research-article

Investigating Security Folklore: A Case Study on the Tor over VPN Phenomenon

Authors:
Matthias Fassl

CISPA Helmholtz Center for Information Security, Saarbrücken, Germany

CISPA Helmholtz Center for Information Security, Saarbrücken, Germany

0000-0002-2894-3751
View Profile

,
Alexander Ponticello

CISPA Helmholtz Center for Information Security, Saarbrücken, Germany

CISPA Helmholtz Center for Information Security, Saarbrücken, Germany

0000-0001-6119-9701
View Profile

,
Adrian Dabrowski

CISPA Helmholtz Center for Information Security, Saarbrücken, Germany

CISPA Helmholtz Center for Information Security, Saarbrücken, Germany

0000-0002-0340-6204
View Profile

,
Katharina Krombholz

CISPA Helmholtz Center for Information Security, Saarbrücken, Germany

CISPA Helmholtz Center for Information Security, Saarbrücken, Germany

0000-0003-2425-3013
View Profile

Proceedings of the ACM on Human-Computer Interaction Volume 7 Issue CSCW2Article No.: 344pp 1–26https://doi.org/10.1145/3610193

Published:04 October 2023Publication History

Proceedings of the ACM on Human-Computer Interaction

Abstract

Users face security folklore in their daily lives in the form of security advice, myths, and word-of-mouth stories. Using a VPN to access the Tor network, i.e., Tor over VPN, is an interesting example of security folklore because of its inconclusive security benefits and its occurrence in pop-culture media.

Following the Theory of Reasoned Action, we investigated the phenomenon with three studies: (1) we quantified the behavior on real-world Tor traffic and measured a prevalence of 6.23%; (2) we surveyed users' intentions and beliefs, discovering that they try to protect themselves from the Tor network or increase their general security; and (3) we analyzed online information sources, suggesting that perceived norms and ease-of-use play a significant role while behavioral beliefs about the purpose and effect are less crucial in spreading security folklore. We discuss how to communicate security advice effectively and combat security misinformation and misconceptions.

Supplemental Material

Available for Download

zip

v7cscw344aux.zip (232.8 MB)

These supplemental materials are structured according to the three study parts of the paper: (1) measurement study to quantify Tor over VPN behavior on real-world Tor traffic; (2) user survey on intentions and beliefs behind the Tor over VPN behavior; and (3) qualitative analysis of the background information sources on Tor over VPN. The contained filetypes are: * .txt for lists of IP addresses * .pdf for the codebooks, questionnaires, and corpus material * .py program code for the VPN evaluation script * .zip files that contains a privcount-patched Tor version and a modified PrivCount version

