[tor-commits] [tor-browser-spec/master] Describe user behavior as a fingerprinting source.

Tue May 5 04:18:11 UTC 2015

commit d8b78e0729a1e5d16244812fbc86b9fa9f29f5b0
Author: Mike Perry <mikeperry-git at torproject.org>
Date:   Mon May 4 20:14:38 2015 -0700

    Describe user behavior as a fingerprinting source.
    
    Also generalize TCP Port to TCP Port and Local Network.
---
 design-doc/design.xml |   38 ++++++++++++++++++++++++++++----------
 1 file changed, 28 insertions(+), 10 deletions(-)

diff --git a/design-doc/design.xml b/design-doc/design.xml
index 3d4f18e..fbec073 100644
--- a/design-doc/design.xml
+++ b/design-doc/design.xml
@@ -1464,8 +1464,10 @@ severe, and how to study the efficacy of defenses properly.
     <title>Sources of Fingerprinting Issues</title>
     <para>
 
-All fingerprinting issues arise from one of four primary sources. In order
-from most severe to least severe, these sources are:
+All fingerprinting issues arise from one of four primary sources in the
+browser. Additionally, user behavior itself provides one more source of
+potential fingerprinting. Listed in order from most severe to least severe in
+terms of the amount of information they reveal, these sources are:
 
     </para>
     <orderedlist>
@@ -1487,13 +1489,15 @@ do so only on a per-site basis via site permissions, to avoid linkability.
      <listitem><command>Device and Hardware Characteristics</command>
       <para>
 
-Device and hardware characteristics can be determined in three ways: they can be
-reported explicitly by the browser, they can be inferred through API behavior,
-or they can be extracted through statistical measurements of system
-performance. We are most concerned with the cases where this information is
-either directly reported or can be determined via a single use of an API or
-feature, and prefer to place such APIs either behind site permissions, or
-disable them entirely.
+Device and hardware characteristics can be determined in three ways: they can
+be reported explicitly by the browser, they can be inferred through browser
+functionality, or they can be extracted through statistical measurements of
+system performance. We are most concerned with the cases where this
+information is either directly reported or can be determined via a single use
+of an API or feature, and prefer to place such APIs either behind site
+permissions, alter their functionality to prevent exposing the most variable
+aspects of these characteristics, or disable them entirely.
+
       </para>
       <para>
 
@@ -1522,6 +1526,20 @@ specific version of a system can be inferred.
 
       </para>
      </listitem>
+     <listitem><command>User Behavior</command>
+      <para>
+
+While somewhat outside the scope of browser fingerprinting, for completeness
+it is important to mention that users themselves theoretically might be
+fingerprinted through their behavior while interacting with a website. This
+behavior includes as keystrokes, mouse movements, click speed, and writing
+style. Basic vectors such as keystroke and mouse usage fingerprinting can be
+mitigated by altering Javascript's notion of time. More advanced issues like
+writing style fingerprinting are the domain of <ulink
+url="https://github.com/psal/anonymouth">other tools</ulink>.
+
+      </para>
+     </listitem>
      <listitem><command>Browser Vendor and Version Differences</command>
       <para>
 
@@ -1633,7 +1651,7 @@ image data, pure white image data is returned to the Javascript APIs.
      <para>
      </para>
     </listitem>
-    <listitem>Open TCP Port Fingerprinting
+    <listitem>Open TCP Port and Local Network Fingerprinting
      <para>
 
 In Firefox, by using either WebSockets or XHR, it is possible for remote



