Anonymity plays a vital role in modern societies. Using the protective cloak of anonymity, whistle-blowers are able to raise concern over worrying activities, journalists are able to protect their sources and investigate the powerful, abuse victims can seek help without fear that they will be discovered by their abusers, immigrants can seek advice on their legal situations, and other at-risk populations can remain safe. The most widely-used anonymity system on the Internet today is Tor, and like all anonymity systems it is dependent on having a large anonymity set, or set of indistinguishable users, in order to provide anonymity. This makes usability and user experience extremely important for anonymity. The more usable a system is, and the better experience it provides to its users, the larger the anonymity set can grow.

In this thesis we examine the usability and user experience of Tor from three perspectives. First we study how well users understand the software that they are using by studying their mental models of the Tor network. We find that experts and non-experts have different understandings of the internal workings of the Tor anonymity network, with experts having a more complete model of it as a complex network and focusing on the networking portion, while non-experts focus on the Tor Browser as a black box

service. Both experts and non-experts show gaps in their mental models that can lead to misuse of the software.

Next we examine the User eXperience (UX) flaws of the Tor Browser. We asked participants that resembled a new, non-technical user base of Tor to use the Tor Browser as their default browser for a period of 7 days. During this time we spawned a survey for them to fill out every time they finished browsing. From these surveys, some semi-structured interviews, and some write-ups we discovered that Tor Browser users face multiple issues, including broken functionality, differential treatment, geo-location issues, and more.

Finally we examined the Tor Browser Friendliness of the Web by creating a suite of tools used to log and examine the creation of DOM trees and the execution of JavaScript scripts on the Tor Browser and on Firefox. We then performed deep-dive analysis on 40 Web sites randomly drawn from 4 categories. From these analyses we discovered many instances in which the Web sites break on the Tor Browser, and use them to better understand what it means to be Tor Browser Friendly. We then present guidelines for how to make a Web service Tor Browser friendly.

The results and insights gained from each of these projects have been reported to the Tor Project, and have influenced decisions in the design of the Tor Browser. Other changes are in discussion for being implemented.