References

Ruba Abu-Salma and Benjamin Livshits. 2020. Evaluating the End-User Experience of Private Browsing Mode. In Proceedings of the 2020 CHI Conference on Human Factors in Computing Systems. ACM, Honolulu HI USA, 1--12. https://doi.org/10.1145/3313831.3376440Google ScholarDigital Library
Ruba Abu-Salma, M. Angela Sasse, Joseph Bonneau, Anastasia Danilova, Alena Naiakshina, and Matthew Smith. 2017. Obstacles to the Adoption of Secure Communication Tools. In 2017 IEEE Symposium on Security and Privacy (SP ). IEEE, San Jose, CA, USA, 137--153. https://doi.org/10.1109/SP.2017.65Google ScholarCross Ref
Alessandro Acquisti, Idris Adjerid, Rebecca Balebako, Laura Brandimarte, Lorrie Faith Cranor, Saranga Komanduri, Pedro Giovanni Leon, Norman Sadeh, Florian Schaub, Manya Sleeper, Yang Wang, and Shomir Wilson. 2017. Nudges for Privacy and Security : Understanding and Assisting Users ' Choices Online. Comput. Surveys, Vol. 50, 3 (Oct. 2017), 1--41. https://doi.org/10.1145/3054926Google ScholarDigital Library
Omer Akgul, Richard Roberts, Moses Namara, Dave Levin, and Michelle L. Mazurek. 2022. Investigating Influencer VPN Ads on YouTube. In 2022 IEEE Symposium on Security and Privacy (SP ). IEEE, San Francisco, CA, USA, 876--892. https://doi.org/10.1109/SP46214.2022.9833633Google ScholarCross Ref
Adam Beautement, M. Angela Sasse, and Mike Wonham. 2008. The Compliance Budget: Managing Security Behaviour in Organisations. In Proceedings of the 2008 New Security Paradigms Workshop (NSPW '08). ACM, Lake Tahoe, CA, USA, 47--58. https://doi.org/10.1145/1595676.1595684Google ScholarDigital Library
Veroniek Binkhorst, Tobias Fiebig, Katharina Krombholz, Wolter Pieters, and Katsiaryna Labunets. 2022. Security at the End of the Tunnel : The Anatomy of VPN Mental Models Among Experts and Non-Experts in a Corporate Context. In 31st USENIX Security Symposium (USENIX Security 22). USENIX Association, Boston, MA, USA, 3433--3450. https://www.usenix.org/conference/usenixsecurity22/presentation/binkhorstGoogle Scholar
Alex Biryukov and Ivan Pustogarov. 2015. Bitcoin over Tor Isn't a Good Idea. In 2015 IEEE Symposium on Security and Privacy (SP ). IEEE, San Jose, CA, 122--134. https://doi.org/10.1109/SP.2015.15Google ScholarDigital Library
Maia J. Boyd, Jamar L. Sullivan Jr., Marshini Chetty, and Blase Ur. 2021. Understanding the Security and Privacy Advice Given to Black Lives Matter Protesters. In Proceedings of the 2021 CHI Conference on Human Factors in Computing Systems. ACM, Yokohama, Japan, 1--18. https://doi.org/10.1145/3411764.3445061Google ScholarDigital Library
Virginia Braun and Victoria Clarke. 2006. Using Thematic Analysis in Psychology. Qualitative Research in Psychology, Vol. 3, 2 (Jan. 2006), 77--101. https://doi.org/10.1191/1478088706qp063oaGoogle ScholarCross Ref
Jan Harold Brunvand. 1978. The Study of American Folklore : An Introduction second ed.). Norton, New York.Google Scholar
Robert B. Cialdini. 2009. Influence: Science and Practice. Pearson Education.Google Scholar
Sauvik Das, Tiffany Hyun-Jin Kim, Laura A Dabbish, and Jason I Hong. 2014a. The Effect of Social Influence on Security Sensitivity. In 10th Symposium On Usable Privacy and Security (SOUPS ). USENIX Association, 143--157.Google Scholar
Sauvik Das, Adam D.I. Kramer, Laura A. Dabbish, and Jason I. Hong. 2014b. Increasing Security Sensitivity With Social Proof : A Large-Scale Experimental Confirmation. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security (CCS ). ACM, Scottsdale Arizona USA, 739--749. https://doi.org/10.1145/2660267.2660271Google ScholarDigital Library
Albese Demjaha, Jonathan Spring, Ingolf Becker, Simon Parkin, and Angela Sasse. 2018. Metaphors Considered Harmful? An Exploratory Study of the Effectiveness of Functional Metaphors for End-to-End Encryption. In Proceedings of the Workshop on Usable Security (USEC ). Internet Society, San Diego, CA, USA. https://doi.org/10.14722/usec.2018.23015Google ScholarCross Ref
Roger Dingledine. 2012. [Tor-Talk] Tor plus VPN (Was Re: Hi All!). https://lists.torproject.org/pipermail/tor-talk/2012-January/022917.html Retrieved 2022--11--23 fromGoogle Scholar
