Re: [tor-dev] PrivCount - Draft of secret-sharing specification

[Carolin Zöbelein]

Hi,

> Hi,
> 
> This looks like a great overview of the Shamir secret-sharing
> protocol.
> 
> We talked about instantiating it with unsigned 64-bit integers on
> IRC.
> It would be easier for me to understand it (and for someone to code
> it).
> 
> This would also help us define an interchange format, or modify the
> prop 280 interchange format to support secret sharing.
> 
> For hints about how this works, look at proposal 280, which also uses
> unsigned 64 bit integers.
> 
> Tim

I will work on this and the long list of still open TODOs in the
proposal, the next days. Hence please have a look at

https://github.com/Samdney/28X-k-of-n-secret-sharing

for changes, from time to time.

I will be around at irc, too ;).

Btw, should I also create a ticket for this proposal for important
topic discussions?

Bye,
Carolin

-- 
---
Carolin Zöbelein / Nick: Samdney
PGP: D4A7 35E8 D47F 801F 2CF6 2BA7 927A FD3C DE47 E13B
---

___
tor-dev mailing list
tor-dev@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

Re: [tor-dev] User perception of the prop224 domain format

[Alec Muffett]

On 27 September 2017 at 22:25, Ben Laurie  wrote:

> Your survey is obviously massively biased towards users of Tor. It
> would be really interesting to know what non-users think.


 Yes and no; I can totally see that from a user-experience perspective, it
would be exciting research to rock up to someone and say:

"Here's a really long URL, how does it make you feel?"

…and (at least) in this matter, Prop224 Onion addresses are subjectively
less intimidating than:

https://[2001:0db8:85a3:::8a2e:0370:7334]/foo.html

…even though both of them are representations of Layer-3/similar
machine-readable addresses*

*However*, there is such a thing as "inviting people to beat you up in such
a way as to draw media criticism without plausible likelihood for
constructive input", and I feel that this would be onesuch.

Experiential evidence:

1) the number of people who've told me in-past that Email addresses are
unusably unmemorable, except somehow 30..40 years later we are still using
them, and have developed coping strategies, eg: address books.

2) the number of people who've told me in-past that IPv4 addresses are
unusably unmemorable, except for 8.8.8.8 and 192.168.1.1 which somehow are
enough for people to bootstrap access to the rest of the internet, and use
various coping strategies (eg: DNS, bookmarks)

3) the number of people who've told me in-past that Old-Style Onion
addresses are unusably unmemorable, until (as mentioned above) Facebook and
a few other good ones got mined, and people started taking Onion networking
mildly seriously as a means of more-secure enterprise communication… Oh,
and bookmarks as a coping strategy.

4) phone numbers. unusably unmemorable. coping strategies: in-phone address
books + address-book synchronisation. etc etc etc.


So: can we do better with Onion UX? Certainly.

Should we research improvements to user experience? Absolutely.

Should Tor invite opinionated people to come piss all over its equivalent
of https://[2001:0db8:85a3:::8a2e:0370:7334]/foo.html? Probably
not. Just my opinion. I don't feel it would benefit anyone except (a)
haters, and (b) academics who research only "what doesn't work" because
researching "what /does/ work" is beyond the scope of their funding.

 -a

* explanatory thread:
https://twitter.com/AlecMuffett/status/802161730591793152

-- 
http://dropsafe.crypticide.com/aboutalecm
___
tor-dev mailing list
tor-dev@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

Re: [tor-dev] User perception of the prop224 domain format

[Philipp Winter]

On Wed, Sep 27, 2017 at 10:25:04PM +0100, Ben Laurie wrote:
> On 27 September 2017 at 21:26, Philipp Winter  wrote:
> > However, our survey data is likely biased towards a particularly young
> > and educated crowd that's presumably less bothered by technological
> > hurdles, which may be why they can afford to care more about content.
> 
> Your survey is obviously massively biased towards users of Tor.

It's *only* Tor users, to be precise.
___
tor-dev mailing list
tor-dev@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

Re: [tor-dev] User perception of the prop224 domain format

[Ben Laurie]

On 27 September 2017 at 21:26, Philipp Winter  wrote:
> However, our survey data is likely biased towards a particularly young
> and educated crowd that's presumably less bothered by technological
> hurdles, which may be why they can afford to care more about content.

Your survey is obviously massively biased towards users of Tor. It
would be really interesting to know what non-users think.
___
tor-dev mailing list
tor-dev@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

[tor-dev] User perception of the prop224 domain format

[Philipp Winter]

We recently ran a survey on the usability of Tor and onion services [0].
I had a closer look at how our respondents perceive the prop224 domain
format and wanted to share some early insights.  The original survey
question was:

> The Tor Project is currently working on the next generation of onion
> services.  The new onion domain format will consist of 52 characters,
> for example:
> a1uik0w1gmfq3i5ievxdm9ceu27e88g6o7pe0rffdw9jmntwkdsd.onion
> Do you expect this to change your browsing habits?

591 users answered this question.  95 (16%) selected that prop224
domains will change their habits while the remaining 496 (84%) selected
that their habits won't be affected.

Respondents who believe that their habits will change (16%) gave the
following reasons:

- Several users memorise a number of onion domains -- most prominently
  Facebook's onion domain and self-hosted domains.  They write that
  memorising domains will no longer be possible, and they will look into
  bookmarking tools.  Several users voiced concern about the
  confidentiality of their bookmarks, so they are looking into ways to
  encrypt them.

- Similarly but less commonly, users voice concerns that communicating,
  typing, and writing down prop224 domains will no longer be feasible.

- A small number of users write that it will be harder to recognise
  onion domains.  Alarmingly, one user mentioned that the lack of a
  discernible prefix will make it hard to recognise genuine domains,
  suggesting that they rely on an onion domain's easy-to-spoof vanity
  prefix.

- A user suggested to add spaces to prop224 domains to "make the address
  more visually appealing."

Respondents who believe that their habits will *not* change (84%) gave
the following reasons:

- The majority of this crowd never bothered to memorise onion domains
  and uses bookmarks.  A bunch of users store domains in text files and
  an even smaller bunch uses search engines to rediscover domains.  In
  general, most people in this category treat onion domains as an opaque
  identifier.

- Some users write that the additional inconvenience is likely worth the
  extra security and anonymity.

- Some users mention Reddit as their primary way of discovering onion
  domains.

Judging by the above, I believe that the new domain format is among the
minor usability issues surrounding onion services.  In fact, an
easy-to-remember domain format ranks last among the six criteria whose
importance we asked users about.  On a five-point Likert scale ranging
from "not at all important" to "very important," we got the following
results:

- 77% think that quality of content is at least somewhat important.
- 70% think that a search engine (like Google) for onion services is at
  least somewhat important.
- 66% think that diversity of content is at least somewhat important.
- 62% think that page load time is at least somewhat important.
- 43% think that having an onion service version of popular services
  such as Facebook is at least somewhat important.
- 26% think that an easy-to-remember domain format is at least somewhat
  important.

However, our survey data is likely biased towards a particularly young
and educated crowd that's presumably less bothered by technological
hurdles, which may be why they can afford to care more about content.

[0] 

Cheers,
Philipp
___
tor-dev mailing list
tor-dev@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev