Feature Request: Anti-Keystroke Fingerprinting Tool
Keystroke fingerprinting works by measuring how long keys are pressed and the time between presses. Its very high accuracy poses a serious threat to anonymous users.
This tracking technology has been deployed by major advertisers (Google, Facebook), banks and massive online courses. Its also happening at a massive scale because just using an interactive JS application in presence of a network adversary that records all traffic allows them to construct biometric models for virtually everyone (think Google suggestions) even if the website does not record these biometric stats itself. They have this data from everyone's clearnet browsing and by comparing this to data exiting the Tor network they will unmask users.
As a countermeasure security researcher Paul Moore created a prototype Chrome plugin known as KeyboardPrivacy. It works by caching keystrokes and introducing a random delay before passing them on to a webpage. Unfortunately there is no source code available for the add-on and the planned Firefox version has not surfaced so far. There are hints that the author wants to create a closed hardware solution that implements this which does not help our cause.
A very much needed project would be to write a program that mimics the functionality of the this add-on but on the display server / OS level. Ideally the solution would be compatible with Wayland for the upcoming transition in the near future.
#1 Updated by Dr_Whax almost 4 years ago
- Priority changed from High to Low
While I agree that we'd like something like this.. somebody has to do the actual work. Most probably, these people won't be us since were over occupied. But we welcome contributions to make this happen! Maybe one could apply to Tor Project GSOC to make a start?
Lowering priority to low since we won't do the work.
#4 Updated by bancfc almost 4 years ago
Unfortunately not yet fixed in Tor Browser.
Quote Dr. Steven Murdoch, Researcher and Developer
#6 Updated by Anonymous over 2 years ago
- QA Check deleted (
According to https://www.torproject.org/projects/torbrowser/design/ paragraph 20
TorBrowser has patched Firefox in order to avoid fingerprinting. Quoting this document: "Implementation Status: We clamp keyboard event resolution to 100ms with a Firefox patch."
I believe that this issue should be solved in TorBrowser in any case.
So I wonder @bancfc, does this resolve this ticket or are you still missing some information?