Security Journal

, Volume 30, Issue 3, pp 979–999 | Cite as

Using trust and anonymity to expand the use of anonymizing systems that improve security across organizations

  • Anthony VanceEmail author
  • Paul Benjamin Lowry
  • David W Wilson
Original Article


To mitigate risks inherent in sharing sensitive cyber-security information, recent research has examined anonymizing systems (ANS) that hide the identities of participants and decouple data from their originators. ANS are particularly compelling as a potential support to cyber-security information sharing because the cost of implementation is relatively low, and the more organizations and nations that participate, the more everyone benefits. Although such systems are promising to both developing and mature cyber-infrastructures, they still have not been widely adopted for use in sharing cyber-security information. Relatively little prior research has investigated the perception and adoption of these systems, despite their potential value for organizations and nations in supporting the battle against cyber-crime. Given these opportunities, this study tries to better understand the factors that foster adoption of ANS. Accordingly, we present a theoretical model intended to explain the trust process involved in user adoption of ANS. We theorize that users’ beliefs regarding trust in the information provided by the system and the risks associated with using the system, as well as beliefs in the system’s anonymizing capability, will lead to greater levels of adoption. Further, perceptions of system quality are theorized to contribute to user trusting beliefs. The results of a free-simulation experiment largely validate the proposed model. These results should help inform the next generation of ANS development and deployment.


anonymizing systems security infrastructure security anonymity trust in IT cyber security 



We appreciate help from Robert Sainsbury in collecting this data and support from Georgia State University.