Roger Dingledine, Nicholas Hopper, George Kadianakis, and Nick Mathewson. 2014. One Fast Guard for Life (or 9 Months). In Proceedings of the 14th Privacy Enhancing Technologies (PETS ). Amsterdam, Netherlands. https://doi.org/10.1.1.645.7692Google Scholar
Roger Dingledine and Nick Mathewson. 2021. Tor Path Specification. https://github.com/torproject/torspec/blob/master/path-spec.txt Retrieved 2022--11--22 fromGoogle Scholar
Agnieszka Dutkowska-Zuk, Austin Hounsel, Andre Xiong, Molly Roberts, Brandon Stewart, Marshini Chetty, and Nick Feamster. 2020. Understanding How and Why University Students Use Virtual Private Networks. arXiv. https://doi.org/10.48550/ARXIV.2002.11834 arxiv: 2002.11834Google ScholarCross Ref
Edward Snowden [@Snowden]. 2016. Use Tor. Use Signal. https://t.co/VLvBsbVHKs. https://twitter.com/Snowden/status/778592275144314884 Retrieved 2022--11--22 fromGoogle Scholar
Ellis Fenske, Akshaya Mani, Aaron Johnson, and Micah Sherr. 2017. Distributed Measurement with Private Set-Union Cardinality. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security (CCS ). ACM, Dallas, TX, USA, 2295--2312. https://doi.org/10.1145/3133956.3134034Google ScholarDigital Library
Casey Fiesler and Nicholas Proferes. 2018. “Participant ” Perceptions of Twitter Research Ethics. Social Media Society, Vol. 4, 1 (Jan. 2018), 205630511876336. https://doi.org/10.1177/2056305118763366Google ScholarCross Ref
Martin Fishbein and Icek Ajzen. 2010. Predicting and Changing Behavior: The Reasoned Action Approach. Psychology Press, New York. BF637.B4 F57 2010Google Scholar
George Forman. 2005. Counting Positives Accurately Despite Inaccurate Classification. In 16th European Conference on Machine Learning (ECML ), Jo ao Gama, Rui Camacho, Pavel B. Brazdil, Alípio Mário Jorge, and Luís Torgo (Eds.). Springer Berlin Heidelberg, Porto, Portugal, 564--575. https://doi.org/10.1007/11564096_55Google ScholarDigital Library
Kevin Gallagher, Sameer Patil, and Nasir Memon. 2017. New Me : Understanding Expert and Non-Expert Perceptions and Usage of the Tor Anonymity Network. In Proceedings of the Thirteenth Symposium on Usable Privacy and Security (SOUPS ). USENIX Association, Santa Clara, CA, USA, 385--398. https://www.usenix.org/system/files/conference/soups2017/soups2017-gallagher.pdfGoogle Scholar
Xianyi Gao, Yulong Yang, Huiqing Fu, Janne Lindqvist, and Yang Wang. 2014. Private Browsing : An Inquiry on Usability and Privacy Protection. In Proceedings of the 13th Workshop on Privacy in the Electronic Society. ACM, Scottsdale Arizona USA, 97--106. https://doi.org/10.1145/2665943.2665953Google ScholarDigital Library
Christine Geeng, Mike Harris, Elissa Redmiles, and Franziska Roesner. 2022. “Like Lesbians Walking the Perimeter ”: Experiences of U. S. LGBTQ Folks With Online Security, Safety, and Privacy Advice. In 31st USENIX Security Symposium (USENIX Security 22). USENIX Association, Boston, MA, USA, 305--322. https://www.usenix.org/conference/usenixsecurity22/presentation/geengGoogle Scholar
Sarah Gilbert, Katie Shilton, and Jessica Vitak. 2023. When Research Is the Context: Cross-platform User Expectations for Social Media Data Reuse. Big Data & Society, Vol. 10, 1 (Jan. 2023), 205395172311641. https://doi.org/10.1177/20539517231164108Google ScholarCross Ref
David C. Giles. 2002. Parasocial Interaction : A Review of the Literature and a Model for Future Research. Media Psychology, Vol. 4, 3 (Aug. 2002), 279--305. https://doi.org/10.1207/S1532785XMEP0403_04Google ScholarCross Ref
David J. Gunkel. 2018. The Relational Turn : Third Wave HCI and Phenomenology. In New Directions in Third Wave Human-Computer Interaction : Volume 1 - Technologies, Michael Filimowicz and Veronika Tzankova (Eds.). Springer International Publishing, Cham, 11--24. https://doi.org/10.1007/978--3--319--73356--2_2Google ScholarCross Ref
