how do tor users interact with onion services? · despite extra security and privacy properties of...
TRANSCRIPT
![Page 1: How Do Tor Users Interact With Onion Services? · Despite extra security and privacy properties of onion services, many users are confronted with usability issues Susceptibility of](https://reader030.vdocuments.net/reader030/viewer/2022040509/5e53d5f0acee086c1f5efb4c/html5/thumbnails/1.jpg)
How Do Tor Users Interact With Onion Services?
Philipp Winter, Annie Edmundson, Laura Roberts, Agnieszka Dutkowska-Zuk, Marshini Chetty, Nick Feamster
USENIX Security Symposium15 August 2018 1
![Page 2: How Do Tor Users Interact With Onion Services? · Despite extra security and privacy properties of onion services, many users are confronted with usability issues Susceptibility of](https://reader030.vdocuments.net/reader030/viewer/2022040509/5e53d5f0acee086c1f5efb4c/html5/thumbnails/2.jpg)
Tor is a Decentralized Anonymity Network
2
The Tor network
![Page 3: How Do Tor Users Interact With Onion Services? · Despite extra security and privacy properties of onion services, many users are confronted with usability issues Susceptibility of](https://reader030.vdocuments.net/reader030/viewer/2022040509/5e53d5f0acee086c1f5efb4c/html5/thumbnails/3.jpg)
Onion Services Provide Server Anonymity
33
The Tor network
![Page 4: How Do Tor Users Interact With Onion Services? · Despite extra security and privacy properties of onion services, many users are confronted with usability issues Susceptibility of](https://reader030.vdocuments.net/reader030/viewer/2022040509/5e53d5f0acee086c1f5efb4c/html5/thumbnails/4.jpg)
How Do Users Interact with Onion Services?
4
● What are users’ mental models of onion services?
● How do users use and manage onion services?
● What are the challenges of using onion services?
![Page 5: How Do Tor Users Interact With Onion Services? · Despite extra security and privacy properties of onion services, many users are confronted with usability issues Susceptibility of](https://reader030.vdocuments.net/reader030/viewer/2022040509/5e53d5f0acee086c1f5efb4c/html5/thumbnails/5.jpg)
Main FindingsDespite extra security and privacy properties of onion services, many users are confronted with usability issues
● Discovering the existence of onion services● Managing and remembering onion domains● Susceptibility to phishing attacks
We can learn from the issues users have encountered to implement design improvements
5
![Page 6: How Do Tor Users Interact With Onion Services? · Despite extra security and privacy properties of onion services, many users are confronted with usability issues Susceptibility of](https://reader030.vdocuments.net/reader030/viewer/2022040509/5e53d5f0acee086c1f5efb4c/html5/thumbnails/6.jpg)
Overview
1. Onion Services Background + Features
2. Methods
3. Resultsa. Onion Sites Discovery
b. Vanity Domains
c. Verifying Onion Sites
4. Future Directions & Conclusions
6
![Page 7: How Do Tor Users Interact With Onion Services? · Despite extra security and privacy properties of onion services, many users are confronted with usability issues Susceptibility of](https://reader030.vdocuments.net/reader030/viewer/2022040509/5e53d5f0acee086c1f5efb4c/html5/thumbnails/7.jpg)
http://expyuzz4wqqyqhjn.onion
7
![Page 8: How Do Tor Users Interact With Onion Services? · Despite extra security and privacy properties of onion services, many users are confronted with usability issues Susceptibility of](https://reader030.vdocuments.net/reader030/viewer/2022040509/5e53d5f0acee086c1f5efb4c/html5/thumbnails/8.jpg)
http://expyuzz4wqqyqhjn.onion
8
Special-use domain
![Page 9: How Do Tor Users Interact With Onion Services? · Despite extra security and privacy properties of onion services, many users are confronted with usability issues Susceptibility of](https://reader030.vdocuments.net/reader030/viewer/2022040509/5e53d5f0acee086c1f5efb4c/html5/thumbnails/9.jpg)
http://expyuzz4wqqyqhjn.onion
9
Truncated, base 32-encoded hash over RSA public key
![Page 10: How Do Tor Users Interact With Onion Services? · Despite extra security and privacy properties of onion services, many users are confronted with usability issues Susceptibility of](https://reader030.vdocuments.net/reader030/viewer/2022040509/5e53d5f0acee086c1f5efb4c/html5/thumbnails/10.jpg)
http://expyuzz4wqqyqhjn.onion
10
Not limited to HTTP(S)
