Content uploaded by Sebastian Pape
Author content
All content in this area was uploaded by Sebastian Pape on Oct 14, 2020
Content may be subject to copyright.
Documentation for the Dataset on JonDonym Users
by: David Harborth* and Sebastian Pape
Chair of Mobile Business & Multilateral Security
Goethe University Frankfurt am Main
*david.harborth@m-chair.de
1 Introduction and Important Information
This dataset was collected for research conducted within the project AN.ON-Next funded
by the German Federal Ministry of Education and Research (BMBF) with grant number:
16KIS0371.
The following papers are based fully or partially on this dataset:
1. Harborth, D., and Pape, S. (2020). Explaining Technology Use Behaviors of Privacy-
Enhancing Technologies: The Case of Tor and JonDonym. In Proceedings on Pri-
vacy Enhancing Technologies (PETS)
2. Harborth, D., Cai, X., and Pape, S. (2019). Why Do People Pay for Privacy-
Enhancing Technologies? The Case of Tor and JonDonym. In G. Dhillon, F.
Karlsson, K. Hedström, and A. Zuquete (Eds.), ICT Systems Security and Pri-
vacy Protection. SEC 2019. IFIP Advances in Information and Communication
Technology, vol 562 (pp. 253–267). Springer, Cham. https://doi.org/10.1007/978-
3-030-22312-0_18
3. Harborth, D., and Pape, S. (2018). JonDonym Users’ Information Privacy Con-
cerns. In L. Janczewski and M. Kutyłowski (Eds.), ICT Systems Security and
Privacy Protection. SEC 2018. IFIP Advances in Information and Communication
Technology, vol 529 (pp. 170–184). Springer, Cham. https://doi.org/10.1007/978-
3-319-99828-2_13
4. Harborth, D. and Pape, S. (2018). ”Examining Technology Use Factors of Privacy-
Enhancing Technologies: The Role of Perceived Anonymity and Trust”, In 24th
Americas Conference on Information Systems (AMCIS)
The dataset includes – among others – constructs from dierent established models
of the literature like the technology acceptance model (TAM) by Davis (1985) and the
Internet Users Information Privacy Concerns (IUIPC) model by Malhotra et al. (2004).
Furthermore, there are extensive questions on privacy literacy covered by the online pri-
vacy literacy scale (OPLIS) by Masur et al. (2017). See Table 1 for the complete list of
questions in the dataset.
Further relevant information:
1. For OPLIS, it is important to note that ve questions of the original survey were
excluded since they deal with European and German data protection law. These
questions are dicult to answer and may not provide any insight about the pri-
vacy literacy of JonDonym users who are not necessarily only coming from Europe
and Germany (e.g. from the US). Thus, our dataset only contains 15 instead of
1
20 OPLIS questions. The questions with the abbreviation OP1–OP5 cover partici-
pants’ knowledge about institutional practices. Questions OP6–OP10 cover knowl-
edge about technical aspects of data protection and questions OP11–OP15 cover
knowledge about data protection strategies.
2. Values for experience in the dataset are equal to 21, if participants stated to have
an experience of more than 20 years (for EXP and JDEXP).
3. Demographics were not mandatory to ll out due to anonymity reasons and the
highly privacy-sensitive target population. Thus, the fragmented pieces of data
regarding demographic factors are not included.
4. For the items OP6–10, the answer option “I don’t know” was included. This is
indicated by cell entries equal to “A5”. We recommend to count these entries as
wrong answers for further calculations with OPLIS.
5. Participants could choose one purpose for using JonDonym (PUR).
Please contact David Harborth in case there are any questions regarding the dataset
or the documentation.
2 Survey Distribution Channels
We conducted the study with German and English speaking JonDonym users since the
service was originally developed in Germany by JonDos Gmbh (2018). The translation
process of the constructs into German and further details on the two versions are described
in several previous research articles by the authors (see for example Harborth and Pape
(2018a,b, 2019); Harborth et al. (2019); Harborth and Pape (2020b,a)). The links to the
English and German version were distributed with the beta version of the JonDonym
browser and published on the ocial JonDonym homepage.
