Regression in keyboard fingerprinting
I just compared fingerprinting protection between 8.0a8 and 8.0a9. There appears to be a regression when it comes to key combination with AtlGraph.
My system:
OS: Whonix 14 (Debian stretch) on Qubes OS 4.0 Keyboard layout: Neo (https://neo-layout.org/index_en.html)
For testing I used https://arthuredelstein.github.io/tordemos/keyboard.html.
There are several keys that have regressed:
== Numbers
When typing the number 0 using the key pad on layer 4 ('<' + space) I observe this differences:
8.0a8: code: Digit0, modifierState: empty 8.0a9: code: Space, modifierState: AltGraph
Similarly, other numbers, when typing using the number pad on layer 4, show the actual key that was pressed (KeyM, KeyJ, KeyU, …) instead of DigitX.
== Navigation Keys
Arrow up:
8.0a8: code: ArrowUp, modifierState: empty 8.0a9: code: ArrowUp, modifierState: AltGraph
The modifier leaks with many of the keys on layer 4. Including, all arrow keys, escape, home, end, delete, back and comma. Interestingly, period and colon don't leak the modifier.
I also noticed that colon is recognized as semicolon (on all layers) but that's also the case in older Tor Browser version.
Trac:
Username: pege