![Page 11: How Do Tor Users Interact With Onion Services? · Despite extra security and privacy properties of onion services, many users are confronted with usability issues Susceptibility of](https://reader030.vdocuments.net/reader030/viewer/2022040509/5e53d5f0acee086c1f5efb4c/html5/thumbnails/11.jpg)
Onion Service UI is Designed to be Seamless
11
![Page 12: How Do Tor Users Interact With Onion Services? · Despite extra security and privacy properties of onion services, many users are confronted with usability issues Susceptibility of](https://reader030.vdocuments.net/reader030/viewer/2022040509/5e53d5f0acee086c1f5efb4c/html5/thumbnails/12.jpg)
Onion Service UI is Designed to be Seamless
12
![Page 13: How Do Tor Users Interact With Onion Services? · Despite extra security and privacy properties of onion services, many users are confronted with usability issues Susceptibility of](https://reader030.vdocuments.net/reader030/viewer/2022040509/5e53d5f0acee086c1f5efb4c/html5/thumbnails/13.jpg)
Onion Service UI is Designed to be Seamless
13
![Page 14: How Do Tor Users Interact With Onion Services? · Despite extra security and privacy properties of onion services, many users are confronted with usability issues Susceptibility of](https://reader030.vdocuments.net/reader030/viewer/2022040509/5e53d5f0acee086c1f5efb4c/html5/thumbnails/14.jpg)
Onion Service UI is Designed to be Seamless
14
![Page 15: How Do Tor Users Interact With Onion Services? · Despite extra security and privacy properties of onion services, many users are confronted with usability issues Susceptibility of](https://reader030.vdocuments.net/reader030/viewer/2022040509/5e53d5f0acee086c1f5efb4c/html5/thumbnails/15.jpg)
Onion Services are Self-authenticating
15
3wcwjjnuvjyazeza.onion
3wcwjjnuvjyazeza
The Tor network
![Page 16: How Do Tor Users Interact With Onion Services? · Despite extra security and privacy properties of onion services, many users are confronted with usability issues Susceptibility of](https://reader030.vdocuments.net/reader030/viewer/2022040509/5e53d5f0acee086c1f5efb4c/html5/thumbnails/16.jpg)
Onion Services are Self-authenticating
16
3wcwjjnuvjyazeza.onion
3wcwjjnuvjyazeza
The Tor network
Public key
![Page 17: How Do Tor Users Interact With Onion Services? · Despite extra security and privacy properties of onion services, many users are confronted with usability issues Susceptibility of](https://reader030.vdocuments.net/reader030/viewer/2022040509/5e53d5f0acee086c1f5efb4c/html5/thumbnails/17.jpg)
Onion Services are Self-authenticating
17
3wcwjjnuvjyazeza.onion
3wcwjjnuvjyazeza
The Tor network
Public key
SHA-1
![Page 18: How Do Tor Users Interact With Onion Services? · Despite extra security and privacy properties of onion services, many users are confronted with usability issues Susceptibility of](https://reader030.vdocuments.net/reader030/viewer/2022040509/5e53d5f0acee086c1f5efb4c/html5/thumbnails/18.jpg)
Onion Services are End-to-end Encrypted
18
3wcwjjnuvjyazeza
The Tor network
![Page 19: How Do Tor Users Interact With Onion Services? · Despite extra security and privacy properties of onion services, many users are confronted with usability issues Susceptibility of](https://reader030.vdocuments.net/reader030/viewer/2022040509/5e53d5f0acee086c1f5efb4c/html5/thumbnails/19.jpg)
Onion Services are End-to-end Encrypted
19
3wcwjjnuvjyazeza
The Tor network
![Page 20: How Do Tor Users Interact With Onion Services? · Despite extra security and privacy properties of onion services, many users are confronted with usability issues Susceptibility of](https://reader030.vdocuments.net/reader030/viewer/2022040509/5e53d5f0acee086c1f5efb4c/html5/thumbnails/20.jpg)
Both Client and Server are Anonymous
20
3wcwjjnuvjyazeza
The Tor network
![Page 21: How Do Tor Users Interact With Onion Services? · Despite extra security and privacy properties of onion services, many users are confronted with usability issues Susceptibility of](https://reader030.vdocuments.net/reader030/viewer/2022040509/5e53d5f0acee086c1f5efb4c/html5/thumbnails/21.jpg)
Both Client and Server are Anonymous
21
3wcwjjnuvjyazeza
The Tor network I talk to the client through relay R2
I talk to the onion service through relay R2
I have no idea who I’m talking to
![Page 22: How Do Tor Users Interact With Onion Services? · Despite extra security and privacy properties of onion services, many users are confronted with usability issues Susceptibility of](https://reader030.vdocuments.net/reader030/viewer/2022040509/5e53d5f0acee086c1f5efb4c/html5/thumbnails/22.jpg)
While onion services provide anonymity benefits, they are not perfect.
22
● Susceptible to traffic analysis attacks● Configuration errors● Usability issues
![Page 23: How Do Tor Users Interact With Onion Services? · Despite extra security and privacy properties of onion services, many users are confronted with usability issues Susceptibility of](https://reader030.vdocuments.net/reader030/viewer/2022040509/5e53d5f0acee086c1f5efb4c/html5/thumbnails/23.jpg)
Overview
1. Onion Services Background + Features2. Methods3. Results
a. Onion Sites Discoveryb. Vanity Domainsc. Verifying Onion Sites
4. Future Directions & Conclusions
23
![Page 24: How Do Tor Users Interact With Onion Services? · Despite extra security and privacy properties of onion services, many users are confronted with usability issues Susceptibility of](https://reader030.vdocuments.net/reader030/viewer/2022040509/5e53d5f0acee086c1f5efb4c/html5/thumbnails/24.jpg)
How Do Users Interact with Onion Services?
24
● What are users’ mental models of onion services?
● How do users use and manage onion services?
● What are the challenges of using onion services?
![Page 25: How Do Tor Users Interact With Onion Services? · Despite extra security and privacy properties of onion services, many users are confronted with usability issues Susceptibility of](https://reader030.vdocuments.net/reader030/viewer/2022040509/5e53d5f0acee086c1f5efb4c/html5/thumbnails/25.jpg)
How Do Users Interact with Onion Services?
25
Mixed-method user study
Interviews Survey DNS B Root Data
![Page 26: How Do Tor Users Interact With Onion Services? · Despite extra security and privacy properties of onion services, many users are confronted with usability issues Susceptibility of](https://reader030.vdocuments.net/reader030/viewer/2022040509/5e53d5f0acee086c1f5efb4c/html5/thumbnails/26.jpg)
How Do Users Interact with Onion Services?
26
Mixed-method user study
Interviews
● N=17
● Diverse backgrounds
● Exploratory
Survey DNS B Root Data
![Page 27: How Do Tor Users Interact With Onion Services? · Despite extra security and privacy properties of onion services, many users are confronted with usability issues Susceptibility of](https://reader030.vdocuments.net/reader030/viewer/2022040509/5e53d5f0acee086c1f5efb4c/html5/thumbnails/27.jpg)
How Do Users Interact with Onion Services?
27
Mixed-method user study
Interviews
● N=17
● Diverse backgrounds
● Exploratory
Survey
● N=517
● 49 questions (mix of open-ended and closed-ended)
● 4 attention checks
DNS B Root Data
![Page 28: How Do Tor Users Interact With Onion Services? · Despite extra security and privacy properties of onion services, many users are confronted with usability issues Susceptibility of](https://reader030.vdocuments.net/reader030/viewer/2022040509/5e53d5f0acee086c1f5efb4c/html5/thumbnails/28.jpg)
How Do Users Interact with Onion Services?
