A Usability Evaluation of Tor Launcher

Linda Lee 1 , David Fifield 2 , Nathan Malkin 3 , Ganesh Iyer 4 , Serge Egelman 5  und David Wagner 6
  • 1 University of California, , Berkeley
  • 2 University of California, , Berkeley
  • 3 University of California, , Berkeley
  • 4 University of California, , Berkeley
  • 5 University of California, , International Computer Science Institute, Berkeley
  • 6 University of California, , Berkeley


Although Tor has state-of-the art anticensorship measures, users in heavily censored environments will not be able to connect to Tor if they cannot configure their connections. We perform the first usability evaluation of Tor Launcher, the graphical user interface (GUI) that Tor Browser uses to configure connections to Tor. Our study shows that 79% (363 of 458) of user attempts to connect to Tor in simulated censored environments failed. We found that users were often frustrated during the process and tried options at random. In this paper, we measure potential usability issues, discuss design constraints unique to Tor, and provide recommendations based on what we learned to help more users connect to Tor while reducing the time they take to do so. Tor Browser incorporated the changes proposed by this study.

Falls das inline PDF nicht korrekt dargestellt ist, können Sie das PDF hier herunterladen.

  • [1] A. Adams and M. A. Sasse. Users are not the enemy. Communications of the ACM, 42(12):40–46, 1999.

  • [2] D. Akhawe and A. P. Felt. Alice in warningland: A large-scale field study of browser security warning effectiveness. In Presented as part of the 22nd USENIX Security Symposium (USENIX Security 13), pages 257–272, 2013.

  • [3] W. Albert and T. Tullis. Measuring the user experience: collecting, analyzing, and presenting usability metrics. Newnes, 2013.

  • [4] Alexa: The top 500 sites on the web. http://www.alexa.com/topsites.

  • [5] Y. Angel and P. Winter. obfs4 (the obfourscator), May 2014. https://gitweb.torproject.org/pluggable-transports/obfs4.git/tree/doc/obfs4-spec.txt.

  • [6] R. Böhme and J. Grossklags. The security cost of cheap user interaction. In Proceedings of the 2011 workshop on New security paradigms workshop, pages 67–82. ACM, 2011.

  • [7] R. Böhme and S. Köpsell. Trained to accept? a field experiment on consent dialogs. In Proceedings of the SIGCHI conference on human factors in computing systems, pages 2403–2406. ACM, 2010.

  • [9] J. Clark, P. C. Van Oorschot, and C. Adams. Usability of anonymous web browsing: An examination of Tor interfaces and deployability. In 3rd Symposium on Usable Privacy and Security, pages 41–51. ACM, 2007.

  • [10] R. Dhamija and A. Perrig. Déjà Vu: A user study using images for authentication. In USENIX Security Symposium, volume 9, pages 4–4, 2000.

  • [11] R. Dhamija, J. D. Tygar, and M. Hearst. Why phishing works. In SIGCHI conference on Human Factors in computing systems, pages 581–590. ACM, 2006.

  • [12] R. Dingledine and N. Mathewson. Anonymity loves company: Usability and the network effect. In R. Anderson, editor, Fifth Workshop on the Economics of Information Security, June 2006.

  • [13] R. Dingledine, N. Mathewson, and P. Syverson. Tor: The second-generation onion router. In 13th USENIX Security Symposium, August 2004.

  • [14] K. P. Dyer, S. E. Coull, T. Ristenpart, and T. Shrimpton. Protocol misidentification made easy with Format-Transforming Encryption. In Computer and Communications Security. ACM, 2013.

  • [15] S. Egelman, L. F. Cranor, and J. Hong. You’ve been warned: an empirical study of the effectiveness of web browser phishing warnings. In SIGCHI Conference on Human Factors in Computing Systems, pages 1065–1074. ACM, 2008.

  • [16] S. Egelman, D. Molnar, N. Christin, A. Acquisti, C. Herley, and S. Krishnamurthi. Please continue to hold. In Ninth Workshop on the Economics of Information Security, 2010.

  • [17] B. Fabian, F. Goertz, S. Kunz, S. Müller, and M. Nitzsche. Privately waiting: A usability analysis of the Tor anonymity network. In Sustainable e-Business Management, Lecture Notes in Business Information Processing 58, pages 63–75. Springer, 1 edition, 2010.

  • [18] D. Fifield, N. Hardison, J. Ellithorpe, E. Stark, D. Boneh, R. Dingledine, and P. Porras. Evading censorship with browser-based proxies. In Privacy Enhancing Technologies, pages 239–258, Berlin, Heidelberg, 2012. Springer-Verlag.

  • [19] D. Fifield, C. Lan, R. Hynes, P. Wegmann, and V. Paxson. Blocking-resistant communication through domain fronting. Privacy Enhancing Technologies, 1(2):1–19, 2015.