Hana Habib, Jessica Colnago, Vidya Gopalakrishnan, Sarah Pearman, Jeremy Thomas, Alessandro Acquisti, Nicolas Christin, and Lorrie Faith Cranor. 2018. Away From Prying Eyes : Analyzing Usage and Understanding of Private Browsing. In Proceedings of the Fourteenth Symposium on Usable Privacy and Security (SOUPS ). USENIX Association, Baltimore, MD, USA, 159--175. https://www.usenix.org/system/files/conference/soups2018/soups2018-habib-prying.pdfGoogle Scholar
David Harborth, Sebastian Pape, and Kai Rannenberg. 2020. Explaining the Technology Use Behavior of Privacy-Enhancing Technologies : The Case of Tor and JonDonym. Proceedings on Privacy Enhancing Technologies, Vol. 2020, 2 (April 2020), 111--128. https://doi.org/10.2478/popets-2020-0020Google ScholarCross Ref
Amelia Hassoun, Ian Beacock, Sunny Consolvo, Beth Goldberg, Patrick Gage Kelley, and Daniel M. Russell. 2023. Practicing Information Sensibility: How Gen Z Engages with Online Information. In Proceedings of the 2023 CHI Conference on Human Factors in Computing Systems (Hamburg, Germany) (CHI '23). Association for Computing Machinery, New York, NY, USA, Article 662, 17 pages. https://doi.org/10.1145/3544548.3581328Google ScholarDigital Library
Muhammad Ikram, Narseo Vallina-Rodriguez, Suranga Seneviratne, Mohamed Ali Kaafar, and Vern Paxson. 2016. An Analysis of the Privacy and Security Risks of Android VPN Permission-enabled Apps. In Proceedings of the 2016 Internet Measurement Conference. ACM, Santa Monica, CA, USA, 349--364. https://doi.org/10.1145/2987443.2987471Google ScholarDigital Library
Rob Jansen and Aaron Johnson. 2016. Safely Measuring Tor. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security (CCS '16). ACM, Vienna, Austria, 1553--1567. https://doi.org/10.1145/2976749.2978310Google ScholarDigital Library
Ruogu Kang, Stephanie Brown, Laura Dabbish, and Sara Kiesler. 2014. Privacy Attitudes of Mechanical Turk Workers and the U. S. Public. In Proceedings of the Tenth Symposium On Usable Privacy and Security (SOUPS ). USENIX Association, Menlo Park, CA, USA, 37--49. https://doi.org/10.5555/3235838.3235842Google ScholarDigital Library
Ruogu Kang, Laura Dabbish, Nathaniel Fruchter, and Sara Kiesler. 2015. "My Data Just Goes Everywhere": User Mental Models of the Internet and Implications for Privacy and Security. In Eleventh Symposium On Usable Privacy and Security (SOUPS 2015) (SOUPS ). USENIX Association, Ottawa, ON, Canada, 39--52. https://www.usenix.org/system/files/conference/soups2015/soups15-paper-kang.pdfGoogle Scholar
Mohammad Taha Khan, Joe DeBlasio, Geoffrey M. Voelker, Alex C. Snoeren, Chris Kanich, and Narseo Vallina-Rodriguez. 2018. An Empirical Analysis of the Commercial VPN Ecosystem. In Proceedings of the Internet Measurement Conference 2018 (IMC '18). ACM, Boston, MA, USA, 443--456. https://doi.org/10.1145/3278532.3278570Google ScholarDigital Library
Alexandra Mai, Katharina Pfeffer, Matthias Gusenbauer, Edgar Weippl, and Katharina Krombholz. 2020. User Mental Models of Cryptocurrency Systems - A Grounded Theory Approach. In Sixteenth Symposium on Usable Privacy and Security (SOUPS 2020). USENIX Association, 341--358. https://www.usenix.org/conference/soups2020/presentation/maiGoogle Scholar
Akshaya Mani, T. Wilson-Brown, Rob Jansen, Aaron Johnson, and Micah Sherr. 2018. Understanding Tor Usage with Privacy-Preserving Measurement. In Proceedings of the Internet Measurement Conference 2018 (IMC ). ACM, Boston, MA, USA, 175--187. https://doi.org/10.1145/3278532.3278549Google ScholarDigital Library
Mara Mather and Marcia K. Johnson. 2000. Choice-Supportive Source Monitoring: Do Our Decisions Seem Better to Us as We Age? Psychology and Aging, Vol. 15, 4 (2000), 596--606. https://doi.org/10.1037/0882--7974.15.4.596Google ScholarCross Ref
Niels Raabjerg Mathiasen and Susanne Bødker. 2008. Threats or Threads: From Usable Security to Secure Experience?. In Proceedings of the 5th Nordic Conference on Human-Computer Interaction : Building Bridges (NordiCHI ). ACM, Lund, Sweden, 283--289. https://doi.org/10.1145/1463160.1463191Google ScholarDigital Library
