[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #15646 [Tor Browser]: KeyboardEvent may allow fingerprinting of keyboard layout

Subject: Re: [tor-bugs] #15646 [Tor Browser]: KeyboardEvent may allow fingerprinting of keyboard layout
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Wed, 17 Jun 2015 19:13:20 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 17 Jun 2015 15:13:29 -0400
In-reply-to: <051.d50ae044dbbce585a08e6eaafb749aad@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <051.d50ae044dbbce585a08e6eaafb749aad@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#15646: KeyboardEvent may allow fingerprinting of keyboard layout
-------------------------+-------------------------------------------------
     Reporter:           |      Owner:  arthuredelstein
  cypherpunks            |     Status:  needs_review
         Type:  defect   |  Milestone:
     Priority:  major    |    Version:
    Component:  Tor      |   Keywords:  ff38-esr, tbb-fingerprinting, tbb-5
  Browser                |  .0a-highrisk, TorBrowserTeam201506
   Resolution:           |  Parent ID:
Actual Points:           |
       Points:           |
-------------------------+-------------------------------------------------
Changes (by arthuredelstein):

 * status:  assigned => needs_review


Comment:

 Here's a patch for review:
 https://github.com/arthuredelstein/tor-
 browser/commit/a409f8ffa3a26a3d96c5bba8ff6caa4e0b8d61db

 To summarize: I provide consensus (US-English-style) fake properties for
 `KeyboardEvent`, namely `code`, `keyCode`, `location` and `shiftKey`. So,
 for example, if the user types `?`, the result will be `code = 'Slash'`,
 `keyCode = 191`, `shiftKey = true`, `location = 0`, regardless of the
 keyboard layout. Numbers are always reported as arriving from the keys
 located above "QWERTY", even if they are typed on the NumPad.

 Note that for now I have focused on ASCII (US English) characters and
 standard keyboard control keys. Characters from other languages will
 simply return a `KeyboardEvent.keyCode` of 0 and an empty `Keyboard.code`.
 It should be straightforward to spoof `.keyCode` and `.code` for higher
 unicode points, but I think it makes sense to postpone that for another
 ticket while this approach is reviewed and perhaps tested by users in an
 alpha.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/15646#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #16351 [Tor Browser]: Upgrade our toolchain for Tor Browser 5.0
Next by Author: Re: [tor-bugs] #16309 [Tor]: Bug: Assertion node && node->ri == ri failed in nodelist_assert_ok
Previous by thread: Re: [tor-bugs] #15646 [Tor Browser]: KeyboardEvent may allow fingerprinting of keyboard layout
Next by thread: Re: [tor-bugs] #15646 [Tor Browser]: KeyboardEvent may allow fingerprinting of keyboard layout
Index(es):
- Author
- Thread