How Do Tor Users Navigate Onion Services?

Posted on behalf of Philipp Winter, Annie Edmundson, Laura Roberts, Agnieskza Dutkowska-Żuk, Marshini Chetty, and Nick Feamster

Our work on “How Tor Users Interact With Onion Services” will be presented at the upcoming USENIX Security conference in Baltimore in August. Below, we briefly summarize our findings.

What are onion services?: Onion services were created by the Tor project in 2004.  They offer privacy protection for individuals browsing the web and also allow web servers, and thus websites themselves, to be anonymous. This means that any “onion site” or dark web site cannot be physically traced to identify those running the site or where the site is hosted. Unlike traditional URLS, onion domains consist of a string of letters and numbers because they are hashes over a site’s public key.

What did we do? We wanted to investigate how users perceive, manage, and use Tor’s onion services and onion domains. We also wanted to understand what challenges exist for current onion service users and what privacy and security enhancements are needed to help users better navigate these services.

How did we do it? We conducted a survey of 517 Tor users and interviewed 17 Tor users in depth to determine how users perceive, use, and manage onion services and what challenges they face in using these services. To compliment our qualitative data, we analyzed “leaked” DNS lookups to onion domains, as seen from a DNS root server. This data gave us insights into actual usage patterns to corroborate some of the findings from the interviews and surveys.

What did we find? We found that users have an incomplete mental model of onion services, use these services for anonymity and have varying trust in onion services in general. Users also have difficulty discovering and tracking onion sites and authenticating them. Finally, users want technical improvements to onion services and better information on how to use them.

What are the implications of this work? Our findings suggest various improvements for the security and usability of Tor onion services, including ways to automatically detect phishing of onion services, more clear security indicators, and ways to manage onion domain names that are difficult to remember.

Read more in a related blog post or in the full paper here.

Developing Online Safety Resources for Elementary School Children at IDC 2018

Posted on behalf of Priya Kumar, Elizabeth Bonsignore, Marshini Chetty, Tammy Clegg, Brenna McNally, Jonathan Yang, and Jessica Vitak

Our paper on “Co-Designing Online Privacy-Related Games and Stories with Children” will be presented at the international Interaction Design and Children Conference in June. Below we summarize our findings.

What did we do? Children spend hours going online at home and school, but they receive little to no education about how going online affects their privacy. We explored the power of games and storytelling as two mechanisms for teaching children about privacy online.

How did we do it? We held three co-design sessions with Kidsteam, an intergenerational design team at the University of Maryland, College Park that designs technologies for children’s by working with children throughout the technology design process that included eight children ages 8-11. During these design sessions, which included eight children ages 8-11, we reviewed existing privacy resources with children and elicited design ideas for new resources.  In session 1, the team examined currently available resources such as Google’s Mindful Mountain game. In session 2, we improved the design of a conceptual prototype of an app inspired by the popular game Doodle Jump. Our version, which we called Privacy Doodle Jump, incorporated quiz questions related to privacy and security online. In session 3, children developed their own interactive narratives–similar to Choose Your Own Adventure stories–related to privacy online.

What did we find? All three co-design sessions emphasized that, when presented with educational resources related to privacy online, children want to understand the purpose of these resources and what takeaways they offer for everyday life. If resources rely on abstract or unfamiliar scenarios, children might have a harder time relating to them or understanding what they are supposed to learn from them. For example, a child might more easily absorb a privacy lesson from a story about another child who uses Instagram than a game that uses a fictional character in an imaginary world. Additionally, we found that materials designed to teach children about privacy online often instruct children on “do’s and don’ts” rather than helping them develop the skills to navigate privacy online. Such straightforward guidelines can be useful when introducing children to complex subjects like privacy, or when working with younger children. However, focusing on lists of rules does little to equip children with the necessary when making complex, privacy-related decisions online. Finally, we found that both gaming and interactive narratives can be powerful tools to help to teach children about online safety in an engaging manner.

What are the implications of this work? First, educational resources related to privacy should use scenarios that relate to children’s everyday lives. For instance, our Privacy Doodle Jump game included a question that asked a child what they would do if they were playing Xbox and saw an advertisement pop up that asked them to buy something. Second, educational resources should go beyond listing do’s and don’ts for online behavior and help children develop strategies for dealing with new and unexpected scenarios they may encounter. Because context is such an important part of privacy-related decision making, resources should facilitate discussion between parents or teachers and children rather than simply tell children how to behave. Third, educational resources should showcase a variety of outcomes of different online behaviors instead of framing privacy as a black and white issue. For instance, privacy guidelines may instruct children to never turn on location services, but this decision might differ based on the app that is requesting it. Turning on location services in Snapchat may pinpoint your house to others — a potential negative, but turning on location services in Google Maps may yield real-time navigation — a potential positive.  However, turning on location services on apps like Find My iPhone, Google Maps, and Snapchat have different, and sometimes beneficial, outcomes such as the ability to find a lost phone or get real-time navigation. Exposing children to a variety of positive and negative consequences of privacy-related decision making will help them develop the skills they need to navigate uncharted situations online.

Read more in the here.


Princeton HCI at CHI 2018

Nathan Matias, Sam Jaroszewski, Janet Vertesi, and Marshini Chetty
Nathan Matias, Sam Jaroszewski, Janet Vertesi, and Marshini Chetty

My Path to Human-Centered Design at Princeton

Posted on behalf of Laura Herman.

As I look forward to my position as a User Experience Researcher in Silicon Valley next year, I have begun to reflect on the four years at Princeton that prepared me for my next adventure. Through a combination of courses and extracurricular groups, I was able to bolster my understanding of Human-Computer Interaction.  It is my hope that this post will provide a helpful framework to any future Princeton students who are similarly interested in the intersection of behavior and technology.

Relevant Academic Pursuits

First and foremost, Professor Chetty’s Human Computer Interaction course was a wonderful avenue to academically explore HCI methodologies. Throughout the class, a group project provides an opportunity to empirically apply the methodologies in question. (This is also a great opportunity to produce a concrete prototype for your portfolio!) I found it rewarding to produce an engaging, easy-to-use user interface to address sexual health issues on Princeton’s campus.

In a similar academic vein, the Program in Cognitive Science is a complementary certificate program to almost any major. The coursework spans multiple disciplines, including but not limited to: computer science, linguistics, neuroscience, philosophy, psychology, and mechanical engineering. Within these categories, I particularly enjoyed the Psychology of Decision-Making, Sensation & Perception, and Computer Vision. Personally, I declared Psychology as my major, and I found my psychological training quite pertinent for my UX internship this past summer. Various psychological research projects informed the quantitative and qualitative methodology I utilized in my UX research process.

The new Entrepreneurship certificate is another avenue through which to explore design thinking and related concepts. Hosted by the Keller Center, the program offers classes such as “Creativity, Innovation, and Design” and “Design for Understanding.” Outside of coursework, the Keller Center also hosts a variety of co-curricular workshops, seminars, and lecture series.  Amongst these programs are the eLab Summer Accelerator Program and eLab semester incubator, which provide an avenue to build out startups or other entrepreneurial ventures. Many of the aforementioned offerings take place in the eHub, a collaborative co-working space that was unveiled in Fall 2015.

The Woodrow Wilson School has also revealed a newfound focus on human behavior: the Kahneman-Treisman Center for Behavioral Science.  Their programming includes lunchtime talks on relevant behavioral issues and courses taught by faculty members cross-listed with a variety of departments. The center’s focus is interdisciplinary, so it is an exciting avenue to explore the design of everything from public policy to environmental engineering. Recently, I took a class with a faculty member entitled “Human Factors: Psychology for Engineering, Environmental, and Energy Decisions.” I thoroughly enjoyed the opportunity to apply psychological theories to sustainable engineering, and I produced a prototype for a behaviorally-conscious smart meter.

For a more visual design focus, I would encourage students to explore the Visual Arts department.  The invitation-only certificate program has recently fostered a plethora of graphic design students alongside traditional visual artists.  Classes such as Typography (which focuses on text design) and Visual Form (in which design of a technological interface) are particularly relevant to Human-Centered Design. In my typography class with David Reinfurt, I became more fluent using design tools– ranging from old-school letterpress machines to Adobe inDesign.

