Although essential to modern society, anonymity is increasingly hard to achieve due to the proliferation of data collection and surveillance of everyday life. Without anonymity, citizens cannot have a reasonable expectation of privacy or freedom of expression without reproach.
Today, maintaining anonymity requires additional tools like Tor, an open source software to protect users against traffic analysis, a common form of Internet surveillance.
The strength of an anonymity system like Tor is derived from the number of indistinguishable users, referred to as an anonymity set. User adoption and retention is key to supporting a robust anonymity set. An integral component in promoting user adoption and retention in anonymity systems is understanding the problems users encounter due to the User eXperience (UX). Professor Sameer Patil’s research (in collaboration with Professors Nasir Memon, Brendan Dolan-Gavitt, and Damon McCoy, and PhD candidate Kevin Gallagher – all of New York University) focuses on Tor UX by highlighting the issues users encounter while using Tor. The study is an invaluable first step towards observing and understanding Tor usage within a naturalistic setting free from laboratory constraints on tasks and time. This work demonstrates that broken websites, latency, and a lack of common conveniences available in popular Web browsers may limit user adoption and retention of Tor.
The researchers suggest the following solutions to address many of the aforementioned Tor UX issues: provide means to generate Tor friendly pages and encourage site developers to adopt these mechanisms, develop tools to provide a Tor-friendliness rating for Web pages along with actionable suggestions to improve the rating, modify security slider settings of the Tor Browser to permit convenience features at lower levels of anonymity, and create non-expert oriented messaging regarding errors, warnings, and other issues. The study found that enhancing the Tor UX in tandem with explaining the relationship between anonymity and latency may improve user trust in Tor and patience with slowless, especially among novices.
The above solutions, along with several others, posed by Professor Patil et al. are a critical next step in improving the Tor UX for the general public and enlarging the Tor anonymity set. The related paper describing the research, Peeling the Onion’s User Experience Layer: Examining Naturalistic Use of the Tor Browser, will be presented at the Association for Computing Machinery (ACM) Special Interest Group on Security, Audit, and Control (SIGSAC) Conference on Computer and Communications Security (CCS) held in Toronto, Canada from October 15th to October 19th, 2018. Co-chaired this year by SPICE professor Xiaofeng Wang, CCS is a SIGSAC flagship conference that unites information security practitioners, researchers, developers, and users from around the globe to promote the exploration of innovative information security ideas and results. The acceptance rate for the conference this year was 16.4%.
Kevin Gallagher, Sameer Patil, Brendan Dolan-Gavitt, Damon McCoy, and Nasir Memon. Peeling the Onion’s User Experience Layer: Examining Naturalistic Use of the Tor Browser. In 2018 ACM SIGSAC Conference on Computer and Communications Security (CCS ‘18), October 15-19, 2018, Toronto, ON, Canada. ACM, New York, NY, USA, 16 pages. https://doi.org/10.1145/3243734.3243803