Supplementary material

41284_2016_59_MOESM1_ESM.doc (416 kb)
Online supplemental material


  1. Alonzo, M. and Aiken, M. (2004) Flaming in electronic communication. Decision Support Systems 36(3): 205–213.CrossRefGoogle Scholar
  2. Barclay, D., Higgins, C. and Thompson, R. (1995) The partial least squares (PLS) approach to causal modeling: Personal computer adoption and use as an illustration. Technology Studies 2(2): 285–309.Google Scholar
  3. Baron, R. and Kenny, D. (1986) The moderator-mediator variable distinction in social psychological research: Conceptual, strategic, and statistical considerations. Journal of Personality and Social Psychology 51(6): 1173–1182.CrossRefGoogle Scholar
  4. Bollen, K.A. (2014) Structural Equations with Latent Variables. Hoboken, NJ: John Wiley & Sons.Google Scholar
  5. Boss, S.R., Galletta, D.F., Lowry, P.B., Moody, G.D. and Polak, P. (2015) What do users have to fear? Using fear appeals to engender threats and fear that motivate protective behaviors in users. MIS Quarterly 39in press.Google Scholar
  6. Boudreau, M., Gefen, D. and Straub, D. (2001) Validation in IS research: A state-of-the-art assessment. MIS Quarterly 25(1): 1–16.CrossRefGoogle Scholar
  7. Brechbuhl, H., Bruce, R., Dynes, S. and Johnson, M.E. (2010) Protecting critical information infrastructure: Developing cybersecurity policy. Information Technology for Development 16(1): 83–91.CrossRefGoogle Scholar
  8. Calder, B.J., Phillips, L.W. and Tybout, A.M. (1981) Designing research for application. Journal of Consumer Research 8(2): 197–201.CrossRefGoogle Scholar
  9. Cassell, J. (ed.) (2000) Nudge nudge wink wink: Elements of face-to-face conversation for embodied conversational agents. In: Embodied Conversational Agents. Cambridge, MA: MIT Press, pp. 1–27.Google Scholar
  10. Cassell, J. and Bickmore, T. (2000) External manifestation of trustworthiness in the interface. Communications of ACM 43(12): 50–56.CrossRefGoogle Scholar
  11. Chai, S., Kim, M. and Rao, H.R. (2011) Firms’ information security investment decisions: Stock market evidence of investors’ behavior. Decision Support Systems 50(4): 651–661.CrossRefGoogle Scholar
  12. Chee-Wooi, T., Manimaran, G. and Chen-Ching, L. (2010) Cybersecurity for critical infrastructures: Attack and defense modeling. IEEE Transactions on Systems, Man and Cybernetics, Part A: Systems and Humans 40(4): 853–865.CrossRefGoogle Scholar
  13. Chellappa, R. and Pavlou, P.A. (2002) Perceived information security, financial liability, and consumer trust in electronic commerce transactions. Journal of Logistics Information Management 15(5/6): 358–368.CrossRefGoogle Scholar
  14. Chin, W. (1998) The partial least squares approach to structural equation modeling. In: G.A. Marcoulides (ed.) Modern Methods for Business Research. Hillsdale, NJ: Lawrence Erlbaum Associates, pp. 294–336.Google Scholar
  15. Chin, W., Marcolin, B. and Newsted, P. (2003a) A partial least squares latent variable modeling approach for measuring interaction effects: Results from a Monte Carlo simulation study and an electronic mail emotion/adoption study. Information Systems Research 14(2): 189–217.CrossRefGoogle Scholar
  16. Chin, W.W., Marcolin, B.L. and Newsted, P.R. (2003b) A partial least squares latent variable modeling approach for measuring interaction effects: Results from a Monte Carlo simulation study and an electronic-mail emotion/adoption study. Information Systems Research 14(2): 189–217.CrossRefGoogle Scholar
  17. Chin, W. and Newsted, P. (1999) Structural equation modeling analysis with small samples using partial least squares. In: R.H. Hoyle (ed.) Statistical Strategies for Small Sample Research,. pp. 307–341,
  18. Cohen, J. (1988) Statistical Power Analysis for the Behavioral Sciences. 2nd edn. Hillsdale, NJ: Routledge.Google Scholar
  19. Cook, T.D. and Campbell, D.T. (1979) Quasi-Experimentation: Design and Analysis Issues for Field Settings. Boston, MA: Houghton Mifflin.Google Scholar
  20. Crossler, R.E., Johnston, A.C., Lowry, P.B., Hu, Q., Warkentin, M. and Baskerville, R. (2013) Future directions for behavioral information security research. Computers & Security 32(February): 90–101.CrossRefGoogle Scholar
  21. Davis, F.D. (1989) Perceived usefulness, perceived ease of use and user acceptance of information technology. MIS Quarterly 13(3): 319–340.CrossRefGoogle Scholar
