DataPDF Available

Abstract

This dataset was collected for research conducted within the project AN.ON-Next funded by the German Federal Ministry of Education and Research (BMBF) with grant number: 16KIS0371. The dataset is based on an online survey with actual users of the Tor technology. The dataset includes – among others – constructs from different established models of the literature like the technology acceptance model (TAM) by Davis (1985) and the Internet Users Information Privacy Concerns (IUIPC) model by Malhotra et al. (2004). Furthermore, there are extensive questions on privacy literacy covered by the online privacy literacy scale (OPLIS) by Masur et al. (2017).
Documentation for the Dataset on Tor Users
by: David Harborth* and Sebastian Pape
Chair of Mobile Business & Multilateral Security
Goethe University Frankfurt am Main
*david.harborth@m-chair.de
1 Introduction and Important Information
This dataset was collected for research conducted within the project AN.ON-Next funded
by the German Federal Ministry of Education and Research (BMBF) with grant number:
16KIS0371.
The following papers are based fully or partially on this dataset:
1. Harborth, D., and Pape, S. (2020). HOW PRIVACY CONCERNS, TRUST AND
RISK BELIEFS AND PRIVACY LITERACY INFLUENCE USERS’ INTENTIONS
TO USE PRIVACY-ENHANCING TECHNOLOGIES - THE CASE OF TOR.
ACM SIGMIS The DATA BASE for Advances in Information Systems, (forth-
coming).
2. Harborth, D., and Pape, S. (2020). Explaining Technology Use Behaviors of Privacy-
Enhancing Technologies: The Case of Tor and JonDonym. In Proceedings on Pri-
vacy Enhancing Technologies (PETS).
3. Harborth, D., Cai, X., and Pape, S. (2019). Why Do People Pay for Privacy-
Enhancing Technologies? The Case of Tor and JonDonym. In G. Dhillon, F.
Karlsson, K. Hedström, and A. Zuquete (Eds.), ICT Systems Security and Pri-
vacy Protection. SEC 2019. IFIP Advances in Information and Communication
Technology, vol 562 (pp. 253–267). Springer, Cham. https://doi.org/10.1007/978-
3-030-22312-0_18.
4. Harborth, D., and Pape, S. (2019). How Privacy Concerns and Trust and Risk
Beliefs Inuence Users’ Intentions to Use Privacy-Enhancing Technologies - The
Case of Tor. In Hawaii International Conference on System Sciences (HICSS)
Proceedings (pp. 4851–4860). Hawaii, US.
The dataset includes – among others – constructs from dierent established models
of the literature like the technology acceptance model (TAM) by Davis (1985) and the
Internet Users Information Privacy Concerns (IUIPC) model by Malhotra et al. (2004).
Furthermore, there are extensive questions on privacy literacy covered by the online pri-
vacy literacy scale (OPLIS) by Masur et al. (2017). See Table 1 for the complete list of
questions in the dataset.
Further relevant information:
1. For OPLIS, it is important to note that ve questions of the original survey were
excluded since they deal with European and German data protection law. These
questions are dicult to answer and may not provide any insight about the pri-
vacy literacy of JonDonym users who are not necessarily only coming from Europe
and Germany (e.g. from the US). Thus, our dataset only contains 15 instead of
1
20 OPLIS questions. The questions with the abbreviation OP1–OP5 cover partici-
pants’ knowledge about institutional practices. Questions OP6–OP10 cover knowl-
edge about technical aspects of data protection and questions OP11–OP15 cover
knowledge about data protection strategies.
2. Values for experience in the dataset are equal to 21, if participants stated to have
an experience of more than 20 years (for EXP and TOREXP).
3. Demographics were not mandatory to ll out due to anonymity reasons and the
highly privacy-sensitive target population. Thus, the fragmented pieces of data
regarding demographic factors are not included.
Please contact David Harborth in case there are any questions regarding the dataset
or the documentation.
2 Survey Distribution Channels
We conducted the study with German and English speaking Tor users in order to maximize
the sample size. The translation process of the constructs into German and further details
on the two versions are described in several previous research articles by the authors (see
for example Harborth and Pape (2018a,b, 2019); Harborth et al. (2019); Harborth and
Pape (2020b,a)).
