  Naresh K. Malhotra,et al.  Internet Users' Information Privacy Concerns (IUIPC): The Construct, the Scale, and a Causal Model , 2004, Inf. Syst. Res..

[21]  M. Kendall Statistical Methods for Research Workers , 1937, Nature.

[22]  Fred D. Davis A technology acceptance model for empirically testing new end-user information systems : theory and results , 1985 .

[23]  A. Strauss,et al.  The Discovery of Grounded Theory , 1967 .

[24]  Sebastian Pape,et al.  How Privacy Concerns and Trust and Risk Beliefs Influence Users' Intentions to Use Privacy-Enhancing Technologies - The Case of Tor , 2019, HICSS.

[25]  Kai Rannenberg,et al.  User Acceptance of Privacy-ABCs: An Exploratory Study , 2014, HCI.

[26]  K. Charmaz,et al.  Constructing Grounded Theory , 2014 .

[27]  Hannes Federrath,et al.  Anonymity Online for Everyone: What Is Missing for Zero-Effort Privacy on the Internet? , 2015, iNetSeC.

[28]  Marko Sarstedt,et al.  PLS-SEM: Indeed a Silver Bullet , 2011 .

[29]  Rachel Greenstadt,et al.  Privacy, Anonymity, and Perceived Risk in Open Collaboration: A Study of Tor Users and Wikipedians , 2017, CSCW.

[30]  Sarah Spiekermann The Desire for Privacy: Insights into the Views and Nature of the Early Adopters of Privacy Services , 2005, Int. J. Technol. Hum. Interact..

[31]  Fred D. Davis Perceived Usefulness, Perceived Ease of Use, and User Acceptance of Information Technology , 1989, MIS Q..

[32]  Venkateshviswanath,et al.  A Theoretical Extension of the Technology Acceptance Model , 2000 .

[33]  Fred D. Davis,et al.  A Theoretical Extension of the Technology Acceptance Model: Four Longitudinal Field Studies , 2000, Management Science.

[34]  Junaid Qadir,et al.  Shedding Light on the Dark Corners of the Internet: A Survey of Tor Research , 2018, J. Netw. Comput. Appl..

[35]  Sebastian Pape,et al.  Examining Technology Use Factors of Privacy-Enhancing Technologies: The Role of Perceived Anonymity and Trust , 2018, AMCIS.

[36]  Viswanath Venkatesh,et al.  Consumer Acceptance and Use of Information Technology: Extending the Unified Theory of Acceptance and Use of Technology , 2012, MIS Q..

[37]  Wynne W. Chin The partial least squares approach for structural equation modeling. , 1998 .

[38]  M. Angela Sasse,et al.  Obstacles to the Adoption of Secure Communication Tools , 2017, 2017 IEEE Symposium on Security and Privacy (SP).

[39]  Ioannis Krontiris,et al.  User Acceptance Factors for Anonymous Credentials: An Empirical Investigation , 2015, WEIS.

[40]  Lorrie Faith Cranor,et al.  Security and Usability: Designing Secure Systems that People Can Use , 2005 .

[41]  Paul A. Pavlou,et al.  Consumer Acceptance of Electronic Commerce: Integrating Trust and Risk with the Technology Acceptance Model , 2003, Int. J. Electron. Commer..

[42]  Charles D. Raab,et al.  Laws, PETs and Other Technologies for Privacy Protection , 2001, J. Inf. Law Technol..

[43]  Steven J. Murdoch,et al.  Do You See What I See? Differential Treatment of Anonymous Users , 2016, NDSS.

[44]  Antonio Pescapè,et al.  Anonymity Services Tor, I2P, JonDonym: Classifying in the Dark , 2017, 2017 29th International Teletraffic Congress (ITC 29).

[45]  Steffen Kunz,et al.  Privately Waiting - A Usability Analysis of the Tor Anonymity Network , 2010, AMCIS.

[46]  Micah Sherr,et al.  Users get routed: traffic correlation on tor by realistic adversaries , 2013, CCS.

[47]  Larry D. Rosen,et al.  The Media and Technology Usage and Attitudes Scale: An empirical investigation , 2013, Comput. Hum. Behav..

[48]  Kai Rannenberg,et al.  Privacy-ABCs as a Case for Studying the Adoption of PETs by Users and Service Providers , 2015, APF.

[49]  Ganesh Iyer,et al.  A Usability Evaluation of Tor Launcher , 2017, Proc. Priv. Enhancing Technol..