Nora McDonald, Sarita Schoenebeck, and Andrea Forte. 2019. Reliability and Inter-rater Reliability in Qualitative Research : Norms and Guidelines for CSCW and HCI Practice. Proceedings of the ACM on Human-Computer Interaction, Vol. 3, CSCW (Nov. 2019), 1--23. https://doi.org/10.1145/3359174Google ScholarDigital Library
Know Your Meme. 2010. Good Luck, I 'm Behind 7 Proxies. https://knowyourmeme.com/memes/good-luck-im-behind-7-proxies Retrieved 2022--11--22 fromGoogle Scholar
Rebecca Moody. 2020. VPN Market Report 2022: Who 's Got the Biggest VPN Market Share? https://www.comparitech.com/blog/vpn-privacy/vpn-market-share-report/ Retrieved 2022--11--22 fromGoogle Scholar
Moses Namara, Daricia Wilkinson, Kelly Caine, and Bart P. Knijnenburg. 2020. Emotional and Practical Considerations Towards the Adoption and Abandonment of VPNs as a Privacy-Enhancing Technology. Proceedings on Privacy Enhancing Technologies, Vol. 2020, 1 (2020), 83--102. https://doi.org/10.2478/popets-2020-0006Google ScholarCross Ref
Nic Newman, Richard Fletcher, Craig T Robertson, Kirsten Eddy, and Rasmus Kleis Nielsen. 2022. Reuters Institute Digital News Report 2022. Technical Report. 164 pages. https://reutersinstitute.politics.ox.ac.uk/sites/default/files/2022-06/Digital_News-Report_2022.pdf Retrieved 2022--11--22 fromGoogle Scholar
nusenu. 2021. OrNetStats. https://nusenu.github.io/OrNetStats/ Retrieved 2021-07-05 fromGoogle Scholar
Anna-Marie Ortloff, Matthias Fassl, Alexander Ponticello, Florin Martius, Anne Mertens, Katharina Krombholz, and Matthew Smith. 2023. Different Researchers, Different Results ? Analyzing the Influence of Researcher Experience and Data Type During Qualitative Analysis of an Interview and Survey Study on Security Advice. In Proceedings of the 2023 CHI Conference on Human Factors in Computing Systems. ACM, Hamburg Germany, 1--21. https://doi.org/10.1145/3544548.3580766Google ScholarDigital Library
Katharina Pfeffer, Alexandra Mai, Edgar Weippl, Emilee Rader, and Katharina Krombholz. 2022. Replication: Stories as Informal Lessons about Security. In Eighteenth Symposium on Usable Privacy and Security (SOUPS 2022). USENIX Association, Boston, MA, 1--18. https://www.usenix.org/conference/soups2022/presentation/pfefferGoogle Scholar
Álex Pina, Esther Martínez Lobato, Javier Gómez Santander, Pablo Roa, Fernando Sancristóbal, Esther Morales, David Barrocal relax (Writers), and Javier Quintas relax (Director). 2017. Money Heist - A Matter of Efficiency (Season 2, Part 3). https://www.imdb.com/title/tt6851508/Google Scholar
Emilee Rader and Janine Slaker. 2017. The Importance of Visibility for Folk Theories of Sensor Data. In Thirteenth Symposium on Usable Privacy and Security (SOUPS 2017). USENIX Association, Santa Clara, CA, 257--270. https://www.usenix.org/conference/soups2017/technical-sessions/presentation/raderGoogle Scholar
Emilee Rader, Rick Wash, and Brandon Brooks. 2012. Stories as Informal Lessons about Security. In Proceedings of the Eighth Symposium on Usable Privacy and Security (SOUPS '12). ACM, Washington D.C., USA. https://doi.org/10.1145/2335356.2335364Google ScholarDigital Library
Reethika Ramesh, Leonid Evdokimov, Diwen Xue, and Roya Ensafi. 2022. VPNalyzer : Systematic Investigation of the VPN Ecosystem. In Proceedings 2022 Network and Distributed System Security Symposium. Internet Society, San Diego, CA, USA. https://doi.org/10.14722/ndss.2022.24285Google ScholarCross Ref
Reethika Ramesh, Anjali Vyas, and Roya Ensafi. 2023. "All of Them Claim to Be the Best": Multi-perspective Study of VPN Users and VPN Providers. In 32nd USENIX Security Symposium (USENIX Security 23). USENIX Association, Anaheim, CA. https://www.usenix.org/conference/usenixsecurity23/presentation/rameshGoogle Scholar
James Reason. 1990. The Contribution of Latent Human Failures to the Breakdown of Complex Systems. Philosophical Transactions of the Royal Society B 327 (1990), 475--484. https://doi.org/10.1098/rstb.1990.0090Google ScholarCross Ref
Tor Reddit. 2021. FAQ : "Should I Use a VPN with Tor ?". https://old.reddit.com/r/TOR/wiki/index#wiki_should_i_use_a_vpn_with_tor.3F_tor_over_vpn.2C_or_vpn_over_tor.3F Retrieved 2022--11--22 fromGoogle Scholar