2
3 Questionnaire Composition
Table 1: Constructs in the Dataset (measured on a seven-point Likert scale ranging from “strongly disagree” to “strongly agree”, if not
otherwise indicated)
Trust in T rustJ D 1JonDonym is trustworthy. Pavlou (2003)
JonDonym T rustJ D 2JonDonym keeps promises and commitments.
T rustJ D 3I trust JonDonym because they keep my best interests in mind.
Perceived PA1 JonDonym is able to protect my anonymity in during my online activities. Benenson et al. (2015)
Anonymity PA2 With JonDonym I obtain a sense of anonymity in my online activities.
PA3 JonDonym can prevent threats to my anonymity when being online.
Perceived PU1 Using JonDonym improves the performance of my privacy protection. Benenson et al.
(2015); Venkatesh
and Davis (2000)
Usefulness PU2 Using JonDonym increases my level of privacy.
of Protecting PU3 Using JonDonym enhances the eectiveness of my privacy.
Users’ Privacy PU4 I nd JonDonym to be useful in protecting my privacy.
Perceived Ease PEOU1 My interaction with JonDonym is clear and understandable.
Venkatesh and Davis
(2000)
of Use PEOU2 Interacting with JonDonym does not require a lot of my mental eort.
PEOU3 I nd JonDonym to be easy to use.
PEOU4 I nd it easy to get JonDonym to do what I want it to do.
Behavioral BI1 I intend to continue using JonDonym in the future. Venkatesh and Davis
(2000)
Intention BI2 I will always try to use JonDonym in my daily life.
BI3 I plan to continue to use JonDonym frequently.
Actual Use Fre-
quency
USE Please choose your use frequency of JonDonym. (10 point frequency scale
from “never” to “all the time”.
Rosen et al. (2013)
Risk Propensity RP1 I would rather be safe than sorry. Donthu and Gilliland
(1996)
3
Construct Abbreviation Item Adapted from
RP2 I am cautious in trying new/dierent products.
RP3 I avoid risky things.
Privacy Victim VIC How frequently have you personally been the victim of what you felt was
an improper invasion of privacy? (7 point likert scale ranging from “never”
to “very frequently”)
Malhotra et al. (2004)
Trusting Beliefs TB1 Online companies would be trustworthy in handling (the information). Malhotra et al. (2004)
TB2 Online companies would tell the truth and full promises related to (the
information) provided by me.
TB3 I trust that online companies would keep my best interests in mind when
dealing with (the information).
TB4 Online companies are in general predictable and consistent regarding the
usage of (the information).
TB5 Online companies are always honest with customers when it comes to using
(the information) that I would provide.
Risk Beliefs RB1 In general, it would be risky to give (the information) to online companies. Malhotra et al. (2004)
RB2 There would be high potential for loss associated with giving (the informa-
tion) to online rms.
RB3 There would be too much uncertainty associated with giving (the informa-
tion) to online rms.
RB4 Providing online rms with (the information) would involve many unex-
pected problems.
RB5 I would feel safe giving (the information) to online companies. (R)
Information Pri-
vacy Collection
COLL1 It usually bothers me when online companies ask me for personal informa-
tion.
Malhotra et al. (2004)
4
Construct Abbreviation Item Adapted from
COLL2 When online companies ask me for personal information, I sometimes think
twice before providing it.
COLL3 It bothers me to give personal information to so many online companies.
COLL4 I’m concerned that online companies are collecting too much personal in-
formation about me.
Information Pri-
vacy Awareness
AWA1 Companies seeking information online should disclose the way the data are
collected, processed, and used.
Malhotra et al. (2004)
AWA2 A good consumer online privacy policy should have a clear and conspicuous
disclosure.
AWA3 It is very important to me that I am aware and knowledgeable about how
my personal information will be used.
