[tor-bugs] #16678 [Applications/Tor Browser]: Enhance KeyboardEvent fingerprinting protection for unusual characters

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed Sep 20 02:22:21 UTC 2017 

#16678: Enhance KeyboardEvent fingerprinting protection for unusual characters
--------------------------------------+-----------------------------------
 Reporter:  arthuredelstein           |          Owner:  sysrqb
     Type:  enhancement               |         Status:  needs_information
 Priority:  Medium                    |      Milestone:
Component:  Applications/Tor Browser  |        Version:
 Severity:  Normal                    |     Resolution:
 Keywords:  tbb-fingerprinting        |  Actual Points:
Parent ID:                            |         Points:
 Reviewer:                            |        Sponsor:
--------------------------------------+-----------------------------------
Changes (by sysrqb):

 * status:  assigned => needs_information


Comment:

 Basically we are implementing a virtual customized keyboard layout. This
 layout does not contain Right-keys (location 2, keys on right side). It is
 a QWERTY keyboard based on the "English (US)" layout, therefore any non-
 English characters will be mapped onto US-centric keys when combined with
 a modifier. We'll need both shift and AltGr (as the combination of
 asserting ctrl and alt) for this, else we don't have enough combinations
 available.

 The US-International keyboard layout [0] provides a nice base, so
 beginning with that we gain:

 With AltGr:
 {{{
 ¡ ² ³ ¤ € ¼ ½ ¾ ‘ ’ ¥ ×
  ä å é ® þ ü ú í ó ö « »
   á ß ð           ø ¶ ´ ¬
    æ   ©     ñ µ ç   ¿
 }}}

 With Shift-AltGr:
 {{{
 ¹     £               ÷
  Ä Å É   Þ Ü Ú Í Ó Ö
   Á § Ð           Ø ° ¨ ¦
    Æ   ¢     Ñ   Ç
 }}}

 What other keys are missing? Some layouts provide 1/8, 3/8, 5/8, 7/8, ™,
 ˆ. Should these be included?

 What is the expected result if a key is not recognized? Should torbrowser
 drop it? I'm worried about the impact on usability if torbrowser does
 something surprising when a user presses a key that "should work". With
 that said, any keys not included in this custom layout continue to be a
 potential fingerprint.

 [0] https://en.wikipedia.org/wiki/AltGr_key#US-International
 [1] https://en.wikipedia.org/wiki/AZERTY

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/16678#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list