Usability Inspection of Anonymity Networks
Abstract and Figures
Today, to be monitored while surfing the web seems to be a natural act and thus tools and applications to achieve online anonymity are more important than ever. The usability of such a tool plays not only a prominent role for each single user; in the area of anonymization networks it usually holds that the protection for every single user is higher, the more users participate. Hence, usability is of great importance, since bad usability decreases the number of potential users. In this paper we examine the usability of four software implementations for anonymous communication techniques especially with regards to the installation procedure. The usability is evaluated with the help of cognitive walk-throughs. We also inspect the quality of service of these implementations by means of a performance test.
Figures - uploaded by Dhiah el Diehn I. Abou-Tair
Author content
All figure content in this area was uploaded by Dhiah el Diehn I. Abou-Tair
Content may be subject to copyright.
... Very few research works focused over the sociability issues of Tor network. Discussed challenges and social issues, and studied Tor network Abou-Tair et al. [112] Studied usability, bandwidth and anonymity over anonymous networks Clark et al. [113] Performed usability analysis of Tor with other anonymity tools Edmundson et al. [114] Compared anonymity and performance of Safeplug with Tor ...
... Who is More User Friendly ? Abou-Tair et al. [112] focused on the usability of different anonymizing solutions including Tor, I2P 6 , JAP/JonDo (Java Anonymous Proxy) 7 and Mixmaster 8 . The installation of all softwares was analyzed with regard to ease-of-use. ...
... Clark et al. [113] conducted a usability analysis by installing various components of Tor including Vidalia, Privoxy, Torbutton and Foxyproxy on a standard machine. In another study, Abou-Tair et al. [112] presented the usability analysis of the various anonymous service applications including Tor. Various anonymity tools were installed on a machine and usability, ease of installation and use was analyzed. ...
Anonymity services have seen high growth rates with increased usage in the past few years. Among various services, Tor is one of the most popular peer-to-peer anonymizing service. In this survey paper, we summarize, analyze, classify and quantify 26 years of research on the Tor network. Our research shows that `security' and `anonymity' are the most frequent keywords associated with Tor research studies. Quantitative analysis shows that the majority of research studies on Tor focus on `deanonymization' the design of a breaching strategy. The second most frequent topic is analysis of path selection algorithms to select more resilient paths. Analysis shows that the majority of experimental studies derived their results by deploying private testbeds while others performed simulations by developing custom simulators. No consistent parameters have been used for Tor performance analysis. The majority of authors performed throughput and latency analysis.
... Who is More User Friendly ? Abou-Tair et al. [113] focused on the usability of different anonymizing solutions including Tor, I2P 6 , JAP/JonDo (Java Anonymous Proxy) 7 and Mixmaster 8 . The installation of all softwares was analyzed with regard to ease-of-use. ...
... Statistical Data of Tor: Loesing et al. [120] collected the statistics from the live Tor network to measure two aspects of communication, i.e., (1) country wise usage, and (2) traffic port numbers for exiting traffic. Both these Discussed challenges and social issues, and studied Tor network Abou-Tair et al. [113] Studied usability, bandwidth and anonymity over anonymous networks Clark et al. [114] Performed usability analysis of Tor with other anonymity tools Edmundson et al. [115] Compared anonymity and performance of Safeplug with Tor ...
... Clark et al. [114] conducted a usability analysis by installing various components of Tor including Vidalia, Privoxy, Torbutton and Foxyproxy on a standard machine. In another study, Abou-Tair et al. [113] presented the usability analysis of the various anonymous service applications including Tor. Various anonymity tools were installed on a machine and usability, ease of installation and use was analyzed. ...
Anonymity services have seen high growth rates with increased usage in the past few years. Among various services, Tor is one of the most popular peer-to-peer anonymizing service. In this survey paper, we summarize, analyze, classify and quantify 26 years of research on the Tor network. Our research shows that `security' and `anonymity' are the most frequent keywords associated with Tor research studies. Quantitative analysis shows that the majority of research studies on Tor focus on `deanonymization' the design of a breaching strategy. The second most frequent topic is analysis of path selection algorithms to select more resilient paths. Analysis shows that the majority of experimental studies derived their results by deploying private testbeds while others performed simulations by developing custom simulators. No consistent parameters have been used for Tor performance analysis. The majority of authors performed throughput and latency analysis.
