[tbb-bugs] #16025 [Tor Browser]: Potential anonymity leak in Tor Browser Bundle via Key Map

Tor Bug Tracker & Wiki blackhole at torproject.org
Thu May 14 19:50:56 UTC 2015

#16025: Potential anonymity leak in Tor Browser Bundle via Key Map
 Reporter:  cypherpunks  |          Owner:  tbb-team
     Type:  defect       |         Status:  new
 Priority:  normal       |      Milestone:
Component:  Tor Browser  |        Version:  Tor: unspecified
 Keywords:               |  Actual Points:
Parent ID:               |         Points:
 For users of alternative key maps such as AZERTY, Dvorak, etc., the user's
 keymap can reveal personally identifiable information about an end-user.
 Using JavaScript, it is fairly trivial to identify a user's key map by
 comparing key codes and character codes against some fairly simple
 patterns to accurately determine the user's key map.

 If packet insertion is accomplished between the Tor exit node and the
 destination site, malicious JavaScript can be injected which, when the
 user types, could determine their keymap. HTTPS on the destination site
 can help to prevent packet injection, but if the destination site itself
 is malicious or compromised, it would still remain possible to determine
 the user's keymap and store data about this interaction which could
 potentially identify a user in the end.

 A fix for this would involve patching Tor Browser Bundle's Firefox to
 never send key codes or alternatively never send char codes to executing
 JavaScript. It's also possible to mitigate this by disabling JavaScript,
 but many sites depend on JavaScript for basic interaction with the site.

Ticket URL: <https://trac.torproject.org/projects/tor/ticket/16025>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tbb-bugs mailing list