Elissa M Redmiles, Sean Kross, and Michelle L Mazurek. 2016. How I Learned to Be Secure : A Census-Representative Survey of Security Advice Sources and Behavior. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security (CCS '16). ACM, Vienna, Austria, 666--677. https://doi.org/10.1145/2976749.2978307Google ScholarDigital Library
Elissa M. Redmiles, Noel Warford, Amritha Jayanti, and Aravind Koneru. 2020. A Comprehensive Quality Evaluation of Security and Privacy Advice on the Web. In Proceedings of the 29th USENIX Security Symposium (USENIX Security 2020). USENIX Association, 89--108. https://www.usenix.org/conference/usenixsecurity20/presentation/redmilesGoogle ScholarDigital Library
Robert W. Reeder, Iulia Ion, and Sunny Consolvo. 2017. 152 Simple Steps to Stay Safe Online : Security Advice for Non-Tech-Savvy Users. IEEE Security & Privacy, Vol. 15, 5 (2017), 55--64. https://doi.org/10.1109/msp.2017.3681050Google ScholarDigital Library
Karen Renaud and Merrill Warkentin. 2017. Risk Homeostasis in Information Security : Challenges in Confirming Existence and Verifying Impact. In Proceedings of the 2017 New Security Paradigms Workshop (NSPW 2017). ACM, Santa Cruz, CA, USA, 57--69. https://doi.org/10.1145/3171533.3171534Google ScholarDigital Library
Bruce Schneier. 2008. The Psychology of Security. In AFRICACRYPT. 30. https://doi.org/10.1007/978--3--540--68164--9_5Google ScholarCross Ref
Peter Story, Daniel Smullen, Yaxing Yao, Alessandro Acquisti, Lorrie Faith Cranor, Norman Sadeh, and Florian Schaub. 2021. Awareness, Adoption, and Misconceptions of Web Privacy Tools. Proceedings on Privacy Enhancing Technologies, Vol. 2021, 3 (2021), 308--333. https://doi.org/10.2478/popets-2021-0049Google ScholarCross Ref
Jenny Tang, Eleanor Birrell, and Ada Lerner. 2022. Replication: How Well Do My Results Generalize Now ? The External Validity of Online Privacy and Security Surveys. In Proceedings of the Eighteenth Symposium on Usable Privacy and Security (SOUPS ). USENIX Association, Boston, MA, USA. https://www.usenix.org/conference/soups2022/presentation/tangGoogle Scholar
TOP10VPN and globalwebindex. 2020. Global VPN Usage Report 2020: An Exploration of VPNs and Their Users around the World. Technical Report. 19 pages. https://www.top10vpn.com/assets/2020/03/Top10VPN-GWI-Global-VPN-Usage-Report-2020.pdf Retrieved 2022--11--22 fromGoogle Scholar
TorProject Trac. 2022. Tor VPN. https://trac.torproject.org/projects/tor/wiki/doc/TorPlusVPN Retrieved 2022--11--22 fromGoogle Scholar
Matt Traudt. 2016. VPN Tor : Not Necessarily a Net Gain. https://matt.traudt.xyz/posts/2016--11--12-vpn-tor-not-net-gain/ Retrieved 2022--11--22 fromGoogle Scholar
Blase Ur, Fumiko Noma, Jonathan Bees, Sean M Segreti, Richard Shay, Lujo Bauer, Nicolas Christin, and Lorrie Faith Cranor. 2015. “I Added `!' At the End to Make It Secure ”: Observing Password Creation in the Lab. In Eleventh Symposium On Usable Privacy and Security (SOUPS 2015). USENIX Association, Ottawa, ON, Canada, 123--140. https://www.usenix.org/conference/soups2015/proceedings/presentation/urGoogle Scholar
Rick Wash. 2010. Folk Models of Home Computer Security. In Proceedings of the Sixth Symposium on Usable Privacy and Security (SOUPS '10). ACM, Redmond, WA, USA, 1--16. https://doi.org/10.1145/1837110.1837125Google ScholarDigital Library
Zachary Weinberg, Shinyoung Cho, Nicolas Christin, Vyas Sekar, and Phillipa Gill. 2018. How to Catch When Proxies Lie : Verifying the Physical Locations of Network Proxies with Active Geolocation. In Proceedings of the Internet Measurement Conference 2018. ACM, Boston MA USA, 203--217. https://doi.org/10.1145/3278532.3278551Google ScholarDigital Library
Yixin Zou, Kevin Roundy, Acar Tamersoy, Saurabh Shintre, Johann Roturier, and Florian Schaub. 2020. Examining the Adoption and Abandonment of Security, Privacy, and Identity Theft Protection Practices. In Proceedings of the 2020 CHI Conference on Human Factors in Computing Systems (CHI ). ACM, Honolulu, HI, USA, 1--15. https://doi.org/10.1145/3313831.3376570Google ScholarDigital Library