... More details and analysis of Tor can be found in a wide number of references in the literature since this protocol has been deeply analysed (Murdoch and Danezis, 2005;Abou-Tair et al., 2009;Danezis et al., 2009;Behl and Lilien, 2009;Edman and Yener, 2009;Chaabane et al., 2010;Fabian et al., 2010;Ren and Wu, 2010;Mulazzani et al., 2010;Hopper et al., 2010). ...
... More details and analysis on I2P can be found in Abou-Tair et al. (2009), zzz and Schimmer (2009), I2P (2011, Herrmann and Grothoff (2011), and Zantout and Haraty (2011). Although this system offers protection against a number of attacks such as timing attacks, intersection attacks, tagging attacks, sybil attacks, etc., it presents some possible vulnerabilities as for partitioning attacks and intersection attacks (Zantout and Haraty, 2011), which could reveal sender and receiver identities or allow the trace of the message. ...
... Furthermore, the performance of this network has been studied in Wendolsky et al. (2007), Panchenko et al. (2008), Abou-Tair et al. (2009), Loesing et al. (2008, Lenhard et al. (2009), andFabian et al. (2010). Fabian et al. (2010) and Panchenko et al. (2008) mention that the latency should be reduced so that the adoption of Tor network service by new users increases. ...
Concern for privacy when users are surfing on the Web has increased recently. Nowadays, many users are aware that when they are accessing Web sites, these Web sites can track them and create profiles on the elements they access, the advertisements they see, the different links they visit, from which Web sites they come from and to which sites they exit, and so on. In order to maintain user privacy, several techniques, methods and solutions have appeared. In this paper we present an analysis of both these solutions and the main tools that are freely distributed or can be used freely and that implement some of these techniques and methods to preserve privacy when users and surfing on the Internet. This work, unlike previous reviews, shows in a comprehensive way, all the different risks when a user navigates on the Web, the different solutions proposed that finally have being implemented and being used to achieve Web privacy goal. Thus, users can decide which tools to use when they want navigate privately
... Moreover, active monitoring is carried out and cut off all requests to the banned sites. Required to overcome opposition from the network equipment, and gain access to arbitrary resources, in particular site [1][2][3][4][5]. ...
... Dhiah el Diehn et al. examined the usability of four anonymity tools (Tor, JonDo, I2P, and Quicksilver) during the installation phase [1]. They detailed the installation process of these tools, applying four tasks to test the installation phase: success of installation, success of configuration, confirmation of anonymization, and ability to disable anonymization. ...
Many systems provide anonymity for their users, and most of these systems work on the separation between the users’ identity and the final destination. The level of anonymity these services provide is affected by several factors, some of which are related to the design of the anonymity service itself. Others are related to how the system is used or the user’s application/purpose in using the anonymity service. In this paper we: (i) propose five factors that aim to measure anonymity level from the user’s perspective; (ii) evaluate these factors for three anonymity services, namely Tor, JonDonym, and I2P as case studies; and (iii) present a mechanism to evaluate anonymity services based on the proposed factors and measure their levels of anonymity.
... The number of mixes on the network, the operator of theses mixes and the bandwidth (BW) they offer to the users also count on the anonymity networks and their design. Below is an introduction of the most popular anonymity networks: Tor, JonDonym and I2P [1,19,28] which are used in this research. ...
Multilayer-encryption anonymity networks provide privacy which has become a significant concern on today's Internet due to many attacks and privacy breaches. The anonymity and privacy these networks provide is a double-edged knife. Increasing attacks, threats and misuse of such valuable anonymity services trigger the need to identify such anonymity networks. Moreover, the implementation of the obfuscation techniques hardens the identification of such networks. Consequently, this research proposes Packet Momentum approach to identify multilayer-encryption anonymity networks. Packet Momentum is a novel approach proposed to identify multilayer-encryption anonymity networks efficiently and accurately and the obfuscations techniques they use. The Packet Momentum aims to use a small number of features and a small number of packets to identify such networks.