Relevant Extracurricular Opportunities

An acutely underappreciated resource is the Council on Science and Technology’s StudioLab.  As an ambassador, I have had the opportunity to host workshops in the space, which is in the basement of Fine Hall. The goal of Studio lab is to “explore the intersections and shared creativity across STEM, the arts, humanities, and social sciences.” The workspace includes machines for 3D printing, laser cutting, virtual reality, motion sensing and much more. Every Friday, StudioLab hosts a “Café,” which is an opportunity for students to freely experiment with the various technologies. The StudioLab encourages creation to any end: extracurricular endeavors, coursework, or personal projects. In fact, it was a StudioLab Café that first ignited my interest in Virtual Reality, which I will be researching full-time next year.

There are also a variety of interdisciplinary, design-focused courses held in the space. One example is “Transformations in Engineering and the Arts,” which explores the parallels and intersections of design/composition in engineering and the arts, emphasizing a merging of artistry and systematic thinking. Students learn to create as engineer-artists and artist-engineers. The course is organized around four modules: a) Visuals, b) Sound, c) Structure and d) Movement, led by faculty from COS, MUS, CEE, MAE with faculty from the Lewis Center for the Arts. Additionally, the Council on Science and Technology hosts a Design Challenge in partnership with a service organization on campus each year. The 2017 challenge, for example, was “Rethinking Mass Incarceration,” in collaboration with the SPEAR conference. The challenge sought to encourage in-depth research, rapid prototyping, design thinking, and technology use (e.g. 3D printer, MoCap, etc.).

Another service-oriented design activity is Tiger Challenge, a co-curricular design-thinking program. Participating students work with partner communities to develop lasting innovations and the capacity to address seemingly intractable societal issues, such as affordable housing and adolescent mental health. Though the name suggests otherwise, it is not a competition. Rather, each team is supported throughout the process, receiving training, mentorship, space, and resources.

Relevant Conferences

Two Princeton-sponsored conferences were particularly mind-expanding in my experience: Envision and Designation. Envision is focused on contemplating the future via an examination of the implications of emerging technologies. For example, this year’s conference investigated the effects of Artificial Intelligence, Enhanced Interfaces, Nanoscale, and Synthetic Biology on Catastrophic & Existential Risk, Material Advancement, Space Development, Economic & Social Change, and Human Enhancement. Speakers include professors at large research institutions (Future of Humanity Institute @ Oxford, Department of Biology @ MIT, Government & Technology @ Harvard, etc.) as well as decision-making executives at forward-thinking ventures (Deep Space Industries, IBM Research AI, NeuroTechX, PayPal, Permutation Ventures, Foresight Institute, etc.).

Designation, sponsored by student-led Business Today, was founded in 2017 to fill the gap in undergraduate curriculums of the principles that govern design in real agencies, companies, and firms. The two-day conference in NYC provides keynotes from impressive design leaders, workshops for design-thinking skills, and intimate executive seminars. I was particularly blown away by the opportunity to speak with Ratna Desai @ Google UX, Daniel Burka @ Google Ventures, Jamie Myrold @ Adobe, Alison Rand @ frog, John Couch @ Hulu, and Christina Janzer @ Slack (who founded Facebook’s UX team!).

Relevant Events

Lastly, I will touch on some programs offered through the Entrepreneurship Club (or E-Club, as it is colloquially referred to). With 14 teams, there are a plethora of opportunities for the 1600+ active members. TigerTrek, TigerLaunch, and HackPrinceton are particularly applicable to this post. HackPrinceton is the landmark on-campus hackathon, attracting students from across the country and world to create, build, and develop. This biannual 36-hour event is open to all experience-levels: the opportunities for collaboration and excitement are plentiful. This is a great opportunity to develop iterative (and scrappy!) design skills.

TigerLaunch was the first national collegiate pitch competition, and it is currently the nation’s largest student run entrepreneurship competition. Each year, TigerLaunch hosts four regional events (the 2018 locations were Seattle, Chicago, NYC, and Paris). Finalist teams come to Princeton to compete for $30,000+ in funding and opportunities to pitch to world-class Venture Capital firms, like Sequoia Capital. In general, TigerLaunch aims to offer networking, funding, and/or mentorship to all participants.

