[tor-dev] More TBB usability challenges
andrew at torproject.is
Wed Nov 28 18:10:00 UTC 2012
I was asked to meet with some people doing work in dangerous areas of
Latin America. In general, these people can get around and work with
Microsoft Windows competently. They are all fluent in English, Spanish,
and various dialects found in Latin American countries. Most of them
had Spanish-language versions of Windows 7 on their laptops.
# Getting TBB
During the discussion, an informal usability study happened. I thought
having a discussion about this may be better than simply opening a trac
Here's roughly the scenario. I asked people to download Tor Browser from
our website. All found Tor's website via Bing. Interestingly, some
searched for "tor", others for "tor browser", and one for "tor project".
They were all using Internet Explorer and Bing because that's the
default for Windows 7. Thankfully, our website is the top result for all
three queries at Bing.
They all found the big purple "Download Tor" button on the index page.
Issue #1: Running TBB from the website. When clicking the orange
"Download Tor Browser Bundle" button, IE prompts them to "Run", "Save",
or "Cancel". All of them chose "Run".
Issue #1A: When choosing "Run", a prompt appears, "The publisher of
tor-browser-2.2.39-5_en-US.exe couldn't be verified. Are you sure you
want to run the program?". All of them hit "Yes" and ignored the
Issue #1B: When the download completed, they were prompted with the
7zip self-extractor giving them a path similar to this:
Files\Content.IE5\T868H68M\". All of them pushed the "Extract" button
and let 7zip extract TBB into that temporary directory.
A few of them went to the Downloads folder to try to find TBB.
However, it's not there because it's extracted into a temporary folder.
This folder is not reachable by the user through File Explorer.
Issue #2: Downloading TBB. After some Q&A about what happened, I asked
them to "Save" rather than "Run". TBB then downloads. The user is
prompted with a warning box stating, "The publisher of
tor-browser-2.2.39-5_en-US.exe couldn't be verified." And the user is
left to choose between "Run" and "View downloads". When clicking "Run"
the user is prompted with the 7-zip self-extractor prompt and
"C:\Users\tor\Downloads\" is the default path. All of them hit the
"Extract" button. None of them were sure what just happened nor why TBB
needs to be extracted.
Issue #2A: The self-extract completes and the user is left looking at
their IE window with the TBB download page. Three of them went to their
Downloads folder to find Tor. The other few waited for something to
happen. When I asked the waiting few why they were waiting, they said
because they "ran TBB" and expected the extraction to automatically
start TBB for them.
Issue #3: In the Downloads folder there are two things called "tor
browser", one is an application the other is a file folder. See
for an example. Most of the people had hundreds of files in the
Download folder, so it wasn't as clear as this example screenshot.
Some people wanted to run the application, because in their mind, you
run an application.
When asked to go into the Tor Browser folder, they all found "Start Tor
Browser" and ran it (some double-left click, some right click and
choose "Open"). See
for what it looks like by default.
Issue #4: Once TBB was started, the users would alt-tab between
applications or choose various apps in their task bar at the bottom of
the screen. They kept clicking the onion icon because they thought it
was TBB, when it brings up the Vidalia control panel. This is what it
Issue #5: No one knew what "Startpage" was nor why it was in the top
bar. Just like IE, they all wanted to search from the awesome bar by
default. This does work, and they can search via startpage.com via the
From here on out, the normal TBB issues apply, as demonstrated by
Greg's HotPETS paper,
I asked how we can improve this entire process. The consensus is that
TBB needs to be a single application people can just run and get the
browser going. The extraction process was confusing and was sometimes
called an installation process. They felt that "running" it from the
tor download site was fine, so long as everything just worked and a
browser window popped up.
They also felt that the Vidalia control panel was unnecessary. It just
confused them. The only thing they felt was valuable was the Network
Map. A caveat is that we were on a US network which didn't censor. The
Message Log and bridge/obfsproxy functionality wasn't needed in this
case. I suspect it will be when they try this in Latin America.
More information about the tor-dev