Misconceptions Plague Security and Privacy Tools

The ISR's Peter Story and Norman Sadeh were authors on a research study that showed many people have misconceptions about what common online security and privacy tools really do.

Surfing the web through private browsing modes, virtual private networks (VPNs) or a Tor browser does not protect you from security threats, but users may think they do, according to a new study from Carnegie Mellon University's CyLab.

The study found that people hold many misconceptions about common security and privacy tools meant to help protect privacy and online security. The researchers presented their work at this month's Privacy Enhancing Technologies Symposium.

"There are certainly some people who know everything about these tools and can answer questions about them correctly, but that's far from the norm," said CyLab's Peter Story, a Ph.D. student in the Institute for Software Research (ISR) and the study's lead author.

The researchers conducted a survey of 500 demographically representative U.S. participants to measure their use and perceptions of five web browsing-related tools: private browsers, VPNs, Tor browser, ad blockers and antivirus software. They asked participants how effective each tool would be in a variety of scenarios, such as preventing hackers from gaining access to their device or preventing law enforcement from seeing the websites they visit.

For most scenarios, participants answered more than half of the assessment questions incorrectly.

"People know some things about what these tools can do, but they often assume incorrectly that the tools can do other things as well," said Norman Sadeh, a professor in the ISR and the study's principal investigator. "People who are more familiar with these tools may be more likely to answer a question about them — either correctly or incorrectly — than recognize they are unsure."

Read more about the study and its implications on CyLab's news website.

For More Information
Aaron Aupperlee | 412-268-9068 | aaupperlee@cmu.edu