[tor-bugs] #16678 [Applications/Tor Browser]: Enhance KeyboardEvent fingerprinting protection for unusual characters
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Sep 20 12:40:15 UTC 2017
#16678: Enhance KeyboardEvent fingerprinting protection for unusual characters
--------------------------------------+-----------------------------------
Reporter: arthuredelstein | Owner: sysrqb
Type: enhancement | Status: needs_information
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: tbb-fingerprinting | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
--------------------------------------+-----------------------------------
Comment (by sysrqb):
Replying to [comment:8 arthuredelstein]:
> Replying to [comment:6 sysrqb]:
> Hi -- my thinking is, to minimize disruption to usability, we should try
to spoof the physical key (KeyboardEvent.code and KeyboardEvent.keyCode)
that is most commonly used (roughly) for a given character across
different locales' physical keyboard layouts. So for example, I imagine we
might want to use either the Spanish or French physical key for the `ç`
character. (Unfortunately they are different, so we have to choose.)
>
> And, I think likely it makes sense for more than one character to spoof
the same physical key, or physical key combination. We're not trying to
simulate any particular whole keyboard layout, but rather we want to spoof
individual keys so they don't reveal the true keyboard.
>
Thanks, okay, so instead of providing a single custom layout (say, based
on the US-International keyboard), the result of this will basically
overlay most of the existing layouts (QWERTY, QWERTZ, AZERTY, etc) and
resolve any conflicting key locations such that there is a proper one-to-
one mapping from key to location. I expect I'll choose the wrong keycode
for some of them, but hopefully not too many.
> > What other keys ar'm thinking we can use the following layouts, in
order of physical key location preference (German key location preferred
higher than AZERTY):e missing? Some layouts provide 1/8, 3/8, 5/8, 7/8, ™,
ˆ. Should these be included?
>
> I think so, yes. We could also consider Cyrillic characters (see Russian
vs Serbian keyboard layouts), and maybe other kinds of characters, too.
Although if that turns out to be too much for one ticket, I think it would
be reasonable to open tickets for categories we don't want to cover here.
>
> > What is the expected result if a key is not recognized? Should
torbrowser drop it? I'm worried about the impact on usability if
torbrowser does something surprising when a user presses a key that
"should work". With that said, any keys not included in this custom layout
continue to be a potential fingerprint.
>
> Currently we're not dropping most keys, to minimize the usability
impact. If necessary, in some cases we could simply drop the .code and
.keyCode members of KeyboardEvent without suppressing the event itself.
But I tend to think we should just aim to gradually expand our range of
spoofings. Note we do suppress KeyboardEvents for a few modifier keys
because combination key presses can reveal a user's locale when they are
typing special characters:
> See #17009 and patch at https://gitweb.torproject.org/tor-
browser.git/patch/?id=2679132
>
Yes, I noticed the suppression both during my testing and in the current
fingerprinting resistence code. I expect that'll require some tweaking
with the additions we're adding here.
I'll do some more research on keyboard layouts and come back with a patch.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/16678#comment:9>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list