  22. DeLone, W. (2003) The DeLone and McLean model of information systems success: A ten-year update. Journal of Management Information Systems 19(4): 9–30.CrossRefGoogle Scholar
  23. DeLone, W.H. and McLean, E.R. (1992) Information systems success: The quest for the dependent variable. Information Systems Research 3(1): 60–95.CrossRefGoogle Scholar
  24. Diamantopoulos, A. and Winklhofer, H.M. (2001) Index construction with formative indicators: An alternative to scale development. Journal of Marketing Research 38(2): 269–277.CrossRefGoogle Scholar
  25. Diener, E., Fraser, S., Beaman, A. and Kelem, R. (1976) Effects of deindividuation variables on stealing among Halloween trick-or-treaters. Journal of Personality and Social Psychology 33(2): 178–183.CrossRefGoogle Scholar
  26. Dingledine, R., Mathewson, N. and Syverson, P. (2004) Tor: The Second-Generation Onion Router: Proceedings of the 13th Usenix Security Symposium. DTIC Document.Google Scholar
  27. Dynes, S., Goetz, E. and Freeman, M. (2007) Cyber security: Are economic incentives adequate? In: E. Goetz and S. Shenoi (eds.) Critical Infrastructure Protection. New York: Springer.Google Scholar
  28. Featherman, M. and Pavlou, P.A. (2003) Predicting e-services adoption: A perceived risk facets perspective. International Journal of Human-Computer Studies 59(4): 451–474.CrossRefGoogle Scholar
  29. Festinger, L., Pepitone, A. and Newcomb, T. (1952) Some consequences of deindividuation in a group. Journal of Abnormal Psychology 47(2 Suppl): 382–389.CrossRefGoogle Scholar
  30. Field, J.M., Heim, G.R. and Sinha, K.K. (2004) Managing quality in the e-service system: Development and application of a process model. Productions and Operations Management 13(4): 291–306.CrossRefGoogle Scholar
  31. Fishbein, M. and Ajzen, I. (1975) Belief, Attitude, Intention, and Behavior: An Introduction to Theory and Research. Reading, MA: Addison-Wesley.Google Scholar
  32. Friedman, B. and Millett, L.I. (1997) Reasoning about computers as moral agents: A research note. In: B. Friedman (ed.) Human Values and the Design of Computer Technology. Stanford, CA: CSLI Publications, pp. 201–207.Google Scholar
  33. Fromkin, H.L. and Streufert, S. (1976) Laboratory experimentation. In: B. Dunnette (ed.) Handbook of Industrial and Organizational Psychology. Chicago, IL: Rand McNally College Publishing Company, pp. 415–465.Google Scholar
  34. Geer JrD., Hoo, K.S. and Jaquith, A. (2003) Information security: Why the future belongs to the quants. IEEE Security & Privacy Magazine 1(4): 24–32.CrossRefGoogle Scholar
  35. Gefen, D., Karahanna, E. and Straub, D. (2003) Trust and TAM in online shopping: An integrated model. MIS Quarterly 27(1): 51–90.Google Scholar
  36. Gefen, D., Pavlou, P.A., Benbasat, I., McKnight, D.H., Stewart, K. and Straub, D.W. (2006) Should institutional trust matter in information systems research? Communications of the AIS 19(7): 205–222.Google Scholar
  37. Gefen, D., Straub, D. and Boudreau, M. (2000) Structural equation modeling and regression: Guidelines for research practice. Communications of the Association for Information Systems 4(7): 1–70.Google Scholar
  38. Gefen, D. and Straub, D.W. (2003) Managing user trust in B2G e-services. eService Journal 2(2): 7–24.CrossRefGoogle Scholar
  39. Goldschlag, D., Reed, M. and Syverson, P. (1999) Onion routing for anonymous and private internet connections. Communications of the ACM 42(2): 39–41.CrossRefGoogle Scholar
  40. Gordon, M., Slade, L. and Schmitt, N. (1986) The ‘science of the sophomore’ revisited: From conjecture to empiricism. Academy of Management Review 11(1): 191–207.Google Scholar
  41. Grazioli, S. and Jarvenpaa, S.L. (2000) Perils of internet fraud: An empirical investigation of deception and trust with experienced internet consumers. IEEE Transactions on Systems, Man, and Cybernetics 30(4): 395–410.CrossRefGoogle Scholar
  42. Groom, V., Nass, C., Chen, T., Nielsen, A., Scarborough, J. and Robles, E. (2009) Evaluating the effects of behavioral realism in embodied agents. International Journal of Human-Computer Studies 67(10): 842–849.CrossRefGoogle Scholar
  43. Hansen, J.V., Lowry, P.B., Meservy, R. and McDonald, D. (2007) Genetic programming for prevention of cyberterrorism through dynamic and evolving intrusion detection. Decision Support Systems 43(4): 1362–1374.CrossRefGoogle Scholar
  44. Hovav, A. and D’Arcy, J. (2003) The impact of denial-of-service attack announcements on the market value of firms. Risk Management and Insurance Review 6(2): 97.CrossRefGoogle Scholar
