Identifying Users on TOR Based on the Subtle Differences in Their Typing


Sun, Aug 2nd, 2015 10:00 by capnasty NEWS

According to Ars Technica, security researchers have been able to refine a profiling technique capable of recognizing when the same user is online based solely on their typing nuances. Because of the threat it poses to "anyone who wants to shield their identity online," the researchers have released a Chrome plug-in which is "designed to blunt the threat."

Sandvik said she visited this profiling demo site using a fully updated Tor browser, and the site was able to construct a profile of her unique typing habits. That means Tor-anonymized websites—either because their operators are malicious or are cooperating with law enforcement agencies—can use similar profiling scripts that track people across both public and darkweb destinations. While the Tor browser limits the amount of JavaScript that sites can run, it allowed all the code needed to make the demo profiling app work during Sandvik's experiment. Had JavaScript been disabled altogether, the profiling would have been blocked. So while blocking JavaScript is useful, that approach might not make a difference against a profiling app that found a means other than JavaScript to measure typing characteristics.

The gathering of unique keystroke characteristics is an example of what's known as behavioral biometrics, or the measurement of something a person does, such as speaking, walking, or typing. So far, Thorsheim and Moore say, several banking websites appear to be using keystroke profiling to perform an additional layer of authentication on site users. [...]



You may also be interested in:

"Advanced cameras and sensors will be installed to read license plates and test emerging facial recognition software."
"How you can become a ghost on the Internet, by tracking down and eliminating your digital past."
Facebook Class-Action Lawsuit Involves Nearly Half of all Canadians
Careful or they'll hear your password
Fake Name Generator