The survey was distributed via the following channels:
1. Mailinglists:
(a) tor-talk1
(b) liberationtech2
(c) IFIP TC 113
(d) FOSAD4
(e) GI PET5
(f) GI FBSEC6
2. Twitter with #tor and #privacy
3. Boards:
(a) reddit (sub-reddits: r/TOR, r/onions, r/privacy)
(b) ubuntuusers.de
1https://lists.torproject.org/cgi-bin/
mailman/listinfo/tor-talk/
2https://mailman.stanford.edu/
mailman/listinfo/liberationtech
3https://dlist.server.uni-frankfurt.de/
mailman/listinfo/ifip-tc11
4http://www.sti.uniurb.it/events/fosad/
5http://mail.gi-fb-sicherheit.de/
mailman/listinfo/pet
6http://mail.gi-fb-sicherheit.de/
mailman/listinfo/fbsec
2
4. Tor Hidden Service Boards, Sections posted into:
(a) Darknet Avengers7, O Topic
(b) The Hub8, Beginners
(c) Onion Land9, O Topic
(d) 8chan10, /tech/
(e) IntelExchange11, Unveried Users
(f) Code Green12 , Discussions
(g) Changolia13, overchan.random
(h) Atlayo14 , Posting
5. Personal Announcements at Workshops
7http://avengersdutyk3xf.onion/
8http://thehub7xbw4dc5r2.onion
9http://onionlandbakyt3j.onion
10http://oxwugzccvk3dk6tj.onion
11http://rrcc5uuudhh4oz3c.onion
12http://pyl7a4ccwgpxm6rd.onion
13http://jewsdid.oniichanylo2tsi4.onion
14http://atlayofke5rqhsma.onion/
3
3 Questionnaire Composition
Table 1: Constructs in the Dataset (measured on a seven-point Likert scale ranging from “strongly disagree” to “strongly agree”, if not
otherwise indicated)
Trust in Tor T rustT or 1Tor is trustworthy. Pavlou (2003)
T rustT or 2Tor keeps promises and commitments.
T rustT or 3I trust Tor because they keep my best interests in mind.
Perceived PA1 Tor is able to protect my anonymity in during my online activities. Benenson et al. (2015)
Anonymity PA2 With Tor I obtain a sense of anonymity in my online activities.
PA3 Tor can prevent threats to my anonymity when being online.
Perceived PU1 Using Tor improves the performance of my privacy protection. Benenson et al.
(2015); Venkatesh
and Davis (2000)
Usefulness PU2 Using Tor increases my level of privacy.
of Protecting PU3 Using Tor enhances the eectiveness of my privacy.
Users’ Privacy PU4 I nd Tor to be useful in protecting my privacy.
Perceived Ease PEOU1 My interaction with Tor is clear and understandable.
Venkatesh and Davis
(2000)
of Use PEOU2 Interacting with Tor does not require a lot of my mental eort.
PEOU3 I nd Tor to be easy to use.
PEOU4 I nd it easy to get Tor to do what I want it to do.
Behavioral BI1 I intend to continue using Tor in the future. Venkatesh and Davis
(2000)
Intention BI2 I will always try to use Tor in my daily life.
BI3 I plan to continue to use Tor frequently.
Actual Use Fre-
quency
USE Please choose your use frequency of Tor. (10 point frequency scale from
“never” to “all the time”.
Rosen et al. (2013)
Risk Propensity RP1 I would rather be safe than sorry. Donthu and Gilliland
(1996)
RP2 I am cautious in trying new/dierent products.
4
Construct Abbreviation Item Adapted from
RP3 I avoid risky things.
Privacy Victim VIC How frequently have you personally been the victim of what you felt was
an improper invasion of privacy? (7 point likert scale ranging from “never”
to “very frequently”)
Malhotra et al. (2004)
Trusting Beliefs TB1 Online companies would be trustworthy in handling (the information). Malhotra et al. (2004)
TB2 Online companies would tell the truth and full promises related to (the
information) provided by me.
TB3 I trust that online companies would keep my best interests in mind when
dealing with (the information).
TB4 Online companies are in general predictable and consistent regarding the
usage of (the information).
TB5 Online companies are always honest with customers when it comes to using
(the information) that I would provide.
Risk Beliefs RB1 In general, it would be risky to give (the information) to online companies. Malhotra et al. (2004)
RB2 There would be high potential for loss associated with giving (the informa-
tion) to online rms.
RB3 There would be too much uncertainty associated with giving (the informa-
tion) to online rms.
RB4 Providing online rms with (the information) would involve many unex-
pected problems.
RB5 I would feel safe giving (the information) to online companies. (R)
Information Pri-
vacy Collection
COLL1 It usually bothers me when online companies ask me for personal informa-
tion.
Malhotra et al. (2004)
5
Construct Abbreviation Item Adapted from
COLL2 When online companies ask me for personal information, I sometimes think
twice before providing it.
COLL3 It bothers me to give personal information to so many online companies.
COLL4 I’m concerned that online companies are collecting too much personal in-
formation about me.
Information Pri-
vacy Awareness
AWA1 Companies seeking information online should disclose the way the data are
collected, processed, and used.
Malhotra et al. (2004)
AWA2 A good consumer online privacy policy should have a clear and conspicuous
disclosure.
AWA3 It is very important to me that I am aware and knowledgeable about how
my personal information will be used.
Information Pri-
vacy Control
CONTROL1 Consumer online privacy is really a matter of consumers’ right to exercise
control and autonomy over decisions about how their information is col-
lected, used, and shared.
Malhotra et al. (2004)
CONTROL2 Consumer control of personal information lies at the heart of consumer
privacy.
CONTROL3 I believe that online privacy is invaded when control is lost or unwillingly
reduced as a result of a marketing transaction.
Facilitating FC1 I have the resources necessary to use Tor.
Venkatesh et al.
(2012)
Conditions FC2 I have the knowledge necessary to use Tor.
FC3 Tor is compatible with other technologies and applications I use.
FC4 I can get help from others when I have diculties using Tor.
Trade-o Eort
and Use
EFFORTUSE1 Tor oers a good value for my invested eort (time-wise and monetary). self-made
6
Construct Abbreviation Item Adapted from
EFFORTUSE2 Tor oers a good value for my invested time eort.
EFFORTUSE3 Tor oers a good value at the current price.
Result RESULTDEMON1 I have no diculty telling others about the results of using Tor.
Venkatesh and Davis
(2000)
Demonstrability RESULTDEMON2 I believe I could communicate to others the consequences of using Tor.
RESULTDEMON3 The results of using Tor are apparent to me.
RESULTDEMON4 I would have diculty explaining why using Tor may or may not be bene-
cial.
Consumer Inde-
pendent
CIJM1 Prior to purchasing a new brand, I prefer to consult a friend that has expe-
rience with the new brand. (R)
Manning et al. (1995)
Judgement Mak-
ing
CIJM2 When it comes to deciding whether to purchase a new service, I do not rely
on experienced friends or family members for advice.
CIJM3 I seldom ask a friend about his or her experiences with a new product before
I buy the new product.
CIJM4 I decide to buy new products and services without relying on the opinions
of friends who have already tried them.
CIJM5 When I am interested in purchasing a new service, I do not rely on my
friends or close acquaintances that have already used the new service to
give me information as to whether I should try it.
CIJM6 I do not rely on experienced friends for information about new products
prior to making up my mind about whether or not to purchase.
Consumer CNS1 I often seek out information about new products and brands. Manning et al. (1995)
Novelty Seeking CNS2 I like to go to places where I will be exposed to information about new
products and brands.
CNS3 I like magazines that introduce new brands.
7
Construct Abbreviation Item Adapted from
CNS4 I frequently look for new products and services.
CNS5 I seek out situations in which I will be exposed to new and dierent sources
of product information.
CNS6 I am continually seeking new product experiences.
CNS7 When I go shopping, I nd myself spending very little time checking out
new products and brands.
CNS8 I take advantage of the rst available opportunity to nd out about new
and dierent products.
Online Privacy
Literacy Scale
OP1 The National Security Agency (NSA) accesses only public user data, which
are visible for anyone. (True/false/don’t know)
Masur et al. (2017)
OP2 Social network site operators (e.g. Facebook) also collect and process infor-
mation about non-users of the social network site. (True/false/don’t know)
OP3 User data that are collected by social network site operators (e.g. Facebook)
are deleted after ve years. (True/false/don’t know)
OP4 Companies combine users’ data traces collected from dierent websites to
create user proles. (True/false/don’t know)
OP5 E-mails are commonly passed over several computers before they reach the
actual receiver. (True/false/don’t know)
OP6 1. What does the term “browsing history” stand for? In the browsing
history... A. ...the URLs of visited websites are stored. B. ...cookies from
visited websites are stored. C. ...potentially infected websites are stored
separately. D. ...dierent information about the user are stored, depending
on the browser type.
8
Construct Abbreviation Item Adapted from
OP7 2. What is a “cookie”? A. A text le that enables websites to recognize a
user when revisiting. B. A program to disable data collection from online
operators. C. A computer virus that can be transferred after connecting to
a website. D. A browser plugin that ensures safe online surng.
OP8 3. What does the term “cache” mean? A. A buer memory that accelerates
surng on the Internet. B. A program that specically collects information
about an Internet user and passes them on to third parties. C. A program,
that copies data on an external hard drive to protect against data theft. D.
A browser plugin that encrypts data transfer when surng online.
OP9 4. What is a “trojan”? A trojan is a computer program, that... A. ...is
disguised as a useful application, but fullls another function in the back-
ground. B. ...protects a computer from viruses and other malware. C. ...
was developed for fun an d has no specic function. D. ... caused damage
as computer virus in the 90ies but doesn’t exist anymore.
OP10 5. What is a “rewall”? A. A fallback system that will protect the computer
from unwanted web attacks. B. An outdated protection program against
computer viruses. C. A browser plugin that ensures safe online surng.
D. A new technical development that prevents data loss in case of a short
circuit.
OP11 Tracking of one’s own internet is made more dicult if one deletes
browser information (e.g. cookies, cache, browser history) regularly.
(True/false/don’t know)
9
Construct Abbreviation Item Adapted from
OP12 Surng in the private browsing mode can prevent the reconstruction
of your surng behavior, because no browser information is stored.
(True/false/don’t know)
OP13 Using false names or pseudonyms can make it dicult to identify someone
on the Internet. (True/false/don’t know)
OP14 Even though It-experts can crack dicult passwords, it is more sensible to
use a combination of letters, numbers and signs as passwords than words,
names or simple combinations of numbers. (True/false/don’t know)
OP15 In order to prevent the access to personal data, one should use various
passwords and user names for dierent online applications and change them
frequently. (True/false/don’t know)
Internet Experi-
ence
EXP How many years of experience do you have with computers? (Answer op-
tions range from 0 years to “more than 20 years”.)
self-made
Experience with
Tor
TOREXP How many years are you using Tor? (Answer options range from 0 years to
“more than 20 years”.)
self-made
Donation DON Did you ever donated money to the Tor project? (y/n) self-made
Amount of dona-
tion
AMOUNT How much money did you donate to the Tor project? self-made
Recommendation
of Tor
REC Would you recommend Tor? (y/n) self-made
Purpose of Tor
Use
PUR For what purposes are you using Tor? PUR1: Surng the internet; PUR2:
E-Mail Service; PUR3: Audio and Videostreaming; PUR4: Filesharing;
PUR5: Instant Messaging; PUR6: Cloud Services
self-made
10
Construct Abbreviation Item Adapted from
Knowledge
about Jon-
Donym
JD Do you know the anonymization service JonDonym? self-made
11
References
Benenson, Z., Girard, A., and Krontiris, I. (2015). User Acceptance Factors for Anony-
mous Credentials: An Empirical Investigation. 14th Annual Workshop on the Eco-
nomics of Information Security (WEIS), pages 1–33.
