Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

HOW you type - As unique as a Fingerprint.

  • 06-08-2015 1:24am
    #1
    Closed Accounts Posts: 3,006 ✭✭✭


    How the way you type can shatter anonymity—even on Tor
    Security researchers have refined a long-theoretical profiling technique into a highly practical attack that poses a threat to Tor users and anyone else who wants to shield their identity online.

    The technique collects user keystrokes as an individual enters usernames, passwords, and other data into a website. After a training session that typically takes less than 10 minutes, the website—or any other site connected to the website—can then determine with a high degree of certainty when the same individual is conducting subsequent online sessions. The profiling works by measuring the minute differences in the way each person presses keys on computer keyboards. Since the pauses between keystrokes and the precise length of time each key is pressed are unique for each person, the profiles act as a sort of digital fingerprint that can betray its owner's identity.

    The prospect of widely available databases that identify users based on subtle differences in their typing was unsettling enough to researchers Per Thorsheim and Paul Moore that they have created a Chrome browser plugin that's designed to blunt the threat. The plugin caches the input keystrokes and after a brief delay relays them to the website in at a pseudo-random rate. Thorsheim, a security expert who organizes the annual PasswordsCon conference, and Moore, an information security consultant at UK-based Urity Group, conceived the plugin after thinking through all the ways the typing profiles could be used to compromise online anonymity.

    Profiling Tor users

    "The risk may seem small when you consider one single website collecting this type of information," Runa Sandvik, an independent security researcher and former Tor developer, told Ars. "The real concern with behavioral profiling is when it is being done by multiple big websites owned by the same company or organization. The risk to anonymity and privacy is that you can profile me and log what I am doing on one page and then compare that to the profile you have built on another page. Suddenly, the IP address I am using to connect to these two sites matters much less."


Comments

  • Registered Users, Registered Users 2 Posts: 1,456 ✭✭✭FSL


    I thought data was sent over the internet in packets not 1 character at a time. Also given the concept of the internet as a web packets can take different routes and different times from A to B. So how could this possibly work?


  • Registered Users, Registered Users 2 Posts: 6,285 ✭✭✭bonzodog2


    When e.g. Google makes suggestions based on what you've typed so far, those characters are sent one at a time. When you click a 'submit' button, that's a GET or POST request, and all sent at once, probably all in 1 packet.


  • Registered Users, Registered Users 2 Posts: 1,456 ✭✭✭FSL


    Even sending 1 character at a time requires a packet. Also any internet connection is not constant the transfer rate varies as do the periods (albeit milliseconds) of non activity. Even with the website on a server of it's own with no other activity if there were multiple people connected that would also influence the timings.

    The only way it could possibly work would be a script running in the web browser which collected the timings as the user typed and then sent them to the server.


  • Closed Accounts Posts: 3,006 ✭✭✭_Tombstone_




Advertisement