SPICE Professor Patil Publishes Research on Making Tor A Better Used Tool For Online Anonymity

Achieving anonymity online is becoming more and more challenging. At the same time, consequences for online privacy breaches can be devastating. Anonymity is also critical for civil liberties (e.g., political dissent) and protecting oneself from harm (e.g., avoiding stalking or abuse). As a result, effective tools for online anonymity are becoming increasingly vital.

One of most widely used anonymity tools is the Tor Browser Bundle (TBB), which operates on top of the Tor anonymity network. Use of Tor for privacy protection has been growing steadily in recent years. Tor is used by millions of individuals every day, many of whom use it to escape potential discovery and persecution. It is an invaluable tool for journalists, activists, and individual citizens who wish to evade online surveillance. However, achieving effective anonymity with TBB and Tor requires appropriate understanding of how Tor operates and which threats it addresses.

Yet, Professor Sameer Patil’s research found that a notable proportion of Tor users, including experts, exhibit incomplete and/or inaccurate understanding of Tor’s operational details and threat model. He highlights the nature of these gaps in understanding in the paper, “New Me: Understanding Expert and Non-Expert Perceptions and Usage of the Tor Anonymity Network,”  presented at the thirteenth Symposium on Usable Privacy and Security (SOUPS 2017).

SOUPS is a three-day conference focused on the user experience and usability of privacy and security tools and technologies. This year it was held in Santa Clara, CA.

Patil's paper, co-authored with Ph.D. student Kevin Gallagher, and Prof. Nasir Memon of New York University (NYU), focused on how expert and non-expert users conceptualize Tor operation and threat modeling. Studying Tor users can be challenging, partly because of the relatively small proportion of the population that uses Tor and partly because Tor users tend to be highly privacy-conscious. The researchers cast a wide net to recruit study participants, using Reddit, Craigslist, and mailing lists. Overall, Patil and his collaborators interviewed 17 participants: 6 experts and 11 non-experts. Participant occupations covered a spectrum of technical sophistication from penetration tester to fitness trainer.

The in-depth interviews on Tor use and understanding uncovered several gaps between actual operation and user understanding that, in turn, resulted in users having an inaccurate sense of their privacy and security while using Tor. The belief that one has more privacy than is actually the case can potentially compromise the anonymity one seeks, thus raising risk. In contrast, believing that one has less privacy than is actually the case undermines the effectiveness of Tor at supporting one’s task and could also create a chilling effect. Based on these findings, the researchers have proposed a number of solutions that can help bridge the gaps in understanding and provide a more effective Tor user experience. Implementing and evaluating these solutions is the challenge Patil is taking on next.

“A typical goal of Human Computer Interaction research is creating user experiences that facilitate effective use of a system without requiring deep knowledge of the underlying operation, thus making it easily accessible to non-experts. … However, a key aspect where Tor differs from typical systems is its use as a privacy and security tool, sometimes under circumstances of great importance as well as danger. As such, an incomplete or inaccurate understanding of its operational details has the potential for individual as well as societal harm. These risks lead to a tension between the need to promote technical understanding of the operational detail and the goal of making such knowledge unnecessary as a requirement for the correct use of the system. Addressing the issues uncovered by our findings could be a step in the direction of mitigating the potential risks and resolving the tension between the simultaneous needs for revealing as well as abstracting away the technical details of Tor operation.”

Ultimately, the anonymity protection and utility of systems such as Tor increases as its user base grows. Solutions proposed by Patil’s research can help make Tor’s user experience more effective for a non-expert population, thus broadening its adoption and effectiveness not just for protecting the individuals who rely on it, but also for asserting civil liberties.