1. bookVolume 2020 (2020): Issue 1 (January 2020)
Journal Details
License
Format
Journal
eISSN
2299-0984
First Published
16 Apr 2015
Publication timeframe
4 times per year
Languages
English
access type Open Access

Emotional and Practical Considerations Towards the Adoption and Abandonment of VPNs as a Privacy-Enhancing Technology

Published Online: 07 Jan 2020
Page range: 83 - 102
Received: 31 May 2019
Accepted: 16 Sep 2019
Journal Details
License
Format
Journal
eISSN
2299-0984
First Published
16 Apr 2015
Publication timeframe
4 times per year
Languages
English
Abstract

Virtual Private Networks (VPNs) can help people protect their privacy. Despite this, VPNs are not widely used among the public. In this survey study about the adoption and usage of VPNs, we investigate people’s motivation to use VPNs and the barriers they encounter in adopting them. Using data from 90 technologically savvy participants, we find that while nearly all (98%; 88) of the participants have knowledge about what VPNs are, less than half (42%; 37) have ever used VPNs primarily as a privacy-enhancing technology. Of these, 18% (7) abandoned using VPNs while 81% (30) continue to use them to protect their privacy online. In a qualitative analysis of survey responses, we find that people who adopt and continue to use VPNs for privacy purposes are primarily motivated by emotional considerations, including the strong desire to protect their privacy online, wide fear of surveillance and data tracking not only from Internet service providers (ISPs) but also governments and Internet corporations such as Facebook and Google. In contrast, people who are mainly motivated by practical considerations are more likely to abandon VPNs, especially once their practical need no longer exists. These people cite their access to alternative technologies and the effort required to use a VPN as reasons for abandonment. We discuss implications of these findings and provide suggestions on how to maximize adoption of privacy-enhancing technologies such as VPNs, focusing on how to align them with people’s interests and privacy risk evaluation.

Keywords

[1] J. Penney, “Internet surveillance, regulation, and chilling effects online: a comparative case study,” 2017.10.14763/2017.2.692Search in Google Scholar

[2] F. Schaub, “The implications of the fcc’s net neutrality repeal,” Media and Communication, vol. 6, no. 3, pp. 69–72, 2018.10.17645/mac.v6i3.1560Search in Google Scholar

[3] J. Gillula, “Five creepy things your isp could do if congress repeals the fcc’s privacy protections,” Mar 2017. [Online]. Available: https://www.eff.org/deeplinks/2017/03/five-creepy-things-your-isp-could-do-if-congress-repeals-fccs-privacy-protectionsSearch in Google Scholar

[4] A. Kalia, “Here’s how to protect your privacy from your internet service provider,” 3rd Apr 2017. [Online]. Available: https://www.eff.org/deeplinks/2017/04/heres-how-protect-your-privacy-your-internet-service-providerSearch in Google Scholar

[5] P. Ferguson and G. Huston, “What is a vpn?” Tech. Rep., 1st June 1998. [Online]. Available: https://www.cisco.com/c/en/us/about/press/internet-protocol-journal/back-issues/table-contents-18/what-is-a-vpn.htmlSearch in Google Scholar

[6] M. T. Khan, J. DeBlasio, G. M. Voelker, A. C. Snoeren, C. Kanich, and N. Vallina-Rodriguez, “An empirical analysis of the commercial vpn ecosystem,” in Proceedings of the Internet Measurement Conference 2018. ACM, 2018, pp. 443–456.10.1145/3278532.3278570Search in Google Scholar

[7] A. Acquisti, L. Brandimarte, and G. Loewenstein, “Privacy and human behavior in the age of information,” Science, vol. 347, no. 6221, pp. 509–514, 2015.Search in Google Scholar

[8] O. Valentine, “Vpn usage and trends around the world in 2018 - globalwebindex,” 2nd Jul 2018. [Online]. Available: https://blog.globalwebindex.com/chart-of-theday/vpn-usage-2018/Search in Google Scholar

[9] R. Marvin, “Breaking down vpn usage around the world,” 21st Sep 2018. [Online]. Available: https://www.pcmag.com/news/363869/breaking-down-vpn-usage-around-the-worldSearch in Google Scholar

