flapflap: > Hi! > > (I didn't find this topic discussed here yet and I think it might be > interesting) > > the article > > http://arstechnica.com/security/2015/07/how-the-way-you-type-can-shatter-anonymity-even-on-tor/ > says that apparently it's possible to deanonymise Tor users by analysing > their keystrokes in input fields of websites. > > Is it valid to assume that such a technique is possible to be deployed > by, for example, cloudflare? (needs JavaScript, has an input field) > (or is it required for learning to always enter the same text by the > same user?) > > Is there need for modifications in the Tor Browser Bundle/upstream Firefox? We already patch Tor Browser to reduce the precision of keypress events. See: https://bugs.torproject.org/1517. It would be nice to see a study that evaluates whether this is effective or not and if not, why not. Anyway, there is still something to do in this area: https://bugs.torproject.org/16110. Georg
Attachment:
signature.asc
Description: OpenPGP digital signature
-- tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk