[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-talk] Successful experiment boosting the number of users using OpenPGP verification for file download

To: liberationtech <liberationtech@xxxxxxxxxxxxxxxxxx>
Subject: [tor-talk] Successful experiment boosting the number of users using OpenPGP verification for file download
From: adrelanos <adrelanos@xxxxxxxxxx>
Date: Wed, 31 Jul 2013 17:30:29 +0000
Cc: tor-talk@xxxxxxxxxxxxxxxxxxxx, The Tails public development discussion list <tails-dev@xxxxxxxx>, gnupg-users@xxxxxxxxx, whonix-devel@xxxxxxxxxx
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 31 Jul 2013 13:31:01 -0400
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>

Hi!

I hope you are interested in the results of a little experiment.

Q: How many users downloaded OpenPGP signatures with the old design of
download page? (You can see the design here: [1] [2])

A: 1 in ~30 users.

Q: How many users downloaded OpenPGP signatures after adding a colored
download table, which indicates, that http downloads without OpenPGP
verification is the least secure method, to the download page? (You can
see the design here: [3])

A: 1 in ~11 users.

Note: This is only an approximation. No experiment meeting scientific
standards. However, while the number of downloads didn't decrease, the
number of signature downloads significantly increased. Which is a good
thing, isn't it? Downloading a signature doesn't imply, the user
successfully managed to use OpenPGP verification or that the user
couldn't be tricked or just ignored an invalid signature error message.

You can get some more information and more detailed statistics here: [5] [6]

This is also a follow up to: "[liberationtech] secure download tool -
doesn't exist?!?" [4]

Cheers,
adrelanos

Footnotes:

[1] http://www.webcitation.org/6IWk5h4E9
[2] Please ignore the "Moved to https://www.whonix.org"; part. That
snapshot has been forgotten and made later. Nevertheless it gives an
impression how the old download page looked like.)
[3] http://www.webcitation.org/6IWk5h4E9
[4]
https://mailman.stanford.edu/pipermail/liberationtech/2013-July/009625.html
[5] https://whonix.org/wiki/Dev/Download_Statistics
[6] http://www.webcitation.org/6IWlyqokZ
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsusbscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] Successful experiment boosting the number of users using OpenPGP verification for file download
  - From: Andrew F

Prev by Author: Re: [tor-talk] TorBirdy patches for Mozilla Thunderbird
Next by Author: Re: [tor-talk] Welcome to the "tor-talk" mailing list
Previous by thread: Re: [tor-talk] Help wanted: bug when using a public relay as a bridge?
Next by thread: Re: [tor-talk] Successful experiment boosting the number of users using OpenPGP verification for file download
Index(es):
- Author
- Thread