[tor-bugs] #16678 [Applications/Tor Browser]: Enhance KeyboardEvent fingerprinting protection for unusual characters

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed Sep 20 12:40:15 UTC 2017

#16678: Enhance KeyboardEvent fingerprinting protection for unusual characters
 Reporter:  arthuredelstein           |          Owner:  sysrqb
     Type:  enhancement               |         Status:  needs_information
 Priority:  Medium                    |      Milestone:
Component:  Applications/Tor Browser  |        Version:
 Severity:  Normal                    |     Resolution:
 Keywords:  tbb-fingerprinting        |  Actual Points:
Parent ID:                            |         Points:
 Reviewer:                            |        Sponsor:

Comment (by sysrqb):

 Replying to [comment:8 arthuredelstein]:
 > Replying to [comment:6 sysrqb]:
 > Hi -- my thinking is, to minimize disruption to usability, we should try
 to spoof the physical key (KeyboardEvent.code and KeyboardEvent.keyCode)
 that is most commonly used (roughly) for a given character across
 different locales' physical keyboard layouts. So for example, I imagine we
 might want to use either the Spanish or French physical key for the `ç`
 character. (Unfortunately they are different, so we have to choose.)
 > And, I think likely it makes sense for more than one character to spoof
 the same physical key, or physical key combination. We're not trying to
 simulate any particular whole keyboard layout, but rather we want to spoof
 individual keys so they don't reveal the true keyboard.

 Thanks, okay, so instead of providing a single custom layout (say, based
 on the US-International keyboard), the result of this will basically
 overlay most of the existing layouts (QWERTY, QWERTZ, AZERTY, etc) and
 resolve any conflicting key locations such that there is a proper one-to-
 one mapping from key to location. I expect I'll choose the wrong keycode
 for some of them, but hopefully not too many.

 > > What other keys ar'm thinking we can use the following layouts, in
 order of physical key location preference (German key location preferred
 higher than AZERTY):e missing? Some layouts provide 1/8, 3/8, 5/8, 7/8, ™,
 ˆ. Should these be included?
 > I think so, yes. We could also consider Cyrillic characters (see Russian
 vs Serbian keyboard layouts), and maybe other kinds of characters, too.
 Although if that turns out to be too much for one ticket, I think it would
 be reasonable to open tickets for categories we don't want to cover here.
 > > What is the expected result if a key is not recognized? Should
 torbrowser drop it? I'm worried about the impact on usability if
 torbrowser does something surprising when a user presses a key that
 "should work". With that said, any keys not included in this custom layout
 continue to be a potential fingerprint.
 > Currently we're not dropping most keys, to minimize the usability
 impact. If necessary, in some cases we could simply drop the .code and
 .keyCode members of KeyboardEvent without suppressing the event itself.
 But I tend to think we should just aim to gradually expand our range of
 spoofings. Note we do suppress KeyboardEvents for a few modifier keys
 because combination key presses can reveal a user's locale when they are
 typing special characters:
 > See #17009 and patch at https://gitweb.torproject.org/tor-

 Yes, I noticed the suppression both during my testing and in the current
 fingerprinting resistence code. I expect that'll require some tweaking
 with the additions we're adding here.

 I'll do some more research on keyboard layouts and come back with a patch.

Ticket URL: <https://trac.torproject.org/projects/tor/ticket/16678#comment:9>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list