New Me: Understanding Expert and Non-Expert Perceptions and Usage of the Tor Anonymity Network
Reviewed by William Maxam / 2022-03-07
Keywords: Privacy, Usability
Tor is an anonymizing network originally built by researchers in 2002. Today it is used by over 1.7 million people daily for anonymization, the evasion of security controls, and other use cases. While some Tor users have a background in cybersecurity or software, many of its users are not especially technologically savvy.
In Gallagher2017, researchers sought to understand the difference in use-cases and in understanding across this spectrum of users. The first step to gaining this insight was to recruit Tor users to interview, which is a difficult task since Tor users are a population very sensitive to observation. Despite this difficulty, 17 subjects were recruited and interviewed. Then, using a 5 question post-interview test, the participants were categorized as either "expert" or "non-expert/novice" and the two groups were analyzed separately.
Many of the findings were not surprising:
- Experts reported using Tor as a tool for multiple use cases while novices typically had one use case. Some novices believed that their use case was all Tor was built for.
- When asked to "draw what happens when you use the Tor Browser Bundle" experts tended to draw technical diagrams, detailing the path Tor takes through the Tor network.
Other findings were less intuitive:
- Many novices described how Tor worked through metaphors primarily concerned with the social good. Some metaphors used were the "Tree of Knowledge", "Fort Knox", or "the Statue of Liberty".
- No major differences were found between the two groups in their understanding of the trade-offs between national security and Tor.
Despite the small sample size of the paper, the authors were able to observe some interesting contrasts that enabled them to make meaningful recommendations to assist novices' understanding or to address comments made by all users. For example, a recommendation given to the Tor project was to include more detailed route information in the browser to make it obvious that Tor is not a centralized service but one that uses nodes owned by different entities.
Gallagher2017 Kevin Gallagher, Sameer Patil and Nasir Memon: New Me: Understanding Expert and Non-Expert Perceptions and Usage of the Tor Anonymity Network. Proc. SOUPS 2017, 10.5555/3235924.3235955.
Proper use of an anonymity system requires adequate understanding of how it functions. Yet, there is surprisingly little research that looks into user understanding and usage of anonymity software. Improper use stemming from a lack of sufficient knowledge of the system has the potential to lead to deanonymization, which may hold severe personal consequences for the user. We report on the understanding and the use of the Tor anonymity system. Via semi-structured interviews with 17 individuals (6 experts and 11 non-experts) we found that experts and non-experts view, understand, and use Tor in notably different ways. Moreover, both groups exhibit behavior as well as gaps in understanding that could potentially compromise anonymity. Based on these findings, we provide several suggestions for improving the user experience of Tor to facilitate better user understanding of its operation, threat model, and limitations.