Open access


Although Tor has state-of-the art anticensorship measures, users in heavily censored environments will not be able to connect to Tor if they cannot configure their connections. We perform the first usability evaluation of Tor Launcher, the graphical user interface (GUI) that Tor Browser uses to configure connections to Tor. Our study shows that 79% (363 of 458) of user attempts to connect to Tor in simulated censored environments failed. We found that users were often frustrated during the process and tried options at random. In this paper, we measure potential usability issues, discuss design constraints unique to Tor, and provide recommendations based on what we learned to help more users connect to Tor while reducing the time they take to do so. Tor Browser incorporated the changes proposed by this study.

If the inline PDF is not rendering correctly, you can download the PDF file here.

  • [1] A. Adams and M. A. Sasse. Users are not the enemy. Communications of the ACM 42(12):40–46 1999.

  • [2] D. Akhawe and A. P. Felt. Alice in warningland: A large-scale field study of browser security warning effectiveness. In Presented as part of the 22nd USENIX Security Symposium (USENIX Security 13) pages 257–272 2013.

  • [3] W. Albert and T. Tullis. Measuring the user experience: collecting analyzing and presenting usability metrics. Newnes 2013.

  • [4] Alexa: The top 500 sites on the web.

  • [5] Y. Angel and P. Winter. obfs4 (the obfourscator) May 2014.

  • [6] R. Böhme and J. Grossklags. The security cost of cheap user interaction. In Proceedings of the 2011 workshop on New security paradigms workshop pages 67–82. ACM 2011.

  • [7] R. Böhme and S. Köpsell. Trained to accept? a field experiment on consent dialogs. In Proceedings of the SIGCHI conference on human factors in computing systems pages 2403–2406. ACM 2010.

  • [8] BridgeDB.

  • [9] J. Clark P. C. Van Oorschot and C. Adams. Usability of anonymous web browsing: An examination of Tor interfaces and deployability. In 3rd Symposium on Usable Privacy and Security pages 41–51. ACM 2007.

  • [10] R. Dhamija and A. Perrig. Déjà Vu: A user study using images for authentication. In USENIX Security Symposium volume 9 pages 4–4 2000.

  • [11] R. Dhamija J. D. Tygar and M. Hearst. Why phishing works. In SIGCHI conference on Human Factors in computing systems pages 581–590. ACM 2006.

  • [12] R. Dingledine and N. Mathewson. Anonymity loves company: Usability and the network effect. In R. Anderson editor Fifth Workshop on the Economics of Information Security June 2006.

  • [13] R. Dingledine N. Mathewson and P. Syverson. Tor: The second-generation onion router. In 13th USENIX Security Symposium August 2004.

  • [14] K. P. Dyer S. E. Coull T. Ristenpart and T. Shrimpton. Protocol misidentification made easy with Format-Transforming Encryption. In Computer and Communications Security. ACM 2013.

  • [15] S. Egelman L. F. Cranor and J. Hong. You’ve been warned: an empirical study of the effectiveness of web browser phishing warnings. In SIGCHI Conference on Human Factors in Computing Systems pages 1065–1074. ACM 2008.

  • [16] S. Egelman D. Molnar N. Christin A. Acquisti C. Herley and S. Krishnamurthi. Please continue to hold. In Ninth Workshop on the Economics of Information Security 2010.

  • [17] B. Fabian F. Goertz S. Kunz S. Müller and M. Nitzsche. Privately waiting: A usability analysis of the Tor anonymity network. In Sustainable e-Business Management Lecture Notes in Business Information Processing 58 pages 63–75. Springer 1 edition 2010.

  • [18] D. Fifield N. Hardison J. Ellithorpe E. Stark D. Boneh R. Dingledine and P. Porras. Evading censorship with browser-based proxies. In Privacy Enhancing Technologies pages 239–258 Berlin Heidelberg 2012. Springer-Verlag.

  • [19] D. Fifield C. Lan R. Hynes P. Wegmann and V. Paxson. Blocking-resistant communication through domain fronting. Privacy Enhancing Technologies 1(2):1–19 2015.

  • [20] S. L. Garfinkel and R. C. Miller. Johnny 2: a user test of key continuity management with S/MIME and Outlook Express. In 2005 symposium on Usable privacy and security pages 13–24. ACM 2005.

  • [21] N. S. Good J. Grossklags D. K. Mulligan and J. A. Konstan. Noticing notice: a large-scale experiment on the timing of software license agreements. In Proceedings of the SIGCHI conference on Human factors in computing systems pages 607–616. ACM 2007.

  • [22] G. Kadianakis and N. Mathewson. obfs3 (the threebfuscator) Jan. 2013.

  • [23] G. Koppen. Tor Browser 5.0.3 is released Sept. 2015.

  • [24] K. Krol J. M. Spring S. Parkin and M. A. Sasse. Towards robust experimental design for user studies in security and privacy. In Learning from Authoritative Security Experiment Results (LASER) pages 21–31 San Jose CA 2016. USENIX.

  • [25] L. Lee and D. Fifield. UX Sprint 2015 wrapup. Feb. 2015. Accessed: 2015-10-5.

  • [26] R. McCarney J. Warner S. Iliffe R. Van Haselen M. Griffin and P. Fisher. The Hawthorne Effect: a randomised controlled trial. BMC medical research methodology 7(1):1 2007.

  • [27] R. Molich and J. Nielsen. Improving a human-computer dialogue. Communications of the ACM 33(3):338–348 1990.

  • [28] R. Morris and K. Thompson. Password security: A case history. Communications of the ACM 22(11):594–597 1979.

  • [29] J. Nielsen. Usability inspection methods. In Conference companion on Human factors in computing systems pages 413–414. ACM 1994.

  • [30] J. Nielsen. Summary of usability inspection methods 2016.

  • [31] Nielsen Norman Group. Why you only need to test with 5 users.

  • [32] G. Norcie K. Caine and L. J. Camp. Eliminating stoppoints in the installation and use of anonymity systems: A usability evaluation of the Tor Browser Bundle. In 5th Workshop on Hot Topics in Privacy Enhancing Technologies (HotPETS) 2012.

  • [33] B. D. Payne and W. K. Edwards. A brief introduction to usable security. IEEE Internet Computing 12(3):13–21 2008.

  • [34] M. Perry. Tor Browser Bundle 3.5 is released Dec. 2013.

  • [35] M. Perry E. Clark and S. Murdoch. The design and implementation of the Tor Browser. Technical report Tor Project Mar. 2013.

  • [36] C. Rohrer. When to use which user-experience research methods 2016.

  • [37] S. E. Schechter R. Dhamija A. Ozment and I. Fischer. The emperor’s new security indicators. In IEEE Symposium on Security and Privacy (S&P) pages 51–65 2007.

  • [38] X. Suo Y. Zhu and G. S. Owen. Graphical passwords: A survey. In 21st Annual Computer Security Applications Conference (ACSAC’05) pages 10–pp. IEEE 2005.

  • [39] D. Travis. Writing the perfect participant screener. Accessed: 2016-04-06.

  • [40] User Experience Professionals Association. Usability body of knowledge: Cognitive walkthrough 2016.

  • [41] VLC media player.

  • [42] C. Wharton J. Rieman C. Lewis and P. Polson. The cognitive walkthrough method: A practitioner’s guide. In Usability inspection methods pages 105–140. John Wiley & Sons Inc. 1994.

  • [43] A. Whitten and J. D. Tygar. Why Johnny can’t encrypt: A usability evaluation of PGP 5.0. In Usenix Security 1999.

  • [44] P. Winter and S. Lindskog. How the Great Firewall of China is blocking Tor. Free and Open Communications on the Internet 2012.

  • [45] P. Winter T. Pulls and J. Fuss. ScrambleSuit: A polymorphic network protocol to circumvent censorship. In Workshop on Privacy in the Electronic Society. ACM 2013.

  • [46] Xlab: Experimental Social Science Laboratory.

  • [47] K.-P. Yee. User interaction design for secure systems. In International Conference on Information and Communications Security pages 278–290. Springer 2002.

Journal information
Cited By
All Time Past Year Past 30 Days
Abstract Views 0 0 0
Full Text Views 527 314 9
PDF Downloads 257 139 5