Does Tor browser have any defenses against mouse and keystroke stylometry, if not could some be implemented? It can be as simple as adding an add-on that you can turn on or off. I think this would add extra protection against invasive websites who attempt to identify users. Users could also disable this if the website isn't working or requires a captcha which thinks they are a bot.
-Joel
If you're referring to recording the timing of keystrokes or mouse movements - no. Personally, I think the effectiveness of these attacks are pretty low, with a high false positive rate; which makes them not-very-effective.
In theory, mouse movements could countered by just never reporting mouse position - support for phone/tablet based interactions means that mouse-over based interaction is not accessibility friendly. This wouldn't work for games or similar.
Keystroke timing would be a whole different ball game, and would require changes to the core browser to (I guess) buffer and release keystrokes on a set interval. And that wouldn't help if you're only pressing a key every 100ms and not a few-per-that-interval.
I think this falls into the category of 'Attacks which might be theoretically possible, but require significant engineering work to address' and therefore until someone demonstrates a plausible attack or shows up and is willing to do the engineering work, is lower priority compared to fingerprinting techniques which are actively being used or security hardening measures against exploits. My 2 cents.
-tom
On Mon, 3 Aug 2020 at 01:15, joel04g_t535e@secmail.pro wrote:
Does Tor browser have any defenses against mouse and keystroke stylometry, if not could some be implemented? It can be as simple as adding an add-on that you can turn on or off. I think this would add extra protection against invasive websites who attempt to identify users. Users could also disable this if the website isn't working or requires a captcha which thinks they are a bot.
-Joel
tbb-dev mailing list tbb-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tbb-dev