We recently ran a survey on the usability of Tor and onion services [0]. I had a closer look at how our respondents perceive the prop224 domain format and wanted to share some early insights. The original survey question was:
The Tor Project is currently working on the next generation of onion services. The new onion domain format will consist of 52 characters, for example: a1uik0w1gmfq3i5ievxdm9ceu27e88g6o7pe0rffdw9jmntwkdsd.onion Do you expect this to change your browsing habits?
591 users answered this question. 95 (16%) selected that prop224 domains will change their habits while the remaining 496 (84%) selected that their habits won't be affected.
Respondents who believe that their habits will change (16%) gave the following reasons:
- Several users memorise a number of onion domains -- most prominently Facebook's onion domain and self-hosted domains. They write that memorising domains will no longer be possible, and they will look into bookmarking tools. Several users voiced concern about the confidentiality of their bookmarks, so they are looking into ways to encrypt them.
- Similarly but less commonly, users voice concerns that communicating, typing, and writing down prop224 domains will no longer be feasible.
- A small number of users write that it will be harder to recognise onion domains. Alarmingly, one user mentioned that the lack of a discernible prefix will make it hard to recognise genuine domains, suggesting that they rely on an onion domain's easy-to-spoof vanity prefix.
- A user suggested to add spaces to prop224 domains to "make the address more visually appealing."
Respondents who believe that their habits will *not* change (84%) gave the following reasons:
- The majority of this crowd never bothered to memorise onion domains and uses bookmarks. A bunch of users store domains in text files and an even smaller bunch uses search engines to rediscover domains. In general, most people in this category treat onion domains as an opaque identifier.
- Some users write that the additional inconvenience is likely worth the extra security and anonymity.
- Some users mention Reddit as their primary way of discovering onion domains.
Judging by the above, I believe that the new domain format is among the minor usability issues surrounding onion services. In fact, an easy-to-remember domain format ranks last among the six criteria whose importance we asked users about. On a five-point Likert scale ranging from "not at all important" to "very important," we got the following results:
- 77% think that quality of content is at least somewhat important. - 70% think that a search engine (like Google) for onion services is at least somewhat important. - 66% think that diversity of content is at least somewhat important. - 62% think that page load time is at least somewhat important. - 43% think that having an onion service version of popular services such as Facebook is at least somewhat important. - 26% think that an easy-to-remember domain format is at least somewhat important.
However, our survey data is likely biased towards a particularly young and educated crowd that's presumably less bothered by technological hurdles, which may be why they can afford to care more about content.
[0] https://blog.torproject.org/take-part-study-help-improve-onion-services
Cheers, Philipp
Interesting.
Do we have a consensus on the length of the "run them in parallel" / cutover period from old-to-new?
I would be inclined to keep older addresses around for up to 3 years before trying to kill them entirely, because of such tor-adoption-curve concerns.
NB: this would still be massively faster than the IPv4 -> IPv6 transition. :-)
- alec
On 27 September 2017 at 21:26, Philipp Winter phw@nymity.ch wrote:
However, our survey data is likely biased towards a particularly young and educated crowd that's presumably less bothered by technological hurdles, which may be why they can afford to care more about content.
Your survey is obviously massively biased towards users of Tor. It would be really interesting to know what non-users think.
On Wed, Sep 27, 2017 at 10:25:04PM +0100, Ben Laurie wrote:
On 27 September 2017 at 21:26, Philipp Winter phw@nymity.ch wrote:
However, our survey data is likely biased towards a particularly young and educated crowd that's presumably less bothered by technological hurdles, which may be why they can afford to care more about content.
Your survey is obviously massively biased towards users of Tor.
It's *only* Tor users, to be precise.
On 27 September 2017 at 22:25, Ben Laurie ben@links.org wrote:
Your survey is obviously massively biased towards users of Tor. It would be really interesting to know what non-users think.
Yes and no; I can totally see that from a user-experience perspective, it would be exciting research to rock up to someone and say:
"Here's a really long URL, how does it make you feel?"
…and (at least) in this matter, Prop224 Onion addresses are subjectively less intimidating than:
https://%5B2001:0db8:85a3:0000:0000:8a2e:0370:7334%5D/foo.html
…even though both of them are representations of Layer-3/similar machine-readable addresses*
*However*, there is such a thing as "inviting people to beat you up in such a way as to draw media criticism without plausible likelihood for constructive input", and I feel that this would be onesuch.
Experiential evidence:
1) the number of people who've told me in-past that Email addresses are unusably unmemorable, except somehow 30..40 years later we are still using them, and have developed coping strategies, eg: address books.
2) the number of people who've told me in-past that IPv4 addresses are unusably unmemorable, except for 8.8.8.8 and 192.168.1.1 which somehow are enough for people to bootstrap access to the rest of the internet, and use various coping strategies (eg: DNS, bookmarks)
3) the number of people who've told me in-past that Old-Style Onion addresses are unusably unmemorable, until (as mentioned above) Facebook and a few other good ones got mined, and people started taking Onion networking mildly seriously as a means of more-secure enterprise communication… Oh, and bookmarks as a coping strategy.
4) phone numbers. unusably unmemorable. coping strategies: in-phone address books + address-book synchronisation. etc etc etc.
So: can we do better with Onion UX? Certainly.
Should we research improvements to user experience? Absolutely.
Should Tor invite opinionated people to come piss all over its equivalent of https://%5B2001:0db8:85a3:0000:0000:8a2e:0370:7334%5D/foo.html? Probably not. Just my opinion. I don't feel it would benefit anyone except (a) haters, and (b) academics who research only "what doesn't work" because researching "what /does/ work" is beyond the scope of their funding.
-a
* explanatory thread: https://twitter.com/AlecMuffett/status/802161730591793152
-
Alec Muffett -
Ben Laurie -
Philipp Winter