[10] A. Smith and A. Smith, “What americans knows about cybersecurity,” Tech. Rep., 22nd Mar 2017. [Online]. Available: http://www.pewinternet.org/2017/03/22/what-the-public-knows-about-cybersecurity/Search in Google Scholar

[11] M. E. Johnson and N. Willey, “Usability failures and healthcare data hemorrhages,” IEEE Security & Privacy, vol. 9, no. 2, pp. 35–42, 2011.10.1109/MSP.2010.196Search in Google Scholar

[12] J. J. Borking, “Why adopting privacy enhancing technologies (pets) takes so much time,” in Computers, privacy and data protection: an element of choice. Springer, 2011, pp. 309–341.10.1007/978-94-007-0641-5_15Search in Google Scholar

[13] T. Caulfield, C. Ioannidis, and D. Pym, “On the adoption of privacy-enhancing technologies,” in International Conference on Decision and Game Theory for Security. Springer, 2016, pp. 175–194.10.1007/978-3-319-47413-7_11Search in Google Scholar

[14] R. Knight, “National security or consumer privacy a question even siri couldn’t answer,” IPCLJ, vol. 1, pp. 1–11, 2016.Search in Google Scholar

[15] R. W. Reeder, I. Ion, and S. Consolvo, “152 simple steps to stay safe online: Security advice for non-tech-savvy users,” IEEE Security Privacy, vol. 15, no. 5, pp. 55–64, 2017.10.1109/MSP.2017.3681050Search in Google Scholar

[16] M. G. Maceli, “Encouraging patron adoption of privacy-protection technologies:: Challenges for public libraries,” IFLA Journal, vol. 44, no. 3, pp. 195–202, 2018. [Online]. Available: https://doi.org/10.1177/034003521877378610.1177/0340035218773786Search in Google Scholar

[17] M. D. Molina, A. Gambino, and S. S. Sundar, “Online privacy in public places: How do location, terms and conditions and vpn influence disclosure?” in Extended Abstracts of the 2019 CHI Conference on Human Factors in Computing Systems, ser. CHI EA ‘19. New York, NY, USA: ACM, 2019, pp. LBW2616:1–LBW2616:6. [Online]. Available: http://doi.acm.org/10.1145/3290607.331293210.1145/3290607.3312932Search in Google Scholar

[18] R. Venkateswaran, “Virtual private networks,” IEEE Potentials, vol. 20, no. 1, pp. 11–15, Feb 2001.10.1109/45.913204Search in Google Scholar

[19] N. P. Hoang and D. Pishva, “Anonymous communication and its importance in social networking,” in 16th International Conference on Advanced Communication Technology. IEEE, 2014, pp. 34–39.10.1109/ICACT.2014.6778917Search in Google Scholar

[20] S. Englehardt and A. Narayanan, “Online tracking: A 1-million-site measurement and analysis,” in Proceedings of the 2016 ACM SIGSAC conference on computer and communications security. ACM, 2016, pp. 1388–1401.10.1145/2976749.2978313Search in Google Scholar

[21] J. Nielsen, Designing Web Usability: The Practice of Simplicity. Thousand Oaks, CA, USA: New Riders Publishing, 1999.Search in Google Scholar

[22] G. Norcie, K. Caine, and L. J. Camp, “Eliminating stop-points in the installation and use of anonymity systems: a usability evaluation of the tor browser bundle,” in 5th Workshop on Hot Topics in Privacy Enhancing Technologies (HotPETS). Citeseer, 2012.Search in Google Scholar

[23] A. Whitten and J. D. Tygar, “Why johnny can’t encrypt: A usability evaluation of pgp 5.0.” in USENIX Security Symposium, vol. 348, 1999.Search in Google Scholar

[24] R. Abu-Salma, M. A. Sasse, J. Bonneau, A. Danilova, A. Naiakshina, and M. Smith, “Obstacles to the adoption of secure communication tools,” in 2017 IEEE Symposium on Security and Privacy (SP). IEEE, 2017, pp. 137–153.10.1109/SP.2017.65Search in Google Scholar

[25] A. Alshalan, S. Pisharody, and D. Huang, “A survey of mobile vpn technologies,” IEEE Communications Surveys & Tutorials, vol. 18, no. 2, pp. 1177–1196, 2016.Search in Google Scholar