Index Terms

Investigating Security Folklore: A Case Study on the Tor over VPN Phenomenon
1. Security and privacy
  1. Human and societal aspects of security and privacy
    1. Privacy protections
  2. Security services
    1. Pseudonymity, anonymity and untraceability

Recommendations

A New Approach for the Security of VPN
ICTCS '16: Proceedings of the Second International Conference on Information and Communication Technology for Competitive Strategies

In present days, Internet has become mainstream of the network technology for low cost communications architecture, also it brought great convenience for the organizations and businesses to support growth of their business. Since Internet is highly ...
Read More
Critical vpn security analysis and new approach for securing voip communications over vpn networks
WMuNeP '07: Proceedings of the 3rd ACM workshop on Wireless multimedia networking and performance modeling

Security presents a big challenge for transmitting voice traffic over the Internet. The goal is to acquire the same security level offered.

Read More
VPN Analysis and New Perspective for Securing Voice over VPN Networks
ICNS '08: Proceedings of the Fourth International Conference on Networking and Services

Security and privacy become mandatory requirements for VoIP communications that needs security services such as confidentiality, integrity, authentication, non-replay and non-repudiation. The available solutions are generic and do not respect voice ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

Published in
Proceedings of the ACM on Human-Computer Interaction Volume 7, Issue CSCW2
CSCW
October 2023
4055 pages
EISSN:2573-0142
DOI:10.1145/3626953
Editor:
Jeff Nichols
Apple Inc., United States
Issue’s Table of Contents
Copyright © 2023 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 4 October 2023
Published in pacmhci Volume 7, Issue CSCW2

Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
VPN
beliefs
secure experience
security advice
theory of reasoned action
tor
tor over VPN
Qualifiers
- research-article
Conference
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 0
  Total Citations
  View Citations
- 174
  Total Downloads
- Downloads (Last 12 months)174
- Downloads (Last 6 weeks)30
Other Metrics
View Author Metrics
Cited By
This publication has not been cited yet

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Investigating Security Folklore: A Case Study on the Tor over VPN Phenomenon

Proceedings of the ACM on Human-Computer Interaction

Abstract

Supplemental Material

Available for Download

References

Cited By

Index Terms

Recommendations

A New Approach for the Security of VPN

Critical vpn security analysis and new approach for securing voip communications over vpn networks

VPN Analysis and New Perspective for Securing Voice over VPN Networks

Comments

Login options

Full Access

Published in

Sponsors

In-Cooperation

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Conference

Funding Sources

Other Metrics

Article Metrics

Other Metrics

Cited By

PDF Format

eReader

Digital Edition

Caption

Investigating Security Folklore: A Case Study on the Tor over VPN Phenomenon

Proceedings of the ACM on Human-Computer Interaction

Abstract

Supplemental Material

Available for Download

References

Cited By

Index Terms

Recommendations

A New Approach for the Security of VPN

Critical vpn security analysis and new approach for securing voip communications over vpn networks

VPN Analysis and New Perspective for Securing Voice over VPN Networks

Comments

Login options

Full Access

Published in

Sponsors

In-Cooperation

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Conference

Funding Sources

Article Metrics

Other Metrics

PDF Format

eReader

Digital Edition

Share this Publication link

Share on Social Media