Project

General

Profile

Bug #11257

Feature Request: Anti-Keystroke Fingerprinting Tool

Added by bancfc about 3 years ago. Updated 9 months ago.

Status:
Rejected
Priority:
Low
Assignee:
Category:
-
Target version:
-
Start date:
03/17/2016
Due date:
% Done:

0%

QA Check:
Feature Branch:
Type of work:
Code
Blueprint:
Starter:
Affected tool:
Browser

Description

Keystroke fingerprinting works by measuring how long keys are pressed and the time between presses. Its very high accuracy poses a serious threat to anonymous users.[1]

This tracking technology has been deployed by major advertisers (Google, Facebook), banks and massive online courses. Its also happening at a massive scale because just using an interactive JS application in presence of a network adversary that records all traffic allows them to construct biometric models for virtually everyone (think Google suggestions) even if the website does not record these biometric stats itself.[2] They have this data from everyone's clearnet browsing and by comparing this to data exiting the Tor network they will unmask users.

As a countermeasure security researcher Paul Moore created a prototype Chrome plugin known as KeyboardPrivacy. It works by caching keystrokes and introducing a random delay before passing them on to a webpage.[3] Unfortunately there is no source code available for the add-on and the planned Firefox version has not surfaced so far. There are hints that the author wants to create a closed hardware solution that implements this which does not help our cause.

A very much needed project would be to write a program that mimics the functionality of the this add-on but on the display server / OS level. Ideally the solution would be compatible with Wayland for the upcoming transition in the near future.

[1] http://arstechnica.com/security/2015/07/how-the-way-you-type-can-shatter-anonymity-even-on-tor/

[2] http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=7358795

[3] https://archive.is/vCvWb

History

#1 Updated by Dr_Whax about 3 years ago

  • Priority changed from High to Low

While I agree that we'd like something like this.. somebody has to do the actual work. Most probably, these people won't be us since were over occupied. But we welcome contributions to make this happen! Maybe one could apply to Tor Project GSOC to make a start?

Lowering priority to low since we won't do the work.

#2 Updated by mercedes508 about 3 years ago

  • Status changed from New to Confirmed

#3 Updated by sajolida about 3 years ago

  • Assignee set to bancfc
  • QA Check set to Info Needed

Is this relevant outside of the browser? If so in which cases? Otherwise why couldn't this be solved in the browser only?

#4 Updated by bancfc about 3 years ago

Unfortunately not yet fixed in Tor Browser.


Quote Dr. Steven Murdoch, Researcher and Developer

Tor Browser does reduce the precision of the Javascript timers available for fingerprinting, but Runa’s experiment shows that this is not sufficient to defeat the attack.

It's very useful to have it fixed on the OS level, then even compromised containers could not perform keystroke fingerprinting. Another reason is, that other applications (chat clients come to mind) and others that implement javascript one or another way, may be leaking this also. So having this fixed in Tor Browser is nice but non-ideal.

#5 Updated by BitingBird almost 3 years ago

  • Affected tool set to Browser

#6 Updated by u almost 2 years ago

  • QA Check deleted (Info Needed)

According to https://www.torproject.org/projects/torbrowser/design/ paragraph 20
TorBrowser has patched Firefox in order to avoid fingerprinting. Quoting this document: "Implementation Status: We clamp keyboard event resolution to 100ms with a Firefox patch."
Patch: https://gitweb.torproject.org/tor-browser.git/commit/?h=tor-browser-45.8.0esr-6.5-2&id=1febc98f7ae5dbec845567415bd5b703ee45d774

I believe that this issue should be solved in TorBrowser in any case.

So I wonder @bancfc, does this resolve this ticket or are you still missing some information?

#7 Updated by u 9 months ago

  • Status changed from Confirmed to Rejected

No news in a year and abovementioned fix. Rejecting. Feel free to reopen if necessary.

Also available in: Atom PDF