Davis, F. (1985). A Technology Acceptance Model for Empirically Testing New End-User
Information Systems: Theory and Results. Massachusetts Institute of Technology.
Donthu, N. and Gilliland, D. (1996). Observations: The infomercial shopper. Journal of
Advertising Research, 36(April):69–76.
Harborth, D., Cai, X., and Pape, S. (2019). Why Do People Pay for Privacy-Enhancing
Technologies? The Case of Tor and JonDonym. In Dhillon, G., Karlsson, F., Hed-
ström, K., and Zúquete, A., editors, ICT Systems Security and Privacy Protection.
SEC 2019. IFIP Advances in Information and Communication Technology, vol 562,
pages 253–267. Springer, Cham.
Harborth, D. and Pape, S. (2018a). Examining Technology Use Factors of Privacy-
Enhancing Technologies: The Role of Perceived Anonymity and Trust. In Twenty-
fourth Americas Conference on Information Systems (AMCIS2018), pages 1–10, New
Orleans, USA.
Harborth, D. and Pape, S. (2018b). JonDonym Users’ Information Privacy Concerns.
In Janczewski, L. and Kutyłowski, M., editors, ICT Systems Security and Privacy
Protection - 33rd IFIP TC 11 International Conference, SEC 2018, pages 170–184,
Poznan, Poland. Springer, Cham.
Harborth, D. and Pape, S. (2019). How Privacy Concerns and Trust and Risk Beliefs
Inuence Users’ Intentions to Use Privacy-Enhancing Technologies - The Case of
Tor. In Hawaii International Conference on System Sciences (HICSS) Proceedings,
Hawaii, US.
Harborth, D. and Pape, S. (2020a). Explaining Technology Use Behaviors of Privacy-
Enhancing Technologies: The Case of Tor and JonDonym. In Proceedings on Privacy
Enhancing Technologies (PETS) (accepted), pages 1–18.
Harborth, D. and Pape, S. (2020b). HOW PRIVACY CONCERNS, TRUST AND RISK
BELIEFS AND PRIVACY LITERACY INFLUENCE USERS’ INTENTIONS TO
USE PRIVACY-ENHANCING TECHNOLOGIES - THE CASE OF TOR. ACM
SIGMIS The DATA BASE for Advances in Information Systems, (forthcoming).
12
Malhotra, N. K., Kim, S. S., and Agarwal, J. (2004). Internet users’ information privacy
concerns (IUIPC): The construct, the scale, and a causal model. Information Systems
Research, 15(4):336–355.
Manning, K. C., Bearden, W. O., and Madden, T. J. (1995). Consumer Innovativeness
and the Adoption Process. Journal of Consumer Psychology, 4(4):329–345.
Masur, P. K., Teutsch, D., and Trepte, S. (2017). Entwicklung und Validierung der
Online-Privatheitskompetenzskala (OPLIS) [Development and validation of the On-
line Privacy Literacy Scale (OPLIS)]. Diagnostica, 63(4):256–268.
Pavlou, P. A. (2003). Consumer Acceptance of Electronic Commerce: Integrating Trust
and Risk with the Technology Acceptance Model. International Journal of Electronic
Commerce, 7(3):101–134.
Rosen, L., Whaling, K., Carrier, L., Cheever, N., and Rokkum, J. (2013). The Media and
Technology Usage and Attitudes Scale: An empirical investigation. Comput Human
Behav., 29(6):2501–2511.
Venkatesh, V. and Davis, F. D. (2000). A theoretical extension of the technology accep-
tance model: Four longitudinal Studies. Management Science, 46(2):186–205.
Venkatesh, V., Thong, J., and Xu, X. (2012). Consumer Acceptance and User of Informa-
tion Technology: Extending the Unied Theory of Acceptance and Use of Technology.
MIS Quarterly, 36(1):157–178.
13

File (1)

Content uploaded by Sebastian Pape
Author content
ResearchGate has not been able to resolve any citations for this publication.
ResearchGate has not been able to resolve any references for this publication.