  45. Hsu, J., Shih, S.-P., Hung, Y.W. and Lowry, P.B. (2015) How extra-role behaviors can improve information security policy effectiveness. Information Systems Research 26(2): 282–300.CrossRefGoogle Scholar
  46. Jarvenpaa, S.L. and Tractinsky, N. (1999) Consumer trust in an internet store: A cross-cultural validation. Journal of Computer-Mediated Communication 5(2): 1–35.Google Scholar
  47. Jensen, M.L., Lowry, P.B., Burgoon, J.K. and Nunamaker Jr., J.F. (2010) Technology dominance in complex decision making: The case of aided credibility assessment. Journal of Management Information Systems 27(1): 181–207.CrossRefGoogle Scholar
  48. Jensen, M.L., Lowry, P.B. and Jenkins, J.L. (2011) Effects of automated and participative decision support in computer-aided credibility assessment. Journal of Management Information Systems 28(1): 201–233.CrossRefGoogle Scholar
  49. Komiak, S. and Benbasat, I. (2006) The effects of personalization and familiarity on trust and adoption of recommendation agents. MIS Quarterly 30(4): 941–960.Google Scholar
  50. Krämer, N. and Bente, G. (2010) Personalizing e-learning. The social effects of pedagogical agents. Educational Psychology Review 22(1): 71–87.CrossRefGoogle Scholar
  51. Lippert, S.K. (2001) An exploratory study into the relevance of trust in the context of information systems technology. Unpublished PhD dissertation, The George Washington University.Google Scholar
  52. Lowry, P.B. and Gaskin, J. (2014) Partial least squares (PLS) structural equation modeling (SEM) for building and testing behavioral causal theory: When to choose it and how to use it. IEEE Transactions on Professional Communication 57(2): 123–146.CrossRefGoogle Scholar
  53. Lowry, P.B., Gaskin, J., Twyman, N.W., Hammer, B. and Roberts, T.L. (2013a) Taking ‘fun and games’ seriously: Proposing the hedonic-motivation system adoption model (HMSAM). Journal of the Association for Information Systems 14(11): 617–671.Google Scholar
  54. Lowry, P.B., Moody, G., Galletta, D. and Vance, A. (2013b) The drivers in the use of online whistle-blowing reporting systems. Journal of Management Information Systems 30(1): 153–189.CrossRefGoogle Scholar
  55. Lowry, P.B., Moody, G., Vance, A., Jensen, M., Jenkins, J.L. and Wells, T. (2012) Using an elaboration likelihood approach to better understand the persuasiveness of website privacy assurance cues for online consumers. Journal of the American Society for Information Science and Technology 63(4): 755–766.CrossRefGoogle Scholar
  56. Lowry, P.B. and Moody, G.D. (2015) Proposing the control-reactance compliance model (CRCM) to explain opposing motivations to comply with organizational information security policies. Information Systems Journal 25(5): 433–463.CrossRefGoogle Scholar
  57. Lowry, P.B., Posey, C., Bennett, R.J. and Roberts, T.L. (2015a) Leveraging fairness and reactance theories to deter reactive computer abuse following enhanced organisational information security policies: An empirical study of the influence of counterfactual reasoning and organisational trust. Information Systems Journal 25(3): 193–230.CrossRefGoogle Scholar
  58. Lowry, P.B., Schuetzler, R.M., Giboney, J.S. and Gregory, T.A. (2015b) Is trust always better than distrust? The potential value of distrust in newer virtual teams engaged in short-term decision making. Group Decision and Negotiation 24(4): 723–752.CrossRefGoogle Scholar
  59. Lowry, P.B., Vance, A., Moody, G., Beckman, B. and Read, A. (2008) Explaining and predicting the impact of branding alliances and web site quality on initial consumer trust of e-commerce web sites. Journal of Management Information Systems 24(4): 199–224.CrossRefGoogle Scholar
  60. Lowry, P.B., Wilson, D.W. and Haig, W.L. (2014) A picture is worth a thousand words: Source credibility theory applied to logo and website design for heightened credibility and consumer trust. International Journal of Human-Computer Interaction 30(1): 63–93.CrossRefGoogle Scholar
  61. Malhotra, N., Kim, S. and Agarwal, J. (2004) Internet users’ information privacy concerns(IUIPC): The construct, the scale, and a causal model. Information Systems Research 15(4): 336–355.CrossRefGoogle Scholar
  62. Marcoulides, G. and Saunders, C. (2006) PLS: A silver bullet? MIS Quarterly 30(2): iii–ix.Google Scholar
