Outsourcing data to remote storage servers has become more and more popular, but the related security and privacy concerns have also been raised. To protect the pattern in which a user accesses the outsourced data, various oblivious RAM (ORAM) systems have been proposed. However, existing ORAM designs assume a single user or a group of mutually-trusted users to access a remote storage, which makes them inapplicable to many practical scenarios where multiple users share data but may not trust each other. Even if the data-sharing users do trust each other, such systems are vulnerable to the compromise of even a single user. To study the feasibility and costs for overcoming the limitation of existing ORAMs in multi-user scenarios, this paper proposes a new type of ORAM system called Multi-user ORAM (M-ORAM). The key idea is to introduce a new component, i.e., a chain of anonymizers, to act as a common proxy between users and the storage server. M-ORAM can protect the data access pattern of each individual user from others as long as not all anonymizers are compromised. Extensive security and overhead analysis has been conducted to quantify the strength of the scheme in protecting an individual user’s access pattern and the costs incurred to provide the protection.