[tor-bugs] #16678 [Applications/Tor Browser]: Enhance KeyboardEvent fingerprinting protection for unusual characters

Tor Bug Tracker & Wiki blackhole at torproject.org
Mon Sep 25 06:36:05 UTC 2017

#16678: Enhance KeyboardEvent fingerprinting protection for unusual characters
 Reporter:  arthuredelstein           |          Owner:  sysrqb
     Type:  enhancement               |         Status:  needs_review
 Priority:  Medium                    |      Milestone:
Component:  Applications/Tor Browser  |        Version:
 Severity:  Normal                    |     Resolution:
 Keywords:  tbb-fingerprinting        |  Actual Points:
Parent ID:                            |         Points:
 Reviewer:                            |        Sponsor:
Changes (by sysrqb):

 * status:  needs_information => needs_review


 I surveyed the different layouts shown on the QWERTY [0], QWERTZ [1], and
 AZERTY [2] pages on Wikipedia, and I documented (roughly) the different
 keys (attached). From this, the patch [3] contains 131 unicode characters,
 covering most Latin charset-based keyboard layouts. This does not include
 Cyrillic characters (or other charsets), yet, although I agree that would
 be a great addition.

 The patch falls back on code "IntlBackslash" and keycode 220, when a
 mapping does not exist for a key. Something unfortunate/annoying I found
 while working on this is that unicode provides more than one code for the
 same glyph (such as U+0110 (capital letter D with stroke) and U+00D0
 (capital letter eth) for Ð), so I am worried some keyboard
 drivers/platforms use different codes for characters that are visually the
 same, thus this patch may result in slightly strange behavior.

 The key-to-code mappings were decided by taking the results of the survey
 and choosing the most common keyboard key per character/symbol. There were
 many symbols that were in a unique location on different layouts, so I
 chose a key that seemed reasonable.

 $ sort -t, -k 3 unicode_keyboard_keys | sed 's/, /,/g' | awk -F, '{ print
 $3", "$2", "$5; }' | sort | uniq -c | less

 [0] https://en.wikipedia.org/wiki/QWERTY
 [1] https://en.wikipedia.org/wiki/QWERTZ
 [2] https://en.wikipedia.org/wiki/AZERTY
 [3] https://github.com/sysrqb/tor-browser/tree/bug16678_1

Ticket URL: <https://trac.torproject.org/projects/tor/ticket/16678#comment:10>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list