[tor-bugs] #18379 [Tor Browser]: Mouse Tracking Defenses in Tor Browser

Tor Bug Tracker & Wiki blackhole at torproject.org
Mon Mar 14 11:40:35 UTC 2016


#18379: Mouse Tracking Defenses in Tor Browser
-------------------------+--------------------------
 Reporter:  cypherpunks  |          Owner:  tbb-team
     Type:  enhancement  |         Status:  new
 Priority:  Very High    |      Milestone:
Component:  Tor Browser  |        Version:
 Severity:  Critical     |     Resolution:
 Keywords:               |  Actual Points:
Parent ID:               |         Points:
 Reviewer:               |        Sponsor:
-------------------------+--------------------------

Comment (by cypherpunks):

 No, because not just short-time timing, but also cursor location, speed,
 direction and long-time timing are involved.

 Some of the related fingerprinting methods are not easy to defend against.
 e.g. User A tends to click here after opening a link, etc. With recent
 advances in machine learning (e.g. deep learning) this kind of information
 is more valuable.

 With that said, however, we can limit cursor position data without causing
 a major break because most important event handlers listen on click,
 mouseover, etc. Of course it may for example cause a glitch in script-
 generated tooltips.

 Possibly, what is the easiest is making mouse position data opt-in in
 higher security settings (slider), like `canvas` data extraction.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18379#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list