Frequent contact with online businesses requires Internet users to distribute large amounts of personal information. This spreading of users’ information through different Websites can eventually lead to increased probabilities for identity theft, profiling and linkability attacks, as well as other harmful consequences. Methods and tools for securing people’s online activities and protecting their privacy on the Internet, called Privacy Enhancing Technologies (PETs), are being designed and developed. However, these technologies are often perceived as complicated and obtrusive by users who are not privacy aware or are not computer or technology savvy. This chapter explores the way in which users’ involvement has been considered during the development process of PETs and argues that more democratic approaches of user involvement and data handling practices are needed. It advocates towards an approach in which people are not only seen as consumers of privacy and security technologies, but where they can play a role as the producers of ideas and sources of inspiration for the development of usable PETs that meet their actual privacy needs and concerns.
This paper discusses possible approaches to address the loss of user privacy when browsing the web and being tracked by websites which compute a browser fingerprint identifying the user computer. The key problem is that the current fingerprinting countermeasures are insufficient to prevent fingerprinting tracking and also frequently produce side-effects on the web browser. The advantages and disadvantages of possible countermeasures are discussed in the context of improving resistance against browser fingerprinting. Finally, using a new browser extension is proposed as the best way to inhibit fingerprinting as it could probably inhibit some of the fingerprinting techniques used and also diminish the side-effects on the user browser experience, compared with existing techniques.
Frequent contact with online businesses requires Internet users to distribute large amounts of personal information. This spreading of users’ information through different Websites can eventually lead to increased probabilities for identity theft, profiling and linkability attacks, as well as other harmful consequences. Methods and tools for securing people’s online activities and protecting their privacy on the Internet, called Privacy Enhancing Technologies (PETs), are being designed and developed. However, these technologies are often perceived as complicated and obtrusive by users who are not privacy aware or are not computer or technology savvy. This chapter explores the way in which users’ involvement has been considered during the development process of PETs and argues that more democratic approaches of user involvement and data handling practices are needed. It advocates towards an approach in which people are not only seen as consumers of privacy and security technologies, but where they can play a role as the producers of ideas and sources of inspiration for the development of usable PETs that meet their actual privacy needs and concerns.
We present an overview of the field of anonymous communications, from its establishment in 1981 from David Chaum to today. Key systems are presented categorized according to their underlying principles: semi-trusted relays, mix systems, remailers, onion routing, and systems to provide robust mixing. We include extended discussions of the threat models and usage models that different schemes provide, and the trade-offs between the security properties offered and the communication characteristics different systems support.
A growing field of literature is studying how usability im-pacts security [4]. One class of security software is anonymizing networks— overlay networks on the Internet that provide privacy by letting users transact (for example, fetch a web page or send an email) without re-vealing their communication partners. In this position paper we focus on the network effects of usability on privacy and security: usability is a factor as before, but the size of the user base also becomes a factor. We show that in anonymizing networks, even if you were smart enough and had enough time to use every system perfectly, you would nevertheless be right to choose your system based in part on its usability for other users. 1 Usability for others impacts your security While security software is the product of developers, the security it provides is a collaboration between developers and users. It's not enough to make software that can be used securely—software that is hard to use often suffers in its security as a result. For example, suppose there are two popular mail encryption programs: Heavy-Crypto, which is more secure (when used correctly), and LightCrypto, which is easier to use. Suppose you can use either one, or both. Which should you choose? You might decide to use HeavyCrypto, since it protects your secrets better. But if you do, it's likelier that when your friends send you confidential email, they'll make a mistake and encrypt it badly or not at all. With LightCrypto, you can at least be more certain that all your friends' correspondence with you will get some protection. What if you used both programs? If your tech-savvy friends use HeavyCrypto, and your less sophisticated friends use LightCrypto, then everybody will get as much protection as they can. But can all your friends really judge how able they are? If not, then by supporting a less usable option, you've made it likelier that your non-savvy friends will shoot themselves in the foot. The crucial insight here is that for email encryption, security is a collabora-tion between multiple people: both the sender and the receiver of a secret email must work together to protect its confidentiality. Thus, in order to protect your own security, you need to make sure that the system you use is not only usable by yourself, but by the other participants as well.
Abstract This paper introduces an information theoretic model that allows to quantify the degree of anonymity provided by schemes for anonymous connections It considers attackers that obtain probabilis - tic information about users The degree is based on the probabilities an attacker, after observing the system, assigns to the di?erent users of the system as being the originators of a message As a proof of concept, the model is applied to some existing systems The model is shown to be very useful for evaluating the level of privacy a system provides under various attack scenarios, for measuring the amount of information an at - tacker gets with a particular attack and for comparing di?erent systems amongst each other
Neither of the two anonymisation services Tor and AN.ON clearly outperforms the other one. AN.ON's user-perceived QoS is generally more consistent over time than Tor's. While AN.ON's network latencies are low compared to Tor, it suffers from limitations in bandwidth. Interestingly, Tor's performance seems to depend on the time of day: it increases in the European morning hours. Utilising AN.ON's reporting of concurrently logged-in users, we show a correlation between load and performance. The reported number of users should be adjusted, though, so that it serves as a better indicator for security and performance. Finally, the results indicate the existence of an overall tolerance level for acceptable latencies of approximately 4 seconds, which should be kept in mind when designing low-latency anonymisation services.
We present Tor, a circuit-based low-latency anonymous communication service. This second-generation Onion Routing system addresses limitations in the original design by adding perfect forward secrecy, congestion control, directory servers, integrity checking, configurable exit policies, and a practical design for location-hidden services via rendezvous points. Tor works on the real-world Internet, requires no special privileges or kernel modifications, requires little synchronization or coordination between nodes, and provides a reasonable tradeoff between anonymity, usability, and efficiency. We briefly describe our experiences with an international network of more than 30 nodes. We close with a list of open problems in anonymous communication.
Crowds is a peer-to-peer system for protecting users' anonymity for web transactions. One of the more serious disadvantages of it is the de-gree of anonymity provided with respect to the colluding system members: the one who forwards a message to a colluding node is more likely to be the originator of the message than any other member in the system. Further-more, with the system size growth, the probability that the request came from the initiator of the communication becomes more likely. In this paper we want to assess to which degree Crowds is applicable despite these weaknesses. To this end, we calculate the needed number of observa-tions for colluding members in order to determine with arbitrary precision how often some users communicate with an external service. An additional question that will be addressed is the possibility to hamper this degrada-tion of the provided anonymity level by a method for adaptive behavior of honest members.
We present the architecture, design issues and functions of a MIX-based system for anonymous and unobservable real-time Internet
access. This system prevents traffic analysis as well as flooding attacks. The core technologies include an adaptive, anonymous,
time/volumesliced channel mechanism and a ticket-based authentication mechanism. The system also provides an interface to
inform anonymous users about their level of anonymity and unobservability.
One of the heavily discussed design questions for low latency anonymity systems is: “How much additional anonymity will the
system provide by adding a certain amount of delay?” But current research on this topic ignores an important aspect of this
question – the influence of the delay on the number of users and by this means on the anonymity provided. This paper shows
some first experimental results in this area. Hopefully, it supports better design decisions for low latency anonymity systems.
Tor is a popular privacy tool designed to help achieve online anonymity by anonymising web trac. Employing cogni- tive walkthrough as the primary method, this paper evalu- ates four competing methods of deploying Tor clients, and a number of software tools designed to be used in conjunction with Tor: Vidalia, Privoxy, Torbutton, and FoxyProxy. It also considers the standalone anonymous browser TorPark. Our results show that none of the deployment options are fully satisfactory from a usability perspective, but we oer suggestions on how to incorporate the best aspects of each tool. As a framework for our usability evaluation, we also provide a set of guidelines for Tor usability compiled and adapted from existing work on usable security and human- computer interaction.
this paper we investigate attacks by corrupt group members that degrade the anonymity of each protocol over time. We prove that when a particular initiator continues communication with a particular responder across path reformations, existing protocols are subject to the attack. We use this result to place an upper bound on how long existing protocols, including Crowds, Onion Routing, Hordes, Web Mixes, and DC-Net, can maintain anonymity in the face of the attacks described. This provides a basis for comparing these protocols against each other. Our results show that fully-connected DC-Net is the most resilient to these attacks, but it su#ers from scalability issues that keep anonymity group sizes small. We also show through simulation that the underlying topography of the DC-Net has a#ects the resilience of the protocol: as the number of neighbors a node has increases both the communications overhead and the strength of the protocol increase