The Importance of Being Earnest

Abstract

As privacy concerns grow, organizations and policy makers promote the use of privacy-enhancing technologies (PETs) to improve user trust and data-sharing behaviors. However, privacy-enhancing technologies (PETs) are often technologically complex and opaque to lay users. It is challenging to understand and effectively communicate the functionality of complex PETs to the users, such as Secure Multi-Party Computation (MPC). Studies typically assess the impact of new PETs by presenting users with a high-level description of the technology before measuring how this treatment changed their attitude or behavior. These results influence business and regulatory decisions (see Gartner's Hype Cycle for Emerging Technology [123]). In the present study, we question this approach. We assess whether naming specific PETs and providing generic descriptions impact users' willingness to put trust in service providers and share their data. Our survey presented three randomized controlled trials with 1,457 participants in a data marketplace scenario. The first group was treated with a PET (MPC), the second group with a fictional PET, and the third with a non-PET, serving as a control group. Our findings reveal that user trust and data-sharing willingness increased with MPC and the fictional PET, indicating that the high-level description, rather than the technology name, shapes user perception. We conclude that claiming the use of a PET is not an effective method to measure the impact of actually using this technology. However, given their mental model, lay users cannot verify the privacy claims of such descriptions presented in studies or by service providers. This increases the risks of users being deceived into a false sense of privacy, leading them to expose more private data than they otherwise would.