Strength in Numbers: Usable Tools Don’t Need To Be Invasive
This post is one in a series of blogs to complement our 2018 crowdfunding campaign, Strength in Numbers. Anonymity loves company and we are all safer and stronger when we work together. Please contribute today, and your gift will be matched by Mozilla.
Usability is about making sure anyone, no matter their technical background, can use a tool. Usability and user experience (UX) work has gained a lot of importance in the last decade as the tech industry has grown. To improve user experience, most of the tech industry relies on analyzing their users’ behavioral data to drive decision making. Mechanisms for collecting this data are often invasive and performed without consent from users, who may never be told their behavior is being analyzed for this purpose. The same means used to collect behavioral data is also responsible for aiding the surveillance economy.
Tor does things differently. We refuse to collect this type of invasive data. Our approach to usability is built on respecting and safeguarding the privacy of our users. We test our hypotheses and make observations in the safest way possible; in most cases, we do this work in-person with our users, not by collecting data about their behavior.
This year, we have focused on connecting with communities in what is sometimes referred to as the Global South. We have met with Tor users in India, Uganda, Colombia, and Kenya. This immersion has allowed us to carry out usability tests in person, so we can see first-hand if what we are building is serving people in different contexts with different levels of technical understanding. Knowing the reality of our users helps us understand their context, empathize with them, and consider solutions to meet their needs.
Running small-scale, short, open-ended, qualitative user tests on specific improvements we could make to Tor Browser allows us to get to know our users better and can bring their various mental models and levels of technical knowledge to light. In the evaluations we carried out, 93% of the people we met said they thought they needed some protection online, but there was a shortage of knowledge about what to do about it.
We met people like Jon, an environmental activist and journalist in Hoima, Uganda, who uses Tor to anonymously publish his blog.
Hoima is an oil city located 200 kilometers from Kampala, the capital of Uganda, where some 30,000 people live. Alison Macrina, leader of the Community team, and I, as part of the Usability team, visited Hoima in April this year to run a digital security workshop and conduct user tests with a group of environmental activists. Five minutes after the workshop started, the light was cut off. When we talk about access, we need to consider whether or not there is available technical infrastructure ready to allow users to access the open web. We found that in addition to infrastructure challenges, several threats--including the hijacking of electronic devices by local police, or the current political party in power, forcing journalists to declassify their sources--were common in most of those communities.
Conducting these usability tests allows us to reach people who use our software in extreme conditions, with poor infrastructure, expensive data packages, or old hardware and learn how we can better build tools for their needs. It would be selfish not to ask ourselves about these contexts and put those user stories in our software development roadmap. Creating technology that respects our users is a design decision, and one that we have always chosen.
We believe that if we can make our product usable for people without technical knowledge, all users will benefit, and that is what we’re striving for. Your donation can help us reach this goal by allowing us to visit more people around the world who use Tor and collect their feedback face to face, rather than by using invasive means like the rest of the industry.
In 2019, we need to reinforce our efforts to make secure and private browsing usable and to empower our community in solidarity. Our impact is not defined by numbers, but by bringing a user experience that helps real people to access the internet safely. You can help us reach this goal by making a donation. If you give before the end of 2018, Mozilla will match your donation, and you’ll have twice the impact.
The upload of popcon results is not plaintext, it is encrypted with GPG. There is also work in progress to move to using HTTPS instead of HTTP (https://bugs.debian.org/880121) for the upload. One issue is that this creates a dependency on ca-certificates which a user may not want to have installed because they actually don't want to trust the CAs. An Onion service would solve this issue as the address is self-authenticating, but would require a dependency on tor.
Some things in Debian already use tor if it is available. One application is dirsrv from GnuPG which will fetch keys over Tor if a client is available. It would be cool to see popularity-contest do something similar.
If everyone installs tor to upload their popcon results but then doesn't use it again, this is a lot of clients that are trying to keep their consensus up-to-date but without actually using the network which would be another thing to consider.