Information Pri-
vacy Control
CONTROL1 Consumer online privacy is really a matter of consumers’ right to exercise
control and autonomy over decisions about how their information is col-
lected, used, and shared.
Malhotra et al. (2004)
CONTROL2 Consumer control of personal information lies at the heart of consumer
privacy.
CONTROL3 I believe that online privacy is invaded when control is lost or unwillingly
reduced as a result of a marketing transaction.
Facilitating FC1 I have the resources necessary to use JonDonym.
Venkatesh et al.
(2012)
Conditions FC2 I have the knowledge necessary to use JonDonym.
FC3 JonDonym is compatible with other technologies and applications I use.
FC4 I can get help from others when I have diculties using JonDonym.
Trade-o Eort
and Use
EFFORTUSE1 JonDonym oers a good value for my invested eort (time-wise and mone-
tary).
self-made
5
Construct Abbreviation Item Adapted from
EFFORTUSE2 JonDonym oers a good value for my invested time eort.
EFFORTUSE3 JonDonym oers a good value at the current price.
Result RESULTDEMON1 I have no diculty telling others about the results of using JonDonym.
Venkatesh and Davis
(2000)
Demonstrability RESULTDEMON2 I believe I could communicate to others the consequences of using Jon-
Donym.
RESULTDEMON3 The results of using JonDonym are apparent to me.
RESULTDEMON4 I would have diculty explaining why using JonDonym may or may not be
benecial.
Consumer Inde-
pendent
CIJM1 Prior to purchasing a new brand, I prefer to consult a friend that has expe-
rience with the new brand. (R)
Manning et al. (1995)
Judgement Mak-
ing
CIJM2 When it comes to deciding whether to purchase a new service, I do not rely
on experienced friends or family members for advice.
CIJM3 I seldom ask a friend about his or her experiences with a new product before
I buy the new product.
CIJM4 I decide to buy new products and services without relying on the opinions
of friends who have already tried them.
CIJM5 When I am interested in purchasing a new service, I do not rely on my
friends or close acquaintances that have already used the new service to
give me information as to whether I should try it.
CIJM6 I do not rely on experienced friends for information about new products
prior to making up my mind about whether or not to purchase.
Consumer CNS1 I often seek out information about new products and brands. Manning et al. (1995)
Novelty Seeking CNS2 I like to go to places where I will be exposed to information about new
products and brands.
6
Construct Abbreviation Item Adapted from
CNS3 I like magazines that introduce new brands.
CNS4 I frequently look for new products and services.
CNS5 I seek out situations in which I will be exposed to new and dierent sources
of product information.
CNS6 I am continually seeking new product experiences.
CNS7 When I go shopping, I nd myself spending very little time checking out
new products and brands.
CNS8 I take advantage of the rst available opportunity to nd out about new
and dierent products.
Online Privacy
Literacy Scale
OP1 The National Security Agency (NSA) accesses only public user data, which
are visible for anyone. (True/false/don’t know)
Masur et al. (2017)
OP2 Social network site operators (e.g. Facebook) also collect and process infor-
mation about non-users of the social network site. (True/false/don’t know)
OP3 User data that are collected by social network site operaJonDonyms (e.g.
Facebook) are deleted after ve years. (True/false/don’t know)
OP4 Companies combine users’ data traces collected from dierent websites to
create user proles. (True/false/don’t know)
OP5 E-mails are commonly passed over several computers before they reach the
actual receiver. (True/false/don’t know)
OP6 1. What does the term “browsing history” stand for? In the browsing
history... A. ...the URLs of visited websites are stored. B. ...cookies from
visited websites are stored. C. ...potentially infected websites are stored
separately. D. ...dierent information about the user are stored, depending
on the browser type.
7
Construct Abbreviation Item Adapted from
OP7 2. What is a “cookie”? A. A text le that enables websites to recognize a
user when revisiting. B. A program to disable data collection from online
operators. C. A computer virus that can be transferred after connecting to
a website. D. A browser plugin that ensures safe online surng.
