Identifying Users on TOR Based on the Subtle Differences in Their Typing

#Privacy

Sun, Aug 2nd, 2015 10:00 by capnasty NEWS

According to Ars Technica, security researchers have been able to refine a profiling technique capable of recognizing when the same user is online based solely on their typing nuances. Because of the threat it poses to "anyone who wants to shield their identity online," the researchers have released a Chrome plug-in which is "designed to blunt the threat."

Sandvik said she visited this profiling demo site using a fully updated Tor browser, and the site was able to construct a profile of her unique typing habits. That means Tor-anonymized websites—either because their operators are malicious or are cooperating with law enforcement agencies—can use similar profiling scripts that track people across both public and darkweb destinations. While the Tor browser limits the amount of JavaScript that sites can run, it allowed all the code needed to make the demo profiling app work during Sandvik's experiment. Had JavaScript been disabled altogether, the profiling would have been blocked. So while blocking JavaScript is useful, that approach might not make a difference against a profiling app that found a means other than JavaScript to measure typing characteristics.

The gathering of unique keystroke characteristics is an example of what's known as behavioral biometrics, or the measurement of something a person does, such as speaking, walking, or typing. So far, Thorsheim and Moore say, several banking websites appear to be using keystroke profiling to perform an additional layer of authentication on site users. [...]

  1181

 

You may also be interested in:

Social Media Sites Can Learn Lots About You Even if You Are Not a Member
A Fast, Lean and Efficient Blocker for Browsers
The Biggest Threat to Our Privacy is Ourselves
Google and the NSA Always Had a Working Relationship
Portable Operating System that Preserves Privacy and Anonymity