[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-talk] Profiling Tor users via keystrokes

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-talk] Profiling Tor users via keystrokes
From: spencerone@xxxxxxxxxxxxxxx
Date: Fri, 31 Jul 2015 01:10:58 -0700
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 31 Jul 2015 04:11:16 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/simple; d=openmailbox.org; h=user-agent:message-id:subject:subject:from:from:date:date :content-transfer-encoding:content-type:content-type :mime-version:received:received; s=openmailbox; t=1438330258; bh=LEk+5pP+k4lOZz/nxOef+A4ljaDqIKX1M5YTK27cAtA=; b=qmcJqUmQU28m g9DtHUBRBJ5gD2fanmp4McOS4wIn1r0XhSVD7jL8YYr+FlFSCIkGbWd7eV24XTkk PsNS+rNZULh5XCcu4+Lbld+BKv0XuNE//axVOKMNmRmmqgbNqgoacyadkvQ895DP wr7SONca00VNXcFyUhMalr14ZO7I3gI=
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Roundcube Webmail/1.0.6

Hi,

flapflap:
http://arstechnica.com/security/2015/07/how-the-way-you-type-can-shatter-anonymity-even-on-tor/
says that apparently it's possible to deanonymise Tor users byanalysing
their keystrokes in input fields of websites.
Is there need for modifications in the Tor Browser Bundle/upstreamFirefox?


grarpamp:
A keystroke reclocker / normalizer might be better integrated
as part of the keyboard driver in your OS. You'd only need to
code it once, and could tune it to suit you however you want.
Try checking with your OS.

Keystroke spoofing would only circumvent interception attacks, right?It seems destination-based form/packet-grabbing could still profilepeople.

Is there a public keylogger that reveals what it sees so people can casetest? TorMirror?


Wordlife,
Spencer

--
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] Profiling Tor users via keystrokes
  - From: fatal

Prev by Author: [tor-talk] USB Sticks for Tails -> CCCamp
Next by Author: Re: [tor-talk] Fwd: Re: Fwd: CALL FOR TESTING: new port scanning subsystem (allows scanning behind proxies, including Tor!)
Previous by thread: Re: [tor-talk] Profiling Tor users via keystrokes
Next by thread: Re: [tor-talk] Profiling Tor users via keystrokes
Index(es):
- Author
- Thread