Finally, Silicon Valley TigerTrek offers a life-changing experience for 20 Princeton students. Over spring break, this select group travels to Silicon Valley to visit a variety of firms, ranging from small startups to large technology behemoths to Venture Capital firms. The highly immersive experience offers intimate Q&A sessions with leaders of the field. I was honored to attend this past year, and I had the opportunity to speak with Marne Levine (COO @ Instagram), Jack Dorsey (CEO @ Twitter and Square), Jeff Jordan (General Partner @ Andreesen Horowitz), and Joe Gebbia (Founder @ Airbnb), among others. Outside of these fascinating conversations, the trip affords ample networking and mentorship opportunities as well as a tight-knit community. Personally, I forged lasting connections with my peers through impassioned debates, electric brainstorming, and collaborative experimentation. TigerTrek left me inspired and electrified– ready to fully engage with the technology community as a user advocate.

Throughout my four years in the orange bubble, the campus-wide focus on technology has been exponentially amplified; I am sure that the opportunities mentioned in this post will only be augmented in the years to come. Though Princeton may not be the first university that comes to mind when considering an education in Human-Computer Interaction, I was able to find a unique recipe of activities to satiate my UX-focused curiosity. I encourage you to do the same. After all, HCI is an inherently interdisciplinary field: a fitting conduit for Princeton’s liberal arts education.

Get in touch with Laura Herman here.



Understanding How Zero-Rated Internet Platforms Shape Usage at CHI 2018

Posted on behalf of Julie Romanosky.

In this post, we summarize the findings of our upcoming CHI 2018 paper.

What is Zero-Rating? Zero-rating is the process of providing subsidized digital content or access to the Internet for `free’. Usually sponsored by service providers or online content producers, one goal of zero-rating mobile data, in particular, is to improve the affordability of the Internet for resource-constrained populations. However, recently zero-rating has been hotly debated as it is unclear if these services violate net-neutrality principles by creating a tiered Internet, or if they are improving the accessibility of the Internet and creating a more connected world.

What is Free Basics?: Free Basics was founded in 2013 by Facebook with the goal of connecting rural and low-income populations to the Internet for the first time. While Free Basics appears as a single app, it is actually a platform for hosting a variety of zero-rated applications and the available content changes depending on the country and unpaid partnerships with local service providers, i.e., no two Free Basics offerings are the same. However, all versions provide access to a lite version of Facebook and select other third party apps such as Bing and Wikipedia. Educational materials, news, weather reports dominate the application topics in Free Basics across countries. Other apps cover health care, job listings, search engines, and classifieds.

What did we do?:To investigate the influence of zero-rated services, we conducted a two part study using interviews with resource-constrained zero-rating users in South Africa. In Study One, we interviewed current low-income Free Basics users to see whether the platform is connecting the unconnected and the impact of the service on users who have little means for getting online otherwise. In Study Two, we recruited users who were non-regular Free Basics users to understand why non-use of the platform occurs with individuals who have more means to get online.

We chose to conduct our study in Cape Town, South Africa because several zero-rated services have been offered there since 2010 and there is no current net-neutrality legislation in place and in addition Free Basics has been offered there on the Cell C network since 2015. We opted to study Free Basics since it is a platform rather than a single service and therefore more likely to shape Internet use. We chose South Africa because it is a middle-income nation with a significant number of individuals who have never been online and where Internet access is relatively expensive.

How did we do it?: We interviewed 35 Free Basics users in South Africa, a combination of current low-income users and non-regular student users. We chose to interview college students since they are resource-constrained, likely to be connected users, and have a high need for remaining connected for their studies. Including both groups in our study allowed us to form a more comprehensive understanding of the impact of zero-rated services, the factors that affect the adoption of these services, and the possible use of these services in more developed countries than if we studied users or non-users alone or those who were unconnected and low-income only. Both groups were asked to talk about their online habits (i.e. time spent online, what websites or apps they used etc), how much money they typically spent on Internet access, and how, if at all, they worked to keep their mobile Internet costs down.