28
Mixed-method user study
Interviews
● N=17
● Diverse backgrounds
● Exploratory
Survey
● N=517
● 49 questions (mix of open-ended and closed-ended
● 4 attention checks
DNS B Root Data
● ~2 days of data
● Filtered correctly formatted .onion domains
● 15,471 leaked onion domains
![Page 29: How Do Tor Users Interact With Onion Services? · Despite extra security and privacy properties of onion services, many users are confronted with usability issues Susceptibility of](https://reader030.vdocuments.net/reader030/viewer/2022040509/5e53d5f0acee086c1f5efb4c/html5/thumbnails/29.jpg)
Overview
1. Onion Services Background + Features2. Methods3. Results
a. Onion Sites Discoveryb. Vanity Domainsc. Verifying Onion Sites
4. Future Directions & Conclusions
29
![Page 30: How Do Tor Users Interact With Onion Services? · Despite extra security and privacy properties of onion services, many users are confronted with usability issues Susceptibility of](https://reader030.vdocuments.net/reader030/viewer/2022040509/5e53d5f0acee086c1f5efb4c/html5/thumbnails/30.jpg)
Makeshift Solutions Ease Onion Discovery
30
![Page 31: How Do Tor Users Interact With Onion Services? · Despite extra security and privacy properties of onion services, many users are confronted with usability issues Susceptibility of](https://reader030.vdocuments.net/reader030/viewer/2022040509/5e53d5f0acee086c1f5efb4c/html5/thumbnails/31.jpg)
Makeshift Solutions Ease Onion Discovery
31
![Page 32: How Do Tor Users Interact With Onion Services? · Despite extra security and privacy properties of onion services, many users are confronted with usability issues Susceptibility of](https://reader030.vdocuments.net/reader030/viewer/2022040509/5e53d5f0acee086c1f5efb4c/html5/thumbnails/32.jpg)
Makeshift Solutions Ease Onion Discovery
32
![Page 33: How Do Tor Users Interact With Onion Services? · Despite extra security and privacy properties of onion services, many users are confronted with usability issues Susceptibility of](https://reader030.vdocuments.net/reader030/viewer/2022040509/5e53d5f0acee086c1f5efb4c/html5/thumbnails/33.jpg)
Makeshift Solutions Ease Onion Discovery
33
![Page 34: How Do Tor Users Interact With Onion Services? · Despite extra security and privacy properties of onion services, many users are confronted with usability issues Susceptibility of](https://reader030.vdocuments.net/reader030/viewer/2022040509/5e53d5f0acee086c1f5efb4c/html5/thumbnails/34.jpg)
34
![Page 35: How Do Tor Users Interact With Onion Services? · Despite extra security and privacy properties of onion services, many users are confronted with usability issues Susceptibility of](https://reader030.vdocuments.net/reader030/viewer/2022040509/5e53d5f0acee086c1f5efb4c/html5/thumbnails/35.jpg)
35
![Page 36: How Do Tor Users Interact With Onion Services? · Despite extra security and privacy properties of onion services, many users are confronted with usability issues Susceptibility of](https://reader030.vdocuments.net/reader030/viewer/2022040509/5e53d5f0acee086c1f5efb4c/html5/thumbnails/36.jpg)
36
![Page 37: How Do Tor Users Interact With Onion Services? · Despite extra security and privacy properties of onion services, many users are confronted with usability issues Susceptibility of](https://reader030.vdocuments.net/reader030/viewer/2022040509/5e53d5f0acee086c1f5efb4c/html5/thumbnails/37.jpg)
I wasn't aware that onion site search engines exist. It's been near impossible for me to find them so far.
37
Survey Respondent (S195)
![Page 38: How Do Tor Users Interact With Onion Services? · Despite extra security and privacy properties of onion services, many users are confronted with usability issues Susceptibility of](https://reader030.vdocuments.net/reader030/viewer/2022040509/5e53d5f0acee086c1f5efb4c/html5/thumbnails/38.jpg)
Onion Domain Management is Chaotic
38
![Page 39: How Do Tor Users Interact With Onion Services? · Despite extra security and privacy properties of onion services, many users are confronted with usability issues Susceptibility of](https://reader030.vdocuments.net/reader030/viewer/2022040509/5e53d5f0acee086c1f5efb4c/html5/thumbnails/39.jpg)
Onion Domain Management is Chaotic
39
![Page 40: How Do Tor Users Interact With Onion Services? · Despite extra security and privacy properties of onion services, many users are confronted with usability issues Susceptibility of](https://reader030.vdocuments.net/reader030/viewer/2022040509/5e53d5f0acee086c1f5efb4c/html5/thumbnails/40.jpg)
Onion Domains are Difficult to Remember
40
![Page 41: How Do Tor Users Interact With Onion Services? · Despite extra security and privacy properties of onion services, many users are confronted with usability issues Susceptibility of](https://reader030.vdocuments.net/reader030/viewer/2022040509/5e53d5f0acee086c1f5efb4c/html5/thumbnails/41.jpg)
Onion Domains are Difficult to Remember
41
Meaningful prefixes appear to make remembering easier
![Page 42: How Do Tor Users Interact With Onion Services? · Despite extra security and privacy properties of onion services, many users are confronted with usability issues Susceptibility of](https://reader030.vdocuments.net/reader030/viewer/2022040509/5e53d5f0acee086c1f5efb4c/html5/thumbnails/42.jpg)
Phonetic pronunciation plays a large part in how I remember onions.