  63. Mayer, R., Davis, J. and Schoorman, F. (1995) An integrative model of organizational trust. Academy of Management Review 20(3): 709–734.Google Scholar
  64. McKnight, D.H. (2005) Trust in information technology. In: G.B. Davis (ed.) The Blackwell Encyclopedia of Management. Vol. 7. Oxford: Blackwell Publishing, Management Information Systems pp. 329–331.Google Scholar
  65. McKnight, D.H., Choudhury, V. and Kacmar, C. (2002a) The impact of initial consumer trust on intentions to transact with a web site: A trust building model. Journal of Strategic Information Systems 11(3–4): 297–323.CrossRefGoogle Scholar
  66. McKnight, D.H., Choudhury, V. and Kacmar, C.J. (2002b) Developing and validating trust measures for e-commerce: An integrative typology. Information Systems Research 13(3): 334–359.CrossRefGoogle Scholar
  67. Montoya-Weiss, M., Voss, G. and Grewal, D. (2003) Determinants of online channel use and overall satisfaction with a relational, multichannel service provider. Journal of the Academy of Marketing Science 31(4): 448–458.CrossRefGoogle Scholar
  68. Moody, G.D., Galletta, D.F. and Lowry, P.B. (2014) When trust and distrust collide: The engendering and role of ambivalence in online consumer behavior. Electronic Commerce Research and Applications 13(4): 266–282.CrossRefGoogle Scholar
  69. Muir, B.M. (1987) Trust between humans and machines, and the design of decision aids. International Journal of Man Machine Studies 27(5–6): 527–539.CrossRefGoogle Scholar
  70. Muir, B.M. (1994) Trust in automation: Part I. Theoretical issues in the study of trust and human intervention in automated systems. Ergonomics 37(11): 1905–1922.CrossRefGoogle Scholar
  71. Muir, B.M. and Moray, N. (1996) Trust in automation: Part II. Experimental studies of trust and human intervention in a process control simulation. Ergonomics 39(3): 429–460.CrossRefGoogle Scholar
  72. Nelson, R., Todd, P. and Wixom, B. (2005) Antecedents of information and system quality: An empirical examination within the context of data warehousing. Journal of Management Information Systems 21(4): 199–235.CrossRefGoogle Scholar
  73. Nunamaker, J.F., Dennis, A.R., Valacich, J.S., Vogel, D.R. and George, J.F. (1991) Electronic meeting systems to support group work. Communications of the ACM 34(7): 40–61.CrossRefGoogle Scholar
  74. Øverlier, L. and Syverson, P. (2006) Locating hidden servers. 2006 IEEE Symposium on Security and Privacy,. pp. 100–114,
  75. Palmer, A. (2012) Deep web: Drugs, guns, assassins, jet planes all for sale on vast anonymous network,, accessed 6 May 2015.
  76. Pinsonneault, A. and Heppel, N. (1996) Anonymity in group support systems research: New conceptualization and measure. In System Sciences, 1997, Proceedings of the Thirtieth Hawaii International Conference on, vol. 2, pp. 134–145, 7–10 Jan.Google Scholar
  77. Pinsonneault, A. and Heppel, N. (1998) Anonymity in group support systems research: A new conceptualization, measure, and contingency framework. Journal of Management Information Systems 14(3): 89–108.CrossRefGoogle Scholar
  78. Podsakoff, P.M., MacKenzie, S.B., Lee, J.-Y. and Podsakoff, N.P. (2003) Common method biases in behavioral research: A critical review of the literature and recommended remedies. Journal of Applied Psychology 88(5): 879–903.CrossRefGoogle Scholar
  79. Posey, C., Roberts, T.L., Lowry, P.B., Bennett, R.J. and Courtney, J. (2013) Insiders’ protection of organizational information assets: Development of a systematics-based taxonomy and theory of diversity for protection-motivated behaviors. MIS Quarterly 37(4): 1189–1210.Google Scholar
  80. Price, K. (1987) Decision responsibility, task responsibility, identifiability, and social loafing. Organizational Behavior and Human Decision Processes 40(3): 330–345.CrossRefGoogle Scholar
  81. Qian, H. and Scott, C.R. (2007) Anonymity and self-disclosure on weblogs. Journal of Computer-Mediated Communication 12(4): 1428–1451.CrossRefGoogle Scholar
  82. Reeves, B. and Nass, C. (1996) The Media Equation: How People Treat Computers, Television, and New Media Like Real People and Places. New York: Cambridge University Press.Google Scholar
  83. Reicher, S. and Levine, M. (1994) On the consequences of deindividuation manipulations for the strategic communication of self: Identifiability and the presentation of social identity. European Journal of Social Psychology 24(4): 511–524.CrossRefGoogle Scholar