[26] H. Hamed, E. Al-Shaer, and W. Marrero, “Modeling and verification of ipsec and vpn security policies,” in 13th IEEE International Conference on Network Protocols (ICNP’05). IEEE, 2005, pp. 1–10.Search in Google Scholar

[27] W. Quesenbery, “The five dimensions of usability,” in Content and complexity. Routledge, 2014, pp. 93–114.10.4324/9781410607409-11Search in Google Scholar

[28] P. Lew, L. Olsina, and L. Zhang, “Quality, quality in use, actual usability and user experience as key drivers for web application evaluation,” in International Conference on Web Engineering. Springer, 2010, pp. 218–232.10.1007/978-3-642-13911-6_15Search in Google Scholar

[29] F. D. Davis, “A technology acceptance model for empirically testing new end-user information systems: Theory and results,” Ph.D. dissertation, Massachusetts Institute of Technology, 1985.Search in Google Scholar

[30] L. R. Vijayasarathy, “Predicting consumer intentions to use on-line shopping: the case for an augmented technology acceptance model,” Information & management, vol. 41, no. 6, pp. 747–762, 2004.10.1016/j.im.2003.08.011Search in Google Scholar

[31] P. J. Hu, P. Y. Chau, O. R. L. Sheng, and K. Y. Tam, “Examining the technology acceptance model using physician acceptance of telemedicine technology,” Journal of management information systems, vol. 16, no. 2, pp. 91–112, 1999.10.1080/07421222.1999.11518247Search in Google Scholar

[32] C. M. Jones, R. V. McCarthy, L. Halawi, and B. Mujtaba, “Utilizing the technology acceptance model to assess the employee adoption of information systems security measures,” Issues in Information Systems, vol. 11, no. 1, pp. 9–16, 2010.Search in Google Scholar

[33] G. F. Loewenstein, E. U. Weber, C. K. Hsee, and N. Welch, “Risk as feelings.” Psychological bulletin, vol. 127, no. 2, pp. 267–286, 2001.10.1037/0033-2909.127.2.26711316014Search in Google Scholar

[34] R. P. Bagozzi, “The legacy of the technology acceptance model and a proposal for a paradigm shift.” Journal of the association for information systems, vol. 8, no. 4, pp. 243–254, 2007.10.17705/1jais.00122Search in Google Scholar

[35] P. J. Schoemaker, “The expected utility model: Its variants, purposes, evidence and limitations,” Journal of economic literature, pp. 529–563, 1982.Search in Google Scholar

[36] R. S. Laufer and M. Wolfe, “Privacy as a concept and a social issue: A multidimensional developmental theory,” Journal of social Issues, vol. 33, no. 3, pp. 22–42, 1977.10.1111/j.1540-4560.1977.tb01880.xSearch in Google Scholar

[37] R. L. Thompson, C. A. Higgins, and J. M. Howell, “Personal computing: toward a conceptual model of utilization,” MIS quarterly, pp. 125–143, 1991.10.2307/249443Search in Google Scholar

[38] H. C. Triandis, “Values, attitudes, and interpersonal behavior.” in Nebraska symposium on motivation. University of Nebraska Press, 1979.Search in Google Scholar

[39] J. Colnago, S. Devlin, M. Oates, C. Swoopes, L. Bauer, L. Cranor, and N. Christin, ““it’s not actually that horrible”: Exploring adoption of two-factor authentication at a university,” in Proceedings of the 2018 CHI Conference on Human Factors in Computing Systems, ser. CHI ‘18. New York, NY, USA: ACM, 2018, pp. 456:1–456:11. [Online]. Available: http://doi.acm.org/10.1145/3173574.317403010.1145/3173574.3174030Search in Google Scholar

[40] M. Tavakol and R. Dennick, “Making sense of cronbach’s alpha,” International journal of medical education, vol. 2, pp. 53–55, 2011.10.5116/ijme.4dfb.8dfd420551128029643Search in Google Scholar

[41] H. Cho, B. Knijnenburg, A. Kobsa, and Y. Li, “Collective privacy management in social media: A cross-cultural validation,” ACM Transactions on Computer-Human Interaction (TOCHI), vol. 25, no. 3, pp. 17–35, 2018.10.1145/3193120Search in Google Scholar

