EFF: TorGUIContest113005

Please download to get full document.

View again

of 19
All materials on our website are shared by users. If you have any questions about copyright issues, please report us to resolve them. We are always happy to assist you.
Categories
Published
FoxTor A Tor Design Proposal CMU Usable Privacy and Security Laboratory November 30, 2005 1.0 Design Overview..................................................................................................................... 2 1.1 1.2 1.3 1.4 2.0 Goals and Priorities ............................................................................................2 Design Principles................................................................................................2 Design Approach..
    FoxTor A Tor Design Proposal November 30, 2005 1.0   Design Overview.....................................................................................................................2   1.1   Goals and Priorities............................................................................................2   1.2   Design Principles................................................................................................2   1.3   Design Approach................................................................................................3   1.4   Assumptions.......................................................................................................3   2.0   Target Users...........................................................................................................................4   2.1   Users with critical privacy needs........................................................................4   2.2   Users with selective privacy needs....................................................................4   2.3   Users with basic privacy needs..........................................................................4   3.0   Tor User Interface Design.......................................................................................................5   3.1   Installation Wizard..............................................................................................5   3.2   FoxTor Configuration..........................................................................................9   3.2.1   Mask Manager...........................................................................................9   3.2.2   FoxTor Privacy Configuration..................................................................12   3.2.3   Cookie Manager......................................................................................14   3.3   System Tray Application...................................................................................16   3.3.1   Traffic Monitor..........................................................................................16   3.3.2   Privacy Needs.........................................................................................17   4.0   Appendix: User Study...........................................................................................................19   4.1   Setup................................................................................................................19   4.2   Observations....................................................................................................19   4.3   Student Feedback............................................................................................19   This document has been submitted to the Tor GUI competition by members of Carnegie MellonUniversity’s Usable Privacy and Security (CUPS) Laboratory: Lorrie Faith Cranor, SergeEgelman, Jason Hong, Ponnurangam Kumaraguru, Cynthia Kuo, Sasha Romanosky, JaniceTsai, and Kami Vaniea. CMUUsablePrivacy andSecurityLaboratory    2 1.0 Design Overview 1.1 Goals and Priorities Based on the information provided on the Tor GUI Contest website, observations made during asmall user study (described in the Appendix), and discussions about potential Tor users, wedeveloped the following goals for this submission:1) To provide an intuitive method for installing Tor suitable to each user’s needs, andwithout requiring them to understand the underlying technology2) To provide clear indication as to whether an application is using Tor or not3) To provide the ability to easily enable or disable Tor for any given applicationThe first goal was motivated by the observation that Tor is currently difficult to install and thatusers are generally unfamiliar with onion routing, proxy servers, and other components requiredfor anonymous browsing. We recognize users have differing needs and we want to allow them toconfigure Tor by specifying their needs rather than forcing them to understand a multitude ofconfiguration options.The second goal was motivated by the information on the contest website as well as our ownobservations that users are often confused about whether or not their traffic is passing throughTor.The third goal was motivated by our observation that some users would not use Tor if it sacrificednetwork performance or prevented them from visiting web sites or using certain applications. Wespeculate that once Tor is turned off, they may forget (or not take the effort) to turn it back on. Wetherefore wanted to make it easy for users to bypass Tor when necessary without disabling itcompletely. 1.2 Design Principles We designed our GUI with the following principles in mind: ã Increase the usability of Tor: - Minimize the number of steps required to perform an action -- reducing the number ofsteps to one whenever possible; and - Allow users to easily discern the status of Tor and to turn Tor on or off as needed; ã Simplify the configuration of Tor: - Allow users to select a configuration based on their needs  , rather than forcing them tospecify particular settings; - Specify default settings applicable to the majority of users so that users are not requiredto make configuration decisions that they are not qualified to make; and - Design the advanced configuration options in a manner that makes them clear and easyto access.    