November 24, 2017

Help us improve the usability of Tor and onion services!

Update 2017-09-11: We have collected several hundred responses, so we are now closing the survey to begin data analysis. Thanks for your help!

We are looking for volunteers for a study to improve the usability of Tor and onion services, but first some background: The Tor network is primarily known for client anonymity, that is, users can download Tor Browser and browse the Internet anonymously. A slightly lesser-known feature of Tor is server anonymity. It is possible to set up web servers—and other TCP-based services—whose IP address is hidden by the Tor network. We call these “hidden” servers onion services. Several well-known web sites such as Facebook, DuckDuckGo, and ProPublica have started to offer onion services in addition to their normal web sites.

Onion services differ from normal web services in several aspects; for example in their unusual domain format (an example is expyuzz4wqqyqhjn.onion, The Tor Project’s onion site) and in the way users connect to them—onion services are only accessible over Tor. In this research project, we are trying to understand how users deal with these differences by administering a survey to Tor users. A sound understanding of how users interact with onion services will allow privacy engineers to both improve onion service usability and better protect Tor users from surveillance, censorship, and other attacks.

You can help our research by filling out our survey (the survey is closed as of 2017-09-11). To learn more about our work, visit our project page, and don’t hesitate to get in touch with us if you have any questions.

Comments

  1. This is a weird survey:

    > Q2.5. For quality purposes, please select only “iPhone” and “Android” in the options below.

    What does that even mean? That doesn’t look like a question…

    > Q3.12. For quality purposes, please select “Yes, more than once” in the options below.

    Oh, are you trying to check I’m not a bot? This is a very confusing way to do it. For the first question I just assumed you were asking which platform I’m accessing Tor on.

    > Sometimes I cannot tell the difference between the legitimate and the impersonation site

    When am I supposed to check that box? How can I know if I was fooled before?

    > Q6.3. Now imagine that you are instead using Tor Browser to open the onion site of http://example.com.

    What does that even mean? Onion sites are not connected to HTTP sites, are they? So what does “the onion site of http://example.com” mean?

    I guess my answers will be discarded, since I didn’t answer Q2.5 properly. Too bad there was no way to go back and edit a previous answer by the time I got to 3.12 and understood your anti-spam scheme…

    Also, why does the survey insist so much about Tor Browser? Are you not interested in Orbot and Orfox, or is it just poor wording? I spend much more time on Tor with Orbot+Orfox than on Tor browser.

    • Thanks for taking our survey!

      > > Q2.5. For quality purposes, please select only “iPhone” and “Android” in the options below.
      >
      > What does that even mean? That doesn’t look like a question…

      Like you suspect, it’s an attention check that’s used to weed out low-quality responses. You are not the only one who was confused by this, so the phrasing could have been better.

      > > Q6.3. Now imagine that you are instead using Tor Browser to open the onion site of http://example.com.
      >
      > What does that even mean? Onion sites are not connected to HTTP sites, are they? So what does “the onion site of http://example.com” mean?

      It refers to the (hypothetical) corresponding onion service of example.com.

      > I guess my answers will be discarded, since I didn’t answer Q2.5 properly.

      No, don’t worry about that. We will come up with a heuristic (that may or may not use our attention checks) to weed out low-quality responses.

      > Also, why does the survey insist so much about Tor Browser? Are you not interested in Orbot and Orfox, or is it just poor wording? I spend much more time on Tor with Orbot+Orfox than on Tor browser.

      We are primarily interested in onion services but also consider some context on general Tor usage. We are using Tor Browser as an example because it’s the most popular way of using Tor.