  • [20] S. L. Garfinkel and R. C. Miller. Johnny 2: a user test of key continuity management with S/MIME and Outlook Express. In 2005 symposium on Usable privacy and security, pages 13–24. ACM, 2005.

  • [21] N. S. Good, J. Grossklags, D. K. Mulligan, and J. A. Konstan. Noticing notice: a large-scale experiment on the timing of software license agreements. In Proceedings of the SIGCHI conference on Human factors in computing systems, pages 607–616. ACM, 2007.

  • [22] G. Kadianakis and N. Mathewson. obfs3 (the threebfuscator), Jan. 2013. https://gitweb.torproject.org/pluggable-transports/obfsproxy.git/tree/doc/obfs3/obfs3-protocol-spec.txt.

  • [23] G. Koppen. Tor Browser 5.0.3 is released, Sept. 2015. https://blog.torproject.org/blog/tor-browser-503-released.

  • [24] K. Krol, J. M. Spring, S. Parkin, and M. A. Sasse. Towards robust experimental design for user studies in security and privacy. In Learning from Authoritative Security Experiment Results (LASER), pages 21–31, San Jose, CA, 2016. USENIX.

  • [25] L. Lee and D. Fifield. UX Sprint 2015 wrapup. https://blog.torproject.org/blog/ux-sprint-2015-wrapup, Feb. 2015. Accessed: 2015-10-5.

  • [26] R. McCarney, J. Warner, S. Iliffe, R. Van Haselen, M. Griffin, and P. Fisher. The Hawthorne Effect: a randomised, controlled trial. BMC medical research methodology, 7(1):1, 2007.

  • [27] R. Molich and J. Nielsen. Improving a human-computer dialogue. Communications of the ACM, 33(3):338–348, 1990.

  • [28] R. Morris and K. Thompson. Password security: A case history. Communications of the ACM, 22(11):594–597, 1979.

  • [29] J. Nielsen. Usability inspection methods. In Conference companion on Human factors in computing systems, pages 413–414. ACM, 1994.

  • [30] J. Nielsen. Summary of usability inspection methods, 2016. https://www.nngroup.com/articles/summary-of-usability-inspection-methods/.

  • [31] Nielsen Norman Group. Why you only need to test with 5 users. http://www.nngroup.com/articles/how-many-test-users/.

  • [32] G. Norcie, K. Caine, and L. J. Camp. Eliminating stoppoints in the installation and use of anonymity systems: A usability evaluation of the Tor Browser Bundle. In 5th Workshop on Hot Topics in Privacy Enhancing Technologies (HotPETS), 2012.

  • [33] B. D. Payne and W. K. Edwards. A brief introduction to usable security. IEEE Internet Computing, 12(3):13–21, 2008.

  • [34] M. Perry. Tor Browser Bundle 3.5 is released, Dec. 2013. https://blog.torproject.org/blog/tor-browser-bundle-35-released.

  • [35] M. Perry, E. Clark, and S. Murdoch. The design and implementation of the Tor Browser. Technical report, Tor Project, Mar. 2013. https://www.torproject.org/projects/torbrowser/design/.

  • [36] C. Rohrer. When to use which user-experience research methods, 2016. https://www.nngroup.com/articles/which-ux-research-methods/.

  • [37] S. E. Schechter, R. Dhamija, A. Ozment, and I. Fischer. The emperor’s new security indicators. In IEEE Symposium on Security and Privacy (S&P), pages 51–65, 2007.

  • [38] X. Suo, Y. Zhu, and G. S. Owen. Graphical passwords: A survey. In 21st Annual Computer Security Applications Conference (ACSAC’05), pages 10–pp. IEEE, 2005.

  • [39] D. Travis. Writing the perfect participant screener. http://www.userfocus.co.uk/articles/screeners.html. Accessed: 2016-04-06.

  • [40] User Experience Professionals Association. Usability body of knowledge: Cognitive walkthrough, 2016. http://www.usabilitybok.org/cognitive-walkthrough.

  • [41] VLC media player. https://www.videolan.org/vlc/.

  • [42] C. Wharton, J. Rieman, C. Lewis, and P. Polson. The cognitive walkthrough method: A practitioner’s guide. In Usability inspection methods, pages 105–140. John Wiley & Sons, Inc., 1994.

  • [43] A. Whitten and J. D. Tygar. Why Johnny can’t encrypt: A usability evaluation of PGP 5.0. In Usenix Security, 1999.

  • [44] P. Winter and S. Lindskog. How the Great Firewall of China is blocking Tor. Free and Open Communications on the Internet, 2012.

  • [45] P. Winter, T. Pulls, and J. Fuss. ScrambleSuit: A polymorphic network protocol to circumvent censorship. In Workshop on Privacy in the Electronic Society. ACM, 2013.

  • [46] Xlab: Experimental Social Science Laboratory. https://xlab.berkeley.edu/.

  • [47] K.-P. Yee. User interaction design for secure systems. In International Conference on Information and Communications Security, pages 278–290. Springer, 2002.


Zeitschrift + Hefte