3 1.3 Design Approach While there are many applications that might benefit from having their traffic passed through Tor,we believe that anonymous web browsing is likely to be the most common use of Tor. Wetherefore propose a version of the Firefox web browser named “FoxTor” which will be distributedas a package that includes Firefox (with a set of extensions that implements our Tor userinterface), Tor, Privoxy, and a Tor system tray application. 1 To users, FoxTor would appear as asingle anonymous web browsing application that is also capable of anonymizing traffic associatedwith any other networked application.During the installation of FoxTor, users will have the ability to configure all or only particularapplications to use Tor. In order to have all applications use Tor, a network interface componentmust intercept and pass all traffic through Tor. For applications other than FoxTor, additionalsoftware would be needed to provide Tor-related controls (that could be developed anddistributed with the FoxTor package).Within FoxTor, users can enable and disable anonymous browsing both within tabbed panels andstandalone windows. We use the metaphor of Masked and Unmasked personas to indicatewhether a browser window or application is invoking Tor. We believe this is to be a metaphor thatusers will relate to easily and understand quickly from appropriate visual indicators. 2 Users canalso adjust Tor behavior according to their privacy vs. performance needs without disabling Torcompletely.Note that only the design concept (and not the code) for FoxTor has been included in thisproposal. We recommend performing a paper prototype evaluation of our design as a next step. 1.4 Assumptions We make the following assumptions: ã Users have some awareness of the level of privacy they want (or need) to maintain ã None of the modification to FoxTor will alter a user's existing Firefox installation when theuser is browsing the web Unmasked (i.e. cookies, favorites, etc. will not be changed) ã Changing between Masked and Unmasked (or disabling Tor) within a Tab will affect thebehavior of that Tab only ã No assumptions are made about the network performance or stability of the destinationwebsite, the Tor servers, the user's computer or the Internet ã The user has a basic fluency with their computer, the Web, and a web browser; however, weassume that most potential Tor users are not computer experts, nor should they be. On theother hand, we believe that they have a heightened concern for their online privacy andrecognize that they can be identified unless they use tools such as Tor. 1 Currently envisioned for the Windows platform 2 User studies should be performed to confirm that this metaphor makes sense and to refine the visualindicators.    4 2.0 Target Users When designing a software application it is important to have a good understanding of the likelyusers of that application. Early in our design process we discussed who our target users wereand what they had in common with each other. Our brainstorming led us to develop profiles forthree categories of users, which appear to encompass most of the target users we haveconsidered. The remainder of our design process focused on the needs of these three categoriesof users. 2.1 Users with critical privacy needs This category includes people for whom online anonymity is extremely important. They are willingto sacrifice performance and forgo access to some web sites because they are not willing to riskbeing identified. They require all their Internet interactions to be protected with Tor. Examplesinclude: ã People who live in countries where it can be dangerous to speak out against the governmentor express one’s religious or political beliefs ã Individuals working for certain government agencies ã Soldiers deployed in combat zones 2.2 Users with selective privacy needs This category includes people who want to be anonymous when visiting certain web sites orwhen engaging in particular online activities, but otherwise do not mind being identified. When notengaging in anonymous activities, these users will use Tor only if they can do so easily andwithout significant performance degradation. Examples include: ã Newspaper reporters / journalists researching a particular story ã Corporate whistle blowers ã Crime solvers - anonymous tips from witnesses ã Consumers who don't want to be tracked by businesses ã People looking for sensitive healthcare information ã Political activists 2.3 Users with basic privacy needs This category includes people who rarely, if ever, have a specific reason to be anonymous;however they generally prefer not to have their online activity tracked. This category also includespeople who believe that anonymity systems should be available for those who need them andwould like to contribute cover traffic. 3 People in this category typically have a low tolerance fordegraded performance due to the Tor network. They would like to be able to turn Tor off easilywhen performance degrades or when it is preventing them from visiting a particular web site. 3 Cover traffic refers to the concept of providing “normal” traffic in which confidential traffic can be hidden.Without cover traffic there may be insufficient traffic to provide high levels of anonymity. Individuals whouse the Tor network may therefore be seen as people with something to hide.
We Need Your Support
Thank you for visiting our website and your interest in our free products and services. We are nonprofit website to share and download documents. To the running of this website, we need your help to support us.

Thanks to everyone for your continued support.

No, Thanks