42
Survey Respondent (S46)
![Page 43: How Do Tor Users Interact With Onion Services? · Despite extra security and privacy properties of onion services, many users are confronted with usability issues Susceptibility of](https://reader030.vdocuments.net/reader030/viewer/2022040509/5e53d5f0acee086c1f5efb4c/html5/thumbnails/43.jpg)
Vanity Onion Domains
propub3r6espa33w.onion
nytimes3xbfgragh.onion
facebookcorewwwi.onion
protonirockerxow.onion
43
![Page 44: How Do Tor Users Interact With Onion Services? · Despite extra security and privacy properties of onion services, many users are confronted with usability issues Susceptibility of](https://reader030.vdocuments.net/reader030/viewer/2022040509/5e53d5f0acee086c1f5efb4c/html5/thumbnails/44.jpg)
Vanity Onion Domains
propub3r6espa33w.onion
nytimes3xbfgragh.onion
facebookcorewwwi.onion
protonirockerxow.onion
44
● Generate onion domains until hash resembles desired string
● The good:○ Hints at onion service
content
● The bad:○ Breeds false sense of
security○ Economically unfair
![Page 45: How Do Tor Users Interact With Onion Services? · Despite extra security and privacy properties of onion services, many users are confronted with usability issues Susceptibility of](https://reader030.vdocuments.net/reader030/viewer/2022040509/5e53d5f0acee086c1f5efb4c/html5/thumbnails/45.jpg)
I only memorize the first part of the domain.
45
Survey Respondent (S96)
![Page 46: How Do Tor Users Interact With Onion Services? · Despite extra security and privacy properties of onion services, many users are confronted with usability issues Susceptibility of](https://reader030.vdocuments.net/reader030/viewer/2022040509/5e53d5f0acee086c1f5efb4c/html5/thumbnails/46.jpg)
I understand vanity onion domains are a sign of the weakness of the hash algorithm used by Tor.
46
Survey Respondent (S454)
![Page 47: How Do Tor Users Interact With Onion Services? · Despite extra security and privacy properties of onion services, many users are confronted with usability issues Susceptibility of](https://reader030.vdocuments.net/reader030/viewer/2022040509/5e53d5f0acee086c1f5efb4c/html5/thumbnails/47.jpg)
These people who created their onion name using scallion or other tools should notice that other people can make [the] same private key.
47
Survey Respondent (S552)
![Page 48: How Do Tor Users Interact With Onion Services? · Despite extra security and privacy properties of onion services, many users are confronted with usability issues Susceptibility of](https://reader030.vdocuments.net/reader030/viewer/2022040509/5e53d5f0acee086c1f5efb4c/html5/thumbnails/48.jpg)
Onion Lookups Suggest Typos or Phishing
48
hydraruzxpnew4af.onion
hydraruzxpnew3af.onion
![Page 49: How Do Tor Users Interact With Onion Services? · Despite extra security and privacy properties of onion services, many users are confronted with usability issues Susceptibility of](https://reader030.vdocuments.net/reader030/viewer/2022040509/5e53d5f0acee086c1f5efb4c/html5/thumbnails/49.jpg)
Onion Lookups Suggest Typos or Phishing
49
hydraruzxpnew4af.onion
hydraruzxpnew3af.onion
529 occurrences in DNS dataset
2 occurrences in DNS dataset
![Page 50: How Do Tor Users Interact With Onion Services? · Despite extra security and privacy properties of onion services, many users are confronted with usability issues Susceptibility of](https://reader030.vdocuments.net/reader030/viewer/2022040509/5e53d5f0acee086c1f5efb4c/html5/thumbnails/50.jpg)
Onion Lookups Suggest Typos or Phishing
50
hydraruzxpnew4af.onion
hydraruzxpnew3af.onion
529 occurrences in DNS dataset
2 occurrences in DNS dataset
Unique, correctly-formatted onion domains
Jaro-Winkler similarity score
Weight results by frequency
![Page 51: How Do Tor Users Interact With Onion Services? · Despite extra security and privacy properties of onion services, many users are confronted with usability issues Susceptibility of](https://reader030.vdocuments.net/reader030/viewer/2022040509/5e53d5f0acee086c1f5efb4c/html5/thumbnails/51.jpg)
Onion Lookups Suggest Typos or Phishing
51
![Page 52: How Do Tor Users Interact With Onion Services? · Despite extra security and privacy properties of onion services, many users are confronted with usability issues Susceptibility of](https://reader030.vdocuments.net/reader030/viewer/2022040509/5e53d5f0acee086c1f5efb4c/html5/thumbnails/52.jpg)
Onion Lookups Suggest Typos or Phishing
