Identifying Users on TOR Based on the Subtle Differences in Their Typing

#Privacy

Sun, Aug 2nd, 2015 10:00 by capnasty NEWS

According to Ars Technica, security researchers have been able to refine a profiling technique capable of recognizing when the same user is online based solely on their typing nuances. Because of the threat it poses to "anyone who wants to shield their identity online," the researchers have released a Chrome plug-in which is "designed to blunt the threat."

Sandvik said she visited this profiling demo site using a fully updated Tor browser, and the site was able to construct a profile of her unique typing habits. That means Tor-anonymized websites—either because their operators are malicious or are cooperating with law enforcement agencies—can use similar profiling scripts that track people across both public and darkweb destinations. While the Tor browser limits the amount of JavaScript that sites can run, it allowed all the code needed to make the demo profiling app work during Sandvik's experiment. Had JavaScript been disabled altogether, the profiling would have been blocked. So while blocking JavaScript is useful, that approach might not make a difference against a profiling app that found a means other than JavaScript to measure typing characteristics.

The gathering of unique keystroke characteristics is an example of what's known as behavioral biometrics, or the measurement of something a person does, such as speaking, walking, or typing. So far, Thorsheim and Moore say, several banking websites appear to be using keystroke profiling to perform an additional layer of authentication on site users. [...]

  1046

 

You may also be interested in:

How the NSA Infiltrates Google and Yahoo Data Centres
"Encode your message into something innocent looking."
NSA Spying Explained With Dick Pics
You Should Not Post Any Picture of Your Kids On Facebook
Connecting to a Public WiFi Makes Your Phone Vulnerable to Attack