What did we find?: Our findings suggest that:

  1. Free Basics does shape users’ Internet use and their choices of which online services to use. Users can get online more frequently and are driven to use ‘free’ services especially when they have fewer resources to get online.
  2. The impact of zero-rated services is highest on the lowest income users but can be a supplemental help to more well resourced users who need to get online.
  3. Users find the concept of zero-rating confusing which complicates the process of managing mobile Internet costs.

We suggest that zero-rated platforms give users agency to influence what is included in these platforms and a voice about the impact of these services on them. We also suggest that alternative models of zero-rating be examined for comparative impact assessment. Lastly, we suggest more interface design work is needed to help users form an improved mental model of zero-rated services.

Read the full paper to find out more!


conferences trip report

Trip Report – LISA conference 2017

Posted on behalf of Lisa Rogers.

What conference did I go to?

I attended the USENIX Large Installation System Administration (LISA) conference. I was there to recruit participants for a study we are conducting on system administrators who handle software updates for multiple machines. This is a unusual and difficult target demographic to recruit for so I wanted to use the conference as a way to reach the right study population. I also wanted to gain further background information of the industry at large to inform our data collection and data analysis processes.

Where was the conference held?

In the Market District of San Francisco just across the street from the Bay.

What was my favorite part of the conference?

The community was incredibly welcoming. So many people took the time to talk to me about our research, and career paths, and even on blue sky topics such as the one discussion we had on the best way to RFID tag a moving entity like a cow. I had not ever been to a conference before with quite as much of an open source culture. It was fascinating hearing people from all facets of the industry have very frank conversations about their methods, corporate culture, and policy barriers.

What was my least favorite part of the conference?

That there were so many interesting things going on at the same time and I could not be at all of them! I am really glad they posted the talks online, but wish I had known they didn’t post the tutorials as well. I would have attended tutorials rather than talks if I had known.

What lessons did I learn from recruiting participants from a conference setting?

We set up a booth to attract potential participants to take our survey or sign up for an interview. This was pre-arranged with the conference organizers. We took care to make our booth colorful and to have lots of swag to use to compensate potential participants if they passed our table such as little LEGO packs and candy. I learned that the LEGOs we had at the table at the EXPO drew many more people than the phone incentive we were offering for participation in our survey. Also, I had put many chairs at the booth since the EXPO was mostly standing and these chairs were a big draw for people to sit down and take the survey. For the future, even if they are less expensive or fancy, tangible incentives such as our LEGOs or candy were much more enticing to participants than the chance of a big figure prize. Next time I would capitalize on that kind of incentive for study participation more, and perhaps do a daily raffle or the like on a smaller prize to draw people to the booth. I noticed that worked well for some of the other booths. Also, very few people wanted to use their limited conference time to complete the interview. It was a great place for recruiting for a short survey but not so much for conducting a longer style interview. I actually did, however, interview many people who signed up at the conference at a later stage, soon after I returned from the event.

Having a booth definitely changed the conference experience as well. Even when I was not at the EXPO, I had a hard time making it into talks, because people recognized me and would be curious to discuss our research. Given the purpose of my presence at the conference, I saw these as great opportunities as well. During my “Hallway Track” I learned everything from the basics of programming embedded RFIDs, to how to justify training budgets (especially once your company is acquired by a large company), to non traditional paths in DevOPs that leverage an HCI background.


Kids and Privacy Online at CSCW 2018

Posted on behalf of Priya Kumar

Below we share findings and recommendations from our paper on elementary school-aged children and privacy online that will be presented at the 2018 ACM Conference on Computer Supported Cooperative Work and Social Computing (CSCW).

What did we do? Children under age 12 increasingly go online, but few studies examine how children perceive and address privacy and security concerns. Using a privacy framework known as contextual integrity to guide our analysis, we interviewed children and their parents to understand how children conceptualize privacy and security online, what strategies they use to address any risks they perceive, and how their parents support them when it comes to privacy and security online.

How did we do it? We interviewed 26 children ages 5-11 and 23 parents from 18 families in the Washington, DC metropolitan area. We also walked through a series of hypothetical scenarios with children, which we framed as a game. For example, we asked children how they imagined another child would respond when receiving a message from an unknown person online.

