Identifying Users on TOR Based on the Subtle Differences in Their Typing


Sun, Aug 2nd, 2015 10:00 by capnasty NEWS

According to Ars Technica, security researchers have been able to refine a profiling technique capable of recognizing when the same user is online based solely on their typing nuances. Because of the threat it poses to "anyone who wants to shield their identity online," the researchers have released a Chrome plug-in which is "designed to blunt the threat."

Sandvik said she visited this profiling demo site using a fully updated Tor browser, and the site was able to construct a profile of her unique typing habits. That means Tor-anonymized websites—either because their operators are malicious or are cooperating with law enforcement agencies—can use similar profiling scripts that track people across both public and darkweb destinations. While the Tor browser limits the amount of JavaScript that sites can run, it allowed all the code needed to make the demo profiling app work during Sandvik's experiment. Had JavaScript been disabled altogether, the profiling would have been blocked. So while blocking JavaScript is useful, that approach might not make a difference against a profiling app that found a means other than JavaScript to measure typing characteristics.

The gathering of unique keystroke characteristics is an example of what's known as behavioral biometrics, or the measurement of something a person does, such as speaking, walking, or typing. So far, Thorsheim and Moore say, several banking websites appear to be using keystroke profiling to perform an additional layer of authentication on site users. [...]



You may also be interested in:

"Children themselves are unaware that everything they say to the doll is being listened to."
The Biggest Threat to Our Privacy is Ourselves
Apple Will No Longer Unlock iPhones for the Police
Spy Agencies Use 'Angry Birds' to Determine Users' Age, Location and Sexual Orientation
Know What Terms of Service You're Agreeing To Without Reading Them