[42] M. Namara, D. Wilkinson, B. M. Lowens, B. P. Knijnenburg, R. Orji, and R. L. Sekou, “Cross-cultural perspectives on ehealth privacy in africa,” in Proceedings of the Second African Conference for Human Computer Interaction: Thriving Communities, ser. AfriCHI ‘18. New York, NY, USA: ACM, 2018, pp. 7:1–7:11. [Online]. Available: http://doi.acm.org/10.1145/3283458.328347210.1145/3283458.3283472Search in Google Scholar

[43] J. S. Dumas, J. S. Dumas, and J. Redish, A practical guide to usability testing. Intellect books, 1999.Search in Google Scholar

[44] K. Baxter, C. Courage, and K. Caine, Understanding your users: a practical guide to user research methods. Morgan Kaufmann, 2015.Search in Google Scholar

[45] E. M. Redmiles, Y. Acar, S. Fahl, and M. L. Mazurek, “A summary of survey methodology best practices for security and privacy researchers,” Tech. Rep., 2017.Search in Google Scholar

[46] “Qualtrics: The leading research & experience software.” [Online]. Available: https://www.qualtrics.com/Search in Google Scholar

[47] S. E. McGregor, E. A. Watkins, M. N. Al-Ameen, K. Caine, and F. Roesner, “When the weakest link is strong: Secure collaboration in the case of the panama papers,” in 26th {USENIX} Security Symposiumy (2017), 2017, pp. 505–522.Search in Google Scholar

[48] M. B. Miles, A. M. Huberman, and J. Saldana, Qualitative data analysis: A methods sourcebook. Sage, 2014.Search in Google Scholar

[49] M. Vaismoradi, H. Turunen, and T. Bondas, “Content analysis and thematic analysis: Implications for conducting a qualitative descriptive study,” Nursing & health sciences, vol. 15, no. 3, pp. 398–405, 2013.10.1111/nhs.1204823480423Search in Google Scholar

[50] J. Cohen, “A coefficient of agreement for nominal scales,” Educational and psychological measurement, vol. 20, no. 1, pp. 37–46, 1960.10.1177/001316446002000104Search in Google Scholar

[51] M. L. McHugh, “Interrater reliability: the kappa statistic,” Biochemia medica: Biochemia medica, vol. 22, no. 3, pp. 276–282, 2012.10.11613/BM.2012.031Search in Google Scholar

[52] Z. Bauman, D. Bigo, P. Esteves, E. Guild, V. Jabri, D. Lyon, and R. Walker, “After snowden: Rethinking the impact of surveillance,” International Political Sociology, vol. 8, no. 2, pp. 121–144, 2014.10.1111/ips.12048Search in Google Scholar

[53] I. P. Act, “Parliament uk. retrieved 12 january 2017,” 2016.Search in Google Scholar

[54] D. Lee, “‘netflix for piracy’popcorn time saved by fans,” BBC News–Technology, vol. 17, 2014.Search in Google Scholar

[55] N. Manworren, J. Letwat, and O. Daily, “Why you should care about the target data breach,” Business Horizons, vol. 59, no. 3, pp. 257–266, 2016.10.1016/j.bushor.2016.01.002Search in Google Scholar

[56] T. Sharp, “Theorizing cyber coercion: The 2014 north korean operation against sony,” Journal of Strategic Studies, vol. 40, no. 7, pp. 898–926, 2017.10.1080/01402390.2017.1307741Search in Google Scholar

[57] C. Fennell and R. Wash, “Do stories help people adopt two-factor authentication?” Studies, vol. 1, no. 2, p. 3.Search in Google Scholar

[58] A. M. McDonald and L. F. Cranor, “The cost of reading privacy policies,” Isjlp, vol. 4, p. 543, 2008.Search in Google Scholar

[59] R. Tourangeau and T. Yan, “Sensitive questions in surveys.” Psychological bulletin, vol. 133, no. 5, pp. 859–883, 2007.10.1037/0033-2909.133.5.85917723033Search in Google Scholar

Recommended articles from Trend MD

Plan your remote conference with Sciendo