OP8 3. What does the term “cache” mean? A. A buer memory that accelerates
surng on the Internet. B. A program that specically collects information
about an Internet user and passes them on to third parties. C. A program,
that copies data on an external hard drive to protect against data theft. D.
A browser plugin that encrypts data transfer when surng online.
OP9 4. What is a “trojan”? A trojan is a computer program, that... A. ...is
disguised as a useful application, but fullls another function in the back-
ground. B. ...protects a computer from viruses and other malware. C. ...
was developed for fun an d has no specic function. D. ... caused damage
as computer virus in the 90ies but doesn’t exist anymore.
OP10 5. What is a “rewall”? A. A fallback system that will protect the computer
from unwanted web attacks. B. An outdated protection program against
computer viruses. C. A browser plugin that ensures safe online surng.
D. A new technical development that prevents data loss in case of a short
circuit.
OP11 Tracking of one’s own internet is made more dicult if one deletes
browser information (e.g. cookies, cache, browser history) regularly.
(True/false/don’t know)
8
Construct Abbreviation Item Adapted from
OP12 Surng in the private browsing mode can prevent the reconstruction
of your surng behavior, because no browser information is stored.
(True/false/don’t know)
OP13 Using false names or pseudonyms can make it dicult to identify someone
on the Internet. (True/false/don’t know)
OP14 Even though It-experts can crack dicult passwords, it is more sensible to
use a combination of letters, numbers and signs as passwords than words,
names or simple combinations of numbers. (True/false/don’t know)
OP15 In order to prevent the access to personal data, one should use various
passwords and user names for dierent online applications and change them
frequently. (True/false/don’t know)
Internet Experi-
ence
EXP How many years of experience do you have with computers? (Answer op-
tions range from 0 years to “more than 20 years”.)
self-made
Experience with
JonDonym
JDEXP How many years are you using JonDonym? (Answer options range from 0
years to “more than 20 years”.)
self-made
Current Jon-
Donym tari
TARIFF Please choose your current tari of JonDonym. (Free of charge option;
Flat-M (monthly 2GB / 6 months / 50€); Flat-L (monthly 5GB / 6 months
/ 100€); Volume-S (650 MB / 6 months 5€); Volume-M (1500 MB / 12
months 10€); Volume-L (5000 MB / 24 months 30€))
self-made (answer op-
tion based on actual
tari options)
Tari prefer-
ences
PREF1 I would use JonDonym regularly with a data volume ten times higher than
before (at the same price).
self-made
PREF2 If the price decreased by half, I would use JonDonym regularly.
PREF3 I would perceive a service with a lower anonymization level for half the price
more attractive than JonDonym.
9
Construct Abbreviation Item Adapted from
Perceived fair-
ness of new
Please indicate the extent to which you, as an individual, agree or disagree
that the provided taris are fair.
self-made
taris TARIFFNEW1 Monthly 100 GB with a duration of 12 months for 100€ (total price).
TARIFFNEW2 Monthly 100 GB with a duration of 3 months for 30€ (total price).
TARIFFNEW3 Monthly 100 GB with a duration of 12 months for 10€ per month.
TARIFFNEW4 Monthly 40 GB with a duration of 3 months for 5€ per month.
TARIFFNEW5 Monthly 200 GB with a duration of 12 months for 15€ per month.
Recommendation
of JonDonym
REC Would you recommend JonDonym? (y/n) self-made
Purpose of Jon-
Donym Use
PUR For what purposes are you using JonDonym? (1: Surng the internet;
PUR2: E-Mail Service; 3: Audio and Videostreaming; 4: Filesharing; 5:
Instant Messaging; 6: Cloud Services)
self-made
Knowledge
about Tor
TOR Do you know the anonymization service Tor? (y/n) self-made
10
References
Benenson, Z., Girard, A., and Krontiris, I. (2015). User Acceptance Factors for Anony-
mous Credentials: An Empirical Investigation. 14th Annual Workshop on the Eco-
nomics of Information Security (WEIS), pages 1–33.
