Opened 8 months ago

Last modified 6 months ago

#26557 new defect

Regression in keyboard fingerprinting

Reported by: pege Owned by: tbb-team
Priority: High Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: ff60-esr
Cc: arthuredelstein Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

I just compared fingerprinting protection between 8.0a8 and 8.0a9. There appears to be a regression when it comes to key combination with AtlGraph.

My system:

OS: Whonix 14 (Debian stretch) on Qubes OS 4.0
Keyboard layout: Neo (https://neo-layout.org/index_en.html)

For testing I used https://arthuredelstein.github.io/tordemos/keyboard.html.

There are several keys that have regressed:

Numbers

When typing the number 0 using the key pad on layer 4 ('<' + space) I observe this differences:

8.0a8: code: Digit0, modifierState: empty
8.0a9: code: Space, modifierState: AltGraph

Similarly, other numbers, when typing using the number pad on layer 4, show the actual key that was pressed (KeyM, KeyJ, KeyU, …) instead of DigitX.

Arrow up:

8.0a8: code: ArrowUp, modifierState: empty
8.0a9: code: ArrowUp, modifierState: AltGraph

The modifier leaks with many of the keys on layer 4. Including, all arrow keys, escape, home, end, delete, back and comma. Interestingly, period and colon don't leak the modifier.

I also noticed that colon is recognized as semicolon (on all layers) but that's also the case in older Tor Browser version.

Child Tickets

Change History (3)

comment:1 Changed 8 months ago by tom

Arthur is this the result of https://bugzilla.mozilla.org/show_bug.cgi?id=1433592 (and therefore expected?

There's https://bugzilla.mozilla.org/show_bug.cgi?id=1438795 also but i don't think that's it.

comment:2 Changed 6 months ago by gk

Cc: arthuredelstein added

comment:3 Changed 6 months ago by gk

Priority: MediumHigh

Bumping prio.

Note: See TracTickets for help on using tickets.