Opened 2 years ago

Last modified 22 months ago

#26557 new defect

Regression in keyboard fingerprinting

Reported by: pege Owned by: tbb-team
Priority: High Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: ff60-esr
Cc: arthuredelstein Actual Points:
Parent ID: Points:
Reviewer: Sponsor:


I just compared fingerprinting protection between 8.0a8 and 8.0a9. There appears to be a regression when it comes to key combination with AtlGraph.

My system:

OS: Whonix 14 (Debian stretch) on Qubes OS 4.0
Keyboard layout: Neo (

For testing I used

There are several keys that have regressed:


When typing the number 0 using the key pad on layer 4 ('<' + space) I observe this differences:

8.0a8: code: Digit0, modifierState: empty
8.0a9: code: Space, modifierState: AltGraph

Similarly, other numbers, when typing using the number pad on layer 4, show the actual key that was pressed (KeyM, KeyJ, KeyU, …) instead of DigitX.

Arrow up:

8.0a8: code: ArrowUp, modifierState: empty
8.0a9: code: ArrowUp, modifierState: AltGraph

The modifier leaks with many of the keys on layer 4. Including, all arrow keys, escape, home, end, delete, back and comma. Interestingly, period and colon don't leak the modifier.

I also noticed that colon is recognized as semicolon (on all layers) but that's also the case in older Tor Browser version.

Child Tickets

Change History (3)

comment:1 Changed 2 years ago by tom

Arthur is this the result of (and therefore expected?

There's also but i don't think that's it.

comment:2 Changed 22 months ago by gk

Cc: arthuredelstein added

comment:3 Changed 22 months ago by gk

Priority: MediumHigh

Bumping prio.

Note: See TracTickets for help on using tickets.