Take Part in a Study to Help Improve Onion Services

by phw | August 16, 2017

Update 2017-09-11: We have collected several hundred responses, so we are now closing the survey to begin data analysis. Thanks for your help!

I am a postdoc at Princeton University studying computer security and human-computer interaction. My colleagues and I want to understand how Tor users interact with onion services (formerly known as hidden services). The goal of our study is to understand your expectations, assumptions, and habits when browsing onion services. For example, we are wondering: How do you keep track of onion domains? How do you discover new onion services? How do you know an onion service is legitimate and not an impersonation? By answering these questions, we can identify usability issues and build better anonymity technology.

We want to hear from you

If you’ve used onion services, we’d like to hear from you! To be eligible, you must be 18 years or older, have used onion services in the past, and ideally you aren’t an expert in the field. There are two ways you can participate:

  1. Fill out our survey. It will only take approximately ten minutes to complete, and you’ll help us a lot.
  2. Sign up for an interview. To compensate you for your time, we can offer you an Amazon or an Apple gift card worth 20 USD if we select you.

You can learn more about our project over at: nymity.ch/onion-services. Both the survey and interview will be very valuable to our study and the future of onion services. We look forward to learning about your experiences!


Please note that the comment area below has been archived.

August 16, 2017


Onion services (vegetable planet?), hrm... Let's see: SHA, RSA1024, no E2E encryption (only between Tor nodes)... Oh, EV-certs - good, and they show an owner to avoid impersonation - very good. Tor Browser should provide a service to validate .onion domains, like EV-certs do.
How users will keep track of NGOS domains, that's the question.
You need something like https://observatory.mozilla.org for .onions to help fix them.

August 16, 2017


Followed the link, got told to enable javascript, not going to enable javascript... be sure to note this self-selection bias.

And you really think that Princeton or whoever slept with them will waste a 0day for Firefox just to hack, what, the 200 people who may do this small survey?

What matters in such discussions is not whether some hypothetical course of action (e.g. making an effort to mess with the people who participate in the survey) makes sense to you or me, but whether it makes sense to some lavishly funded spook organization. And in consideration of their version of the "big picture", something which might on the face of it make little sense to you might make a great deal of sense to them. And vice versa.

> and whoever slept with them


Plus one.

Phillipp may be a very nice fellow, but we (probably) do not know him and may not be willing to spend very much time weighing the potential risks of responding to his survey, against the benefit to society of continuing to use Tor and onions the way that we use them in order to advance social justice and environmental causes, etc., hopefully without potential adversaries such as state-sponsored attackers learning too much about how we use technology to further our goals, which are often contrary to the public and/or hidden agenda of powerful and dangerous governments.

You wouldn't agree that it is the biggest attack surface available in a browser?$
The Tor Browser already does a good job disabling dangerous options in the higher security slider levels, the last big target (that has to stay) is Javascript.

Listen we all know that plug-ins are bad for security purposes. This includes JavaScript, Noscript Inside the Tor Browser is a great counter for this and has been tested through many browser anonymity test systems. Such as Ip-check which provides Security check/Anonymity
I agree Tor Should have a UA spoofer of their own so that we don't have to depend on Unknown sources.
I been dealing with security for 5+ years I would love to see further security improvement. User-Agent, Some type of software robot which can indicate a bad node. Coralation attacks are a bitch...We attempted to evade this technique by changing identities every 5-10mins to perform a coralation attack it takes time and a lot of resources. So it won't happen within a 10min timeframe.

August 16, 2017


(1) Survey does not work in Tor because JS must be enabled. (facepalm)
(2) Do you really think that people will vouch their identities in an interview for $20 and thus have their real life identities tied to the fact they use an onion service!! You be crazy man. Every spook in the world would be panting like a mad dog for that data.

Do you subscribe to Linux Journal? If so you are on the list now for some time. You searched for Tor? They are watching you/me and everyone they have seen on any search engine looking for Tor. NSA has a script for all the above which I have part of. Frankly I don't give a damned if they know I use Linux and or Tor. I am a patriot and a natural born Citizen and served in Vietnam. The only people who should worry about me are traitors to the country.

August 16, 2017


I'm hosting legal websites on Onion, and I would like to help BUT...

1. Your survey is hosted on Google form? WTF? Don't you know people use Tor dislike or avoid Google? We don't want to solve captcha or deal with google. Host it someplace else, such as Riseup. Make sure it work without Javascript(cookie is ok).

2. What kind of "interview"? If this is a chat, I'm ok. If this require face-to-face, no thanks, I'm Anonymous.

> Your survey is hosted on Google form?

Nope. princetonsurvey.az1.qualtrics.com.

Maybe JavaScript is required. But maybe JavaScript isn't the omnipotent boogieman that people make it out to be.

August 18, 2017

In reply to pastly


You didn't answer my question #2.

Anyway, I've contributed to your questionaire, but when I reach page 5(IIRC) and click next
button, your server return deny error. I've already wrote about this yesterday but this blog's moderator
didn't approve my comment. WTF.

You should host it someplace else where Tor access is allowed.

Regarding your second question: We are flexible and can accommodate different needs. While we prefer to talk to people (it takes less time because the bandwidth is higher), there's nothing preventing us from doing text chat instead.

August 17, 2017


Sorry, but same here. I clicked on the link, I was asked to enable javascript, I immediately closed the tab -- no thanks.

I could go on a rant about fingerprinting, why people use tor browser in the first place, how the security slider works, but, hey, it's your project and your stats.

