[tor-bugs] #16678 [Applications/Tor Browser]: Enhance KeyboardEvent fingerprinting protection for unusual characters
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Sep 20 09:13:20 UTC 2017
#16678: Enhance KeyboardEvent fingerprinting protection for unusual characters
--------------------------------------+-----------------------------------
Reporter: arthuredelstein | Owner: sysrqb
Type: enhancement | Status: needs_information
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: tbb-fingerprinting | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
--------------------------------------+-----------------------------------
Comment (by arthuredelstein):
Replying to [comment:6 sysrqb]:
> Basically we are implementing a virtual customized keyboard layout. This
layout does not contain Right-keys (location 2, keys on right side). It is
a QWERTY keyboard based on the "English (US)" layout, therefore any non-
English characters will be mapped onto US-centric keys when combined with
a modifier. We'll need both shift and AltGr (as the combination of
asserting ctrl and alt) for this, else we don't have enough combinations
available.
>
> The US-International keyboard layout [0] provides a nice base, so
beginning with that we gain:
>
> With AltGr:
> {{{
> ¡ ² ³ ¤ € ¼ ½ ¾ ‘ ’ ¥ ×
> ä å é ® þ ü ú í ó ö « »
> á ß ð ø ¶ ´ ¬
> æ © ñ µ ç ¿
> }}}
>
> With Shift-AltGr:
> {{{
> ¹ £ ÷
> Ä Å É Þ Ü Ú Í Ó Ö
> Á § Ð Ø ° ¨ ¦
> Æ ¢ Ñ Ç
> }}}
Hi -- my thinking is, to minimize disruption to usability, we should try
to spoof the physical key (KeyboardEvent.code and KeyboardEvent.keyCode)
that is most commonly used (roughly) for a given character across
different locales' physical keyboard layouts. So for example, I imagine we
might want to use either the Spanish or French physical key for the `ç`
character. (Unfortunately they are different, so we have to choose.)
And, I think likely it makes sense for more than one character to spoof
the same physical key, or physical key combination. We're not trying to
simulate any particular whole keyboard layout, but rather we want to spoof
individual keys so they don't reveal the true keyboard.
> What other keys are missing? Some layouts provide 1/8, 3/8, 5/8, 7/8, ™,
ˆ. Should these be included?
I think so, yes. We could also consider Cyrillic characters (see Russian
vs Serbian keyboard layouts), and maybe other kinds of characters, too.
Although if that turns out to be too much for one ticket, I think it would
be reasonable to open tickets for categories we don't want to cover here.
> What is the expected result if a key is not recognized? Should
torbrowser drop it? I'm worried about the impact on usability if
torbrowser does something surprising when a user presses a key that
"should work". With that said, any keys not included in this custom layout
continue to be a potential fingerprint.
Currently we're not dropping most keys, to minimize the usability impact.
If necessary, in some cases we could simply drop the .code and .keyCode
members of KeyboardEvent without suppressing the event itself. But I tend
to think we should just aim to gradually expand our range of spoofings.
Note we do suppress KeyboardEvents for a few modifier keys because
combination key presses can reveal a user's locale when they are typing
special characters:
See #17009 and patch at https://gitweb.torproject.org/tor-
browser.git/patch/?id=2679132
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/16678#comment:8>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list