Davis, F. (1985). A Technology Acceptance Model for Empirically Testing New End-User
Information Systems: Theory and Results. Massachusetts Institute of Technology.
Donthu, N. and Gilliland, D. (1996). Observations: The infomercial shopper. Journal of
Advertising Research, 36(April):69–76.
Harborth, D., Cai, X., and Pape, S. (2019). Why Do People Pay for Privacy-Enhancing
Technologies? The Case of Tor and JonDonym. In Dhillon, G., Karlsson, F., Hed-
ström, K., and Zúquete, A., editors, ICT Systems Security and Privacy Protection.
SEC 2019. IFIP Advances in Information and Communication Technology, vol 562,
pages 253–267. Springer, Cham.
Harborth, D. and Pape, S. (2018a). Examining Technology Use Factors of Privacy-
Enhancing Technologies: The Role of Perceived Anonymity and Trust. In Twenty-
fourth Americas Conference on Information Systems (AMCIS2018), pages 1–10, New
Orleans, USA.
Harborth, D. and Pape, S. (2018b). JonDonym Users’ Information Privacy Concerns.
In Janczewski, L. and Kutyłowski, M., editors, ICT Systems Security and Privacy
Protection - 33rd IFIP TC 11 International Conference, SEC 2018, pages 170–184,
Poznan, Poland. Springer, Cham.
Harborth, D. and Pape, S. (2019). How Privacy Concerns and Trust and Risk Beliefs
Inuence Users’ Intentions to Use Privacy-Enhancing Technologies - The Case of
Tor. In Hawaii International Conference on System Sciences (HICSS) Proceedings,
Hawaii, US.
Harborth, D. and Pape, S. (2020a). Explaining Technology Use Behaviors of Privacy-
Enhancing Technologies: The Case of Tor and JonDonym. In Proceedings on Privacy
Enhancing Technologies (PETS) (accepted), pages 1–18.
Harborth, D. and Pape, S. (2020b). HOW PRIVACY CONCERNS, TRUST AND RISK
BELIEFS AND PRIVACY LITERACY INFLUENCE USERS’ INTENTIONS TO
USE PRIVACY-ENHANCING TECHNOLOGIES - THE CASE OF TOR. ACM
SIGMIS The DATA BASE for Advances in Information Systems, (forthcoming).
JonDos Gmbh (2018). Ocial Homepage of JonDonym. https://www.anonym-surfen.
de.
11
Malhotra, N. K., Kim, S. S., and Agarwal, J. (2004). Internet users’ information privacy
concerns (IUIPC): The construct, the scale, and a causal model. Information Systems
Research, 15(4):336–355.
Manning, K. C., Bearden, W. O., and Madden, T. J. (1995). Consumer Innovativeness
and the Adoption Process. Journal of Consumer Psychology, 4(4):329–345.
Masur, P. K., Teutsch, D., and Trepte, S. (2017). Entwicklung und Validierung der
Online-Privatheitskompetenzskala (OPLIS) [Development and validation of the On-
line Privacy Literacy Scale (OPLIS)]. Diagnostica, 63(4):256–268.
Pavlou, P. A. (2003). Consumer Acceptance of Electronic Commerce: Integrating Trust
and Risk with the Technology Acceptance Model. International Journal of Electronic
Commerce, 7(3):101–134.
Rosen, L., Whaling, K., Carrier, L., Cheever, N., and Rokkum, J. (2013). The Media and
Technology Usage and Attitudes Scale: An empirical investigation. Comput Human
Behav., 29(6):2501–2511.
Venkatesh, V. and Davis, F. D. (2000). A theoretical extension of the technology accep-
tance model: Four longitudinal Studies. Management Science, 46(2):186–205.
Venkatesh, V., Thong, J., and Xu, X. (2012). Consumer Acceptance and User of Informa-
tion Technology: Extending the Unied Theory of Acceptance and Use of Technology.
MIS Quarterly, 36(1):157–178.
12