(2023) Investigating Security Folklore: A Case Study on the Tor over VPN Phenomenon.
![[img]](https://publications.cispa.saarland/style/images/fileicons/text.png) |
Text
Investigating_Security_Folklore__The_Case_Study_of_the_Tor_over_VPN_Phenomenon__CSCW_2023.pdf Download (1MB) |
![[img]](https://publications.cispa.saarland/style/images/fileicons/archive.png) |
Archive
Supplemental Material (CSCW 2023).zip Download (244MB) |
Abstract
Users face security folklore in their daily lives in the form of security advice, myths, and word-of-mouth stories. Using a VPN to access the Tor network, i.e., Tor over VPN, is an interesting example of security folklore because of its inconclusive security benefits and its occurrence in pop-culture media. Following the Theory of Reasoned Action, we investigated the phenomenon with three studies: (1) we quantified the behavior on real-world Tor traffic and measured a prevalence of 6.23%; (2) we surveyed users' intentions and beliefs, discovering that they try to protect themselves from the Tor network or increase their general security; and (3) we analyzed online information sources, suggesting that perceived norms and ease-of-use play a significant role while behavioral beliefs about the purpose and effect are less crucial in spreading security folklore. We discuss how to communicate security advice effectively and combat security misinformation and misconceptions.
| Item Type: | Article |
|---|---|
| Divisions: | Katharina Krombholz (Human-Oriented Security, HOS) |
| Depositing User: | Matthias Fassl |
| Date Deposited: | 25 Jul 2023 20:37 |
| Last Modified: | 21 Aug 2023 08:50 |
| Primary Research Area: | NRA5: Empirical & Behavioral Security |
| URI: | https://publications.cispa.saarland/id/eprint/3996 |
Actions
Actions (login required)
 |
View Item |