52
Russian Market
DuckDuckGo
The Hidden Wiki
![Page 53: How Do Tor Users Interact With Onion Services? · Despite extra security and privacy properties of onion services, many users are confronted with usability issues Susceptibility of](https://reader030.vdocuments.net/reader030/viewer/2022040509/5e53d5f0acee086c1f5efb4c/html5/thumbnails/53.jpg)
Onion Sites are Hard to Verify as Authentic
53
![Page 54: How Do Tor Users Interact With Onion Services? · Despite extra security and privacy properties of onion services, many users are confronted with usability issues Susceptibility of](https://reader030.vdocuments.net/reader030/viewer/2022040509/5e53d5f0acee086c1f5efb4c/html5/thumbnails/54.jpg)
Onion Sites are Hard to Verify as Authentic
54
![Page 55: How Do Tor Users Interact With Onion Services? · Despite extra security and privacy properties of onion services, many users are confronted with usability issues Susceptibility of](https://reader030.vdocuments.net/reader030/viewer/2022040509/5e53d5f0acee086c1f5efb4c/html5/thumbnails/55.jpg)
Onion Sites are Hard to Verify as Authentic
55
![Page 56: How Do Tor Users Interact With Onion Services? · Despite extra security and privacy properties of onion services, many users are confronted with usability issues Susceptibility of](https://reader030.vdocuments.net/reader030/viewer/2022040509/5e53d5f0acee086c1f5efb4c/html5/thumbnails/56.jpg)
Summary of Findings
● Discovering onion services is challenging because they are private by default
● Vanity domains are more memorable but provide a false sense of security
● Users are lacking a way to verify the authenticity of onion domains
56
![Page 57: How Do Tor Users Interact With Onion Services? · Despite extra security and privacy properties of onion services, many users are confronted with usability issues Susceptibility of](https://reader030.vdocuments.net/reader030/viewer/2022040509/5e53d5f0acee086c1f5efb4c/html5/thumbnails/57.jpg)
Overview
1. Onion Services Background + Features2. Methods3. Results
a. Onion Sites Discoveryb. Vanity Domainsc. Verifying Onion Sites
4. Future Directions & Conclusions
57
![Page 58: How Do Tor Users Interact With Onion Services? · Despite extra security and privacy properties of onion services, many users are confronted with usability issues Susceptibility of](https://reader030.vdocuments.net/reader030/viewer/2022040509/5e53d5f0acee086c1f5efb4c/html5/thumbnails/58.jpg)
Making Onion Domains More Usable
● Make it easier for site foo.com to announce its onion service
● Allow onion service operators to opt-in to publishing mechanism
● Have Tor Browser help with encrypted bookmarks
● Better documentation and education
58
![Page 59: How Do Tor Users Interact With Onion Services? · Despite extra security and privacy properties of onion services, many users are confronted with usability issues Susceptibility of](https://reader030.vdocuments.net/reader030/viewer/2022040509/5e53d5f0acee086c1f5efb4c/html5/thumbnails/59.jpg)
ConclusionDespite extra security and privacy properties of onion services, many users are confronted with usability issues
● Susceptibility of onion services to phishing attacks● Discovering the existence of onion services● Managing and remembering onion domains
59
![Page 60: How Do Tor Users Interact With Onion Services? · Despite extra security and privacy properties of onion services, many users are confronted with usability issues Susceptibility of](https://reader030.vdocuments.net/reader030/viewer/2022040509/5e53d5f0acee086c1f5efb4c/html5/thumbnails/60.jpg)
ConclusionDespite extra security and privacy properties of onion services, many users are confronted with usability issues
● Susceptibility of onion services to phishing attacks● Discovering the existence of onion services● Managing and remembering onion domains
We can learn from the issues users have encountered to implement design improvements
● Better discovery mechanisms● Better verification mechanisms
60
![Page 61: How Do Tor Users Interact With Onion Services? · Despite extra security and privacy properties of onion services, many users are confronted with usability issues Susceptibility of](https://reader030.vdocuments.net/reader030/viewer/2022040509/5e53d5f0acee086c1f5efb4c/html5/thumbnails/61.jpg)
Questions?
61
More info at: https://nymity.ch/onion-services/
https://hci.princeton.edu
https://citp.princeton.edu/
Sponsored by: