Opened 3 years ago

Last modified 3 years ago

#18537 assigned enhancement

Resist keyboard and mouse biometrics and tracking

Reported by: cypherpunks Owned by: nickm
Priority: High Milestone:
Component: Applications/Tor Browser Version:
Severity: Major Keywords: mouse, keyboard, biometrics, fingerprinting, tracking
Cc: Actual Points:
Parent ID: #18379 Points:
Reviewer: Sponsor:


Hi, I think TBB should resist keyboard and mouse biometrics better. This will prowide protection against mouse pointer tracking for implicit detection us user's interests.

1 when page is loaded

a) TBB records all mouse and keyboard events, except mouse move, if JS is enabled. The page doesn't get keyboard and mouse events at all.
b) TBB records the time the page is loaded.

2 When submit event is triggered

a) TBB stops capturing events
b) TBB analyse the events.
c) TBB simulates the events

3 Events analysis

Let a user interacting with visible gui elements: <textarea>s, <option>s, text fields, buttons and another <input>s.
Then when the form is submited, a user has all the fields filled with the needed data. He needs to provide a website with the filled data ignoring all the information about the way they have been filled.

a) create a list of elements
b) when an element gets focus and if it is not in the list, push it into the end of the list
c) when all events are processed the list of elements is ordered by the first time they were activated by the user
d) then TBB can create simulated events for these elements based on their state in the end of interaction and the order of their activation.

4 Event simulation

a) TBB creates a variable for the time counter and the virtual mouse pointer (vmp) coordinates
b) TBB loads saved time into it.
a) TBB chooses virtual vmp position according to selected model
c) TBB delays according to selected model because a user cannot start interacting with page immediately
d) TBB sorts the GUI elements according the order a user is able to activate them by hitting <TAB> key.
c) TBB chooses model of user a sampling all the params of the model using probability distribution functions.
e) TBB simulates input events

5 Input events simulation cycle
a) TBB simulates GUI element getting focus according to selected model
b) TBB simulates user interaction with GUI element according to selected model
a) TBB simulates GUI element loosing focus according to selected model

6 Mouse events simulation (getting focus and interaction)

a) TBB creates mousemove events according to selected model and changes vmp position
b) TBB creates mousedown event according to selected model
c) TBB creates mousepress event according to selected model
d) TBB creates mouseup event according to selected model
d) TBB creates either click or contextmenu event according to selected model

7 Keyboard events simulation (changing focuf with TAB or user input)

a) TBB creates keydown event according to selected model
a) TBB creates keypress event according to selected model
a) TBB creates keyup event according to selected model

8 Mouse movement model

The model params are
let t_ev be a time to the next event
let t_l be delay of vmp leaving element

let r={x,y} be vmp coordinates
let r_prev={r_prev_x,r_prev_y}

let v={v_x,v_y} be vmp speed
let v_st be magnitude of speed of pointer in the middle of its way
let phi_l be variation of angle from the line connecting the 2 endpoints

let f be a factor of decelleration

let mag(v) be a magnitude of vector v
let rot(phi) be a rotation matrix
let exp(x) be an exponent
. is dot product

a sample all the params from models using probability distribution functions.
b determine the endpoint r_t within the target element as as a sample from uniform distribution
c t+=t_l wait the t_l
in loop

d sample t_ev, v_st and phi_l from the model
e calculate the vector from vmp to endpoint dr=r_t-r
f calculate director d=dr/mag(dr)
j mag(v)=v_st * exp(-mag(dr)/f)
h calculate ds = t_ev * mag(v)
i if overshoot (ds > mag(dr))

ii ds = mag(dr)
iii mag(v) = ds / t_ev

k rotate director d.rot(phi_l)
l v = d * mag(v)
m r+= v*t_ev

n shift clock t+=t_ev
o emit mousemove event
p if the cursor in place (ds >= mag(r)) break the loop

7 Keyboard and mouse button model

let t_d be delay before down event
let t_c be delay between down and click
let t_u be delay between down and up
let t_p be interval between press events
let t_p_th be threshold time for press events

a sample all the params from models using probability distribution functions.
b td+=t_d
c tu=t+t_u
d tc=t+t_c
e tp_th=t+t_p_th
f emit down event
g if the device is mouse emit either click or context menu event with t=tc
h if tu>tp_th

for t in range(tp_th,tu,t_p)

emit press event

i emit up event with t=tu

8 The distributions for delays can be derived using Amazon Mechanical Turk with hand postprocessing to remove fake instances. Another way is to create an arcade game where players should enter text and click text fields as fast as they can in order to win.

Child Tickets

Change History (1)

comment:1 Changed 3 years ago by cypherpunks

Keywords: mouse keyboard biometrics fingerprinting tracking added
Owner: changed from tbb-team to nickm
Parent ID: #18379
Priority: MediumHigh
Severity: NormalMajor
Status: newassigned
Note: See TracTickets for help on using tickets.