Using Tor the Right Way

Tor (The onion router) provides a way to anonymize servers on the internet. If there’s content you want to publish while you remain anonymous, Tor is your primary option. Over 100,000 Tor sessions are used daily.

TOR ONION SERVICES

Tor Onion

Tor provides end-to-end security and self-certifying domain names. Servers are anonymous to clients, and clients are unknown to servers.

Onion domain names are based on an RSA key pair, an SHA-1 hash of the public key, truncated and encoded in a 16 character base32 string. If you know the domain, you know the public key. That’s handy, but the unwieldy domain name is hard to write and remember.

THE RESEARCH

In the paper How Do Tor Users Interact With Onion Services? Researchers from Princeton University looked at how people understand and use Tor. In addition to an online survey of 517 users, another 17 users completed semi-structured interviews.

Though 60 percent of the respondents had graduate degrees, many of them misunderstood critical aspects of Tor. The domain format, for example, is not well understood, leaving users open to phishing attacks or common typos.

Users also have problems discovering onion domains. Finally, users want better performance and more natural ways to track and verify onion domains.

TOR DOMAIN NAMES

Based on the user problems they found in their interviews and survey, the researchers offer a damning assessment of today’s onion services:

Onion services resemble the 1990s web: Pages load slowly, user interfaces are clumsy, and search engines are inadequate.

They go on to suggest a variety of design improvements, from an onion search engine to features as simple as the public internet’s padlock icon to indicate that onion service security is operational.

THE STORAGE BITS TAKE

Tor Bits

For all the shortcomings of commercial products – and they are legion – it is sobering to see Tor compared to the 90s web. Few non-commercial products, whose developers are almost always unpaid, have the resources of a commercial firm.

The good news is that the Princeton researchers have performed an essential task for Tor developers: market research. By finding what works – and what doesn’t – for users, they’ve given Tor developers valuable insight.

As more users wake up to the fact that their every move online is tracked, demand for privacy will grow. If Tor can become more user-friendly and communicate how its services protect privacy, it will play a much more critical role in protecting users from unwanted surveillance.