[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [tor-talk] Profiling Tor users via keystrokes



flapflap:
> Hi!
> 
> (I didn't find this topic discussed here yet and I think it might be
> interesting)
> 
> the article
> 
> http://arstechnica.com/security/2015/07/how-the-way-you-type-can-shatter-anonymity-even-on-tor/
> says that apparently it's possible to deanonymise Tor users by analysing
> their keystrokes in input fields of websites.
> 
> Is it valid to assume that such a technique is possible to be deployed
> by, for example, cloudflare? (needs JavaScript, has an input field)
> (or is it required for learning to always enter the same text by the
> same user?)
> 
> Is there need for modifications in the Tor Browser Bundle/upstream Firefox?

We already patch Tor Browser to reduce the precision of keypress events.
See: https://bugs.torproject.org/1517. It would be nice to see a study
that evaluates whether this is effective or not and if not, why not.
Anyway, there is still something to do in this area:
https://bugs.torproject.org/16110.

Georg


Attachment: signature.asc
Description: OpenPGP digital signature

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk