[tbb-bugs] #18537 [Tor Browser