  84. Remus, W. (1986) Graduate students as surrogates for managers in experiments on business decision making. Journal of Business Research 14(1): 19–25.CrossRefGoogle Scholar
  85. Rezmierski, V., Rothschild, D.M., Kazanis, A.S. and Rivas, R.D. (2005) Final Report of the Computer Incident Factor Analysis and Categorization (CIFAC) Project: University of Michigan.Google Scholar
  86. Ringle, C.M., Wende, S. and Will, A. (2005) SmartPLS 2.0.M3. Hamburg: SmartPLS,
  87. Rouibah, K., Lowry, P.B. and Al-Mutairi, L. (2015) Dimensions of business-to-consumer (B2C) systems success in Kuwait: Testing a modified DeLone and McLean IS success model in an e-commerce context. Journal of Global Information Management 23(3): 41–70.CrossRefGoogle Scholar
  88. Salam, A.F., Rao, H.R. and Pegels, C.C. (2003) Consumer-perceived risk in e-commerce transactions. Communications of the ACM 46(12): 325–331.CrossRefGoogle Scholar
  89. Schoorman, F., Mayer, R. and Davis, J. (2007) An integrative model of organizational trust: Past, present, and future. Academy of Management Review 32(2): 344–354.CrossRefGoogle Scholar
  90. Seddon, P. (1997) A respecification and extension of the Delone and McLean model of IS success. Information Systems Research 8(3): 240–253.CrossRefGoogle Scholar
  91. Sheppard, B.H., Hartwick, J. and Warshaw, P.R. (1988) The theory of reasoned action: A meta analysis of past research with recommendations for modifications in future research. Journal of Consumer Research 15(3): 325–343.CrossRefGoogle Scholar
  92. Straub, D., Boudreau, M. and Gefen, D. (2004) Validation guidelines for IS positivist research. Communications of the Association for Information Systems 13(24): 380–427.Google Scholar
  93. Twyman, N.W., Lowry, P.B., Burgoon, J.K. and Nunamaker Jr., J.F. (2014) Autonomous scientifically controlled screening systems for detecting information purposely concealed by individuals. Journal of Management Information Systems 31(3): 106–137.CrossRefGoogle Scholar
  94. Vaishnavi, V., Vandenberg, A., Baskerville, R. and Zheng, G. (2006) TQN: a novel approach to generating information security data. Paper presented at the 16th Workshop on Information Technologies and Systems (WITS), Milwaukee, WI.Google Scholar
  95. Valacich, J.S., Dennis, A.R. and Nunamaker, J.F. (1992) Group size and anonymity effects on computer-mediated idea generation. Small Group Research 23(1): 49–73.CrossRefGoogle Scholar
  96. Vance, A., Elie-dit-cosaque, C. and Straub, D. (2008) Examining trust in IT artifacts: The effects of system quality and culture on trust. Journal of Management Information Systems 24(4): 73–100.CrossRefGoogle Scholar
  97. Vance, A., Lowry, P.B. and Eggett, D. (2013) Using accountability to reduce access policy violations in information systems. Journal of Management Information Systems 29(4): 263–289.CrossRefGoogle Scholar
  98. Vance, A., Lowry, P.B. and Eggett, D. (2015) A new approach to the problem of access policy violations: Increasing perceptions of accountability through the user interface. MIS Quarterly 39(2): 345–366.Google Scholar
  99. Venkatesh, V. and Davis, F.D. (2000) A theoretical extension of the technology acceptance model: Four longitudinal field studies. Management Science 46(2): 186–204.CrossRefGoogle Scholar
  100. Wang, W. and Benbasat, I. (2005) Trust and adoption of online recommendation agents. Journal of the Association for Information Systems 6(3): 72–101.Google Scholar
  101. Wolfinbarger, M. and Gilly, M.C. (2003) eTailQ: Dimensionalizing, measuring and predicting eTail quality. Journal of Retailing 79(3): 183–198.CrossRefGoogle Scholar
  102. Zimbardo, P., Arnold, W. and Levine, D. (1970) The human choice: Individuation, reason, and order versus deindividuation, impulse, and chaos. In: W.J. Arnold and D. Levine (eds.) 1969 Nebraska Symposium on Motivation. Lincoln, NE: University of Nebraska Press, pp. 237–307.Google Scholar

Copyright information

© Macmillan Publishers Ltd 2016

Authors and Affiliations

  • Anthony Vance
    • 1
    Email author
  • Paul Benjamin Lowry
    • 2
  • David W Wilson
    • 3
  1. 1.Information Systems Department, Marriott School of Management, Brigham Young UniversityProvoUSA
  2. 2.Department of Information Systems, College of Business, City University of Hong KongKowloon TongChina
  3. 3.Management Information Systems Division, Price College of Business, University of OklahomaNormanUSA

Personalised recommendations