Designing Websites For The Tor Browser
It’s safe to say 2017 wasn’t a good year for cybersecurity. From high-profile hacks at Verizon and Equifax to spying accusations and cryptocurrency theft, public confidence in the privacy and sanctity of online information took a battering.
Tor for the Win
Our growing distrust of online service providers did, however, benefit the Tor browser, whose user numbers almost trebled during 2017. Tor now claims to have 4.5 million directly connecting users, though this figure is an educated guess. The oblique way data is transmitted to client terminals makes exact statistical analysis difficult, since anonymity is a cornerstone of Tor.
The Tor browser sends and receives 512-byte data cells through randomly selected routers, each of which is only online for a short period of time. That makes it almost impossible to determine which users requested what data, like a series of anonymous VPNs. This is, of course, great from a privacy perspective, particularly for anyone who enjoys an occasional foray into the deep web. However, Tor is also designed to be fully compatible with the surface web. And, since data takes a comparatively long time to reach its destination, websites sometimes take a long time to display – if they do at all.
The most recent stable release of the Tor browser (7.5) has been streamlined and simplified, so it loads more quickly and requires less setup. Yet despite its growing market share, Tor is often overlooked when web developers are beta testing new company websites prior to launch. Its unusual architecture means designers and programmers should consider ways to improve their output for Tor users, rather than assuming this niche browser isn’t important…
Reducing the size of web pages to accelerate their appearance is good practice on any device, but this is especially the case with Tor. Because data packets follow oblique routes, Tor renders more slowly than built-for-speed browsers like Chrome or Safari. It’s crucial to avoid unnecessary CSS or scripting while deleting superfluous WordPress plugins and avoiding data-heavy components including cinemagraphs or parallax scrolling. As a rule of thumb, design desktop sites with mobile optimization principles in mind. That’s especially valuable for homepages since 40% of site visitors don’t go any further.
There are various techniques for improving the efficiency of web pages. Lazy loading on scrolling pages ensures images aren’t downloaded until the user scrolls to placeholder positions. Images should also be saved as JPGs rather than less efficient BMPs or TIFs, and compressed as far as possible without starting to pixelate on a Retina screen. Another rule applicable to every website is to avoid autoplaying video files, whose sound can startle and whose visuals hog bandwidth. Videos don’t always play well in Tor, but if AV content is essential, host it remotely and give users the option to press play themselves.
Tor isn’t keen on pop-ups or new web pages, which is worth considering for ecommerce sites or other platforms reliant on multiple windows. It’s more susceptible than other browsers to freezing or hanging when its memory becomes exhausted by instructions, and opening a new tab or dialog adds to the strain. Tor also recommends that web pages shouldn’t be maximized on-screen, so subsequent browser pages might be quite compact – requiring responsive site frameworks to display content effectively.
Web browsers can often be identified by their use of unique fonts, so it’s advisable to fall back on classics like Arial and Helvetica when designing websites for Tor users. Sites detecting moving IP addresses may dismiss a genuine visitor as a botnet, so it may be useful to create a dedicated .onion URL people can visit. Facebook is among the platforms to have done this, combining its core functionality with Tor’s encrypted anonymity. Developers also avoid need to tables, which are still being used despite their irrelevance in HTML5.
Don’t check a draft web page loads in Tor and declare your work done. Study every detail of its presentation, from line spacing and kerning to menu mouseovers and page scrolling speeds. Test WordPress plugins to ensure they operate stably and confirm internal links work properly. Finally, rigorously test third-party browser plugins for issues. As an example of what to look for, Google plugins might display in foreign languages if they’re unable to geolocate a user device’s location.