What did we find? Children recognized how some components of privacy and security play out online, but those ages 5-7 had gaps in their knowledge. For example, younger children did not seem to recognize that sharing information online makes it visible in ways that differ from sharing information face-to-face. Children largely relied on their parents for support, but parents generally did not feel their children were exposed to privacy and security concerns. They felt such concerns would arise when children were older, had their own smartphones, and spent more time on social media.

What are the implications of this work? As the lines between offline and online increasingly blur, it is important for everyone, including children, to recognize (and remember) that use of smartphones, tablets, laptops, and in-home digital assistants can raise privacy and security concerns. Children absorb some lessons through everyday use of these devices, but parents have an opportunity to scaffold their children’s learning. Younger children may also be more willing to accept advice from their parents compared to teenagers. Parents would benefit from the creation of educational resources or apps that focus on teaching these concepts to younger children. The paper explains how the contextual integrity framework can inform the development of such resources.

Read our CSCW 2018 paper for more details or about how we used contextual integrity here!


Uncovering tensions in personal data management

At a time when the line between our online and offline lives becomes increasingly blurred, it is important to examine how people deal with the overwhelming amount of digital data they interact with on a daily basis. This paper report is posted on behalf of Samantha Jaroszewski revisiting one of the lab’s CSCW papers from last year on data management practices.

 What did we do?: We identified and explored the qualitative, affective, morally inflected narratives that surround people’s data management practices in the US and Korea.

How did we do it?: We conducted semi-structured interviews with 34 participants in the United States and Korea. During the interviews, we asked our participants to physically map out – using paper and pens, markers and/or colored pencils – their digital ecosystem. In particular, we probed respondents to walk us through the networked devices they use. This yielded insights about unique configurations of phones, computers, sound systems, fitness trackers, cameras, and file sorting.

What did we find?: Our findings point to the complex, heterogeneous and highly customized ways in which people assemble, navigate, and conceptualize their use of digital products and services. In particular, we identified morally inflected narratives surrounding data management practices. Our participants spoke of how their choices were informed by a particular sense of self, such as being a responsible consumer, or a set of values, such as being a good mother. However, the same value (take being a good mother for example) could be approached with mutually exclusive practices: one mother could engage heavily in photo sharing practices to be a good mother by sharing photos with family across the globe, while other mothers enacted “good” mothering practices by protecting their children, meaning they took great care to prevent sharing a child’s likeness. These complex negations are meaningful to our participants’ sense of self, participation in networks, and use of product and corporate ecosystems.  

What are the implications of the work?: Our findings emphasize the important relational work and tensions that lie at the intersection of people’s social lives and their needs around organizing their digital lives. Understanding broad data narratives rather than focusing on specific, isolated nodes in people’s ecosystem facilitates conversations about motivations, tensions, concerns, and tradeoffs made about technology adoption, use, and satisfaction.  

Read the full paper here.


Distinguished Lecture in Human-Computer Interaction Speaker Series – Fall 2017 Edition

This year we are fortunate to host the Distinguished lecture series in Human-Computer Interaction. We have 4 amazing speakers coming – mark your calendars to get your full dose of a breadth of fantastic work by leaders in the field.


final public oral

Congratulations to KatieAnna Wolf for passing her final public oral (FPO)!

Congratulations to KatieAnna Wolf who gave a great presentation today on her work investigating user personalization of data sonification – that is the ability to use sound to represent different types of data. Katie’s work specifically examined how users can personalize their sonifications to represent data in two very different settings. In the first instance, she designed and evaluated a tool called ESCaper to allow users to use natural soundscapes to represent different forms of data on Twitter. For example, using ESCaper, users could use sounds to represent a particular twitter account or the frequency of tweets.

In the second instance, Katie investigated how users in an audience can personalize a live music performance by changing the sounds of the instruments performers are using. Both these studies showed the potential of user personalization of data sonification and to read more, please check out Katie’s dissertation. Well done Katie! We wish you all the best in Denver!

KatieAnna presenting her FPO
KatieAnna presenting her FPO