August 17, 2017


I completed the survey, but here are some things you should take into account:
- I don't want to use Google and I wish people stopped using their products
- your survey and Google Forms require JavaScript and a lot of people refuse to execute any closed source programs or scripts on their computers for security reasons
- I personally wouldn't use Amazon and identify myself to you or to them to get a gift card

August 19, 2017


The "for quality purpose, please only select X" questions in the survey was very confusing. I did not follow the instruction for the first one because I don't understand. I believe it is used to check whether the answer was done as spam, or whether the participants read the instructions carefully. I made a wrong choice, did it render all my time and answers useless and to be filtered out as spam -(

Don't worry, it won't render your answers useless! Like you suspect, these are attention checks, and are used to weed out responses where someone didn't pay attention. Many surveys use only one check and dump responses that failed the check. We have four of them, allowing us to determine someone's degree of attention, so a single failed check doesn't matter.

You're not the only one who was confused by this, so the phrasing could clearly have been better.

You're not the only one who was confused by this, so the phrasing could clearly have been better.

I think it's because when I saw "Mac PC iPhone Android" I immediately rushed to answer, but unlike the other commentator I stopped the survey once I realized that and did it again from the beginning.

We will have a look at how people dealt with these checks and, if necessary, come up with heuristics to keep survey responses that failed the checks. For example, many respondents wrote extensively in the free forms, which shows that they clearly paid attention.

Also, thanks for participating!

August 21, 2017


what is the protection on tor.22.1. I need to know the shield percentage, i'm running 43.5 tor browser with only 65% percentage if i upgrade to 22.1 will my protection reach the high 90's?

August 23, 2017


Can Tor include a CA certificate with TBB that hidden service users can create SSL certificates that are valid for use withTor Browser (the browser does not complain)? Tor owns and has complete control over TorBrowsers development and users cannot use normal browsers to access onions services anyways. A secondary SHA256 or other failsafe hash check could be done to verify that the original certificate created for a given hidden service is in fact the originally created certificate to prevent hostile third parties from creating additional certificates for the same onion address (notwithstanding revocation of the certificate by the valid owner). This would allow E/E encryption and ability of users to create anonymous ssl certificate with the Tor Certificate Authority. Conventional CA being out of the loop cannot be compelled by governments or legal types to release the identity of the site owner. The user created sites can be signed by Tor CA certificate so TorBrowser is happy. Such certificates can also be made quite strong, such as 4096 bits.

August 24, 2017


We use onions with OnionCat, this gives our communities private IPv6 addresses (IP-all_protocol) transport, so that we can do cool stuff that you simply cannot do with (onion-TCP). We routinely use voice / video and filesharing apps, among other network and support functions and even tie into CJDNS, etc.

Tor needs to continue offering an 80bit onion service.

August 24, 2017


I use Tor all the time. But I've never visited an onion site in my life. BBCnews, weather, searching for academic papers, everything. Except hidden sites.
So the headline is misleading - you are not interested in Tor users per se, you are interested in hidden site users.

Phillipp, what about the selection bias issue?

I fear that your survey is based upon incorrect assumptions about the most interesting ways in which people use onions, but if you select out responses from the most imaginative innovators, you'll never learn that.

Maybe that is a good thing. Our community is under existential political as well as technical threat, and we probably don't want to make it too easy for the bad guys to learn how we use onions.


> This research was supported in part by the Center for Information Technology
Policy at Princeton University.

Who else funded it? Or are you not permitted to say? If you are allowed to talk, why be coy?

> Phillipp, what about the selection bias issue?

All research questions are limited in scope and you gotta draw the line somewhere. Without a doubt there's much to be learned about the "most imaginative innovators" but in this work we focus on casual, non-technical users because this demographic constitutes the bulk of Internet users.

There are other studies that investigate research questions close to ours. See for example:

Gallagher et al.'s SOUPS'17 paper: https://www.usenix.org/system/files/conference/soups2017/soups2017-gall…
Lee et al.'s PETS'17 paper: https://petsymposium.org/2017/papers/issue3/paper2-2017-3-source.pdf

> Who else funded it? Or are you not permitted to say? If you are allowed to talk, why be coy?

The National Science Foundation.

Also, you are quoting a paper draft. A lot is missing or incomplete in the draft, so please don't jump to any conclusions.

Thanks, Phillipp. Your response is much appreciated.

IMHO you should have stated up front that the sponsor is NSF. Even better if you can honestly say "neither myself nor anyone in group has taken funds from DARPA, IARPA, NSA...". Or even "I participate in the NSA boycott". You might be surprised how willing people might be to take your word for it, if you unambiguously state that you have nothing to do with the bad guys. It would at least show you are aware of the reasons why we might be unwilling to take unecccessary risks.

Good luck with your survey (assuming it is not another Carnegie-Mellon style trick).

Typically, funding in academia doesn't involve the funding agency telling the researchers what to do. In general, you come up with an interesting project, write a proposal, and then go to funding agencies, hoping that either one will fund your work. If someone does, you're supposed to thank them in the acknowledgement section of your paper. In our case the NSF (or anyone, really) did not tell us to work on this. Neither did we go to the NSF and ask for money to work on this. Instead, we chose to work on this and my employer used an existing research grant to fund the work.

August 26, 2017


Just a heads-up but the survey requires unblocking the tracker "Qualtrics" if you use Ghostery.

You can download Tor Browser Bundle (TBB) at www.torproject.org; get the version appropriate for your OS and your CPU (64 or 32 bit CPU). You unpack this file (compressed tarball) anywhere convenient on your hard drive (or even a USB stick), then run the startup script to start Tor Browser. This should run without any configuration or other downloads neccessary and will enable you to surf "clearnet" and to use onions (e.g. OnionShare).

You should be sure to use the detached signature to verify the compressed tarball before you unpack it. You need GPG to do that, which is free and can be installed without Tor.

August 28, 2017


Interesting stuff, will you be publishing the study's results here?

September 03, 2017


You can make it better feedback by no require javascript and no google related form.
Just curious that why you don't.