Opened 5 years ago

Last modified 3 years ago

#16025 new defect

Potential anonymity leak in Tor Browser Bundle via Key Map

Reported by: cypherpunks Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version: Tor: unspecified
Severity: Normal Keywords:
Cc: rfkrocktk+tbbtrac@… Actual Points:
Parent ID: Points:
Reviewer: Sponsor:


For users of alternative key maps such as AZERTY, Dvorak, etc., the user's keymap can reveal personally identifiable information about an end-user. Using JavaScript, it is fairly trivial to identify a user's key map by comparing key codes and character codes against some fairly simple patterns to accurately determine the user's key map.

If packet insertion is accomplished between the Tor exit node and the destination site, malicious JavaScript can be injected which, when the user types, could determine their keymap. HTTPS on the destination site can help to prevent packet injection, but if the destination site itself is malicious or compromised, it would still remain possible to determine the user's keymap and store data about this interaction which could potentially identify a user in the end.

A fix for this would involve patching Tor Browser Bundle's Firefox to never send key codes or alternatively never send char codes to executing JavaScript. It's also possible to mitigate this by disabling JavaScript, but many sites depend on JavaScript for basic interaction with the site.

Child Tickets

Change History (2)

comment:1 Changed 5 years ago by cypherpunks

It would also be possible to mask this effect by writing an abstraction layer which reports that the key map is QWERTY always.

comment:2 Changed 3 years ago by teor

Severity: Normal

Set all open tickets without a severity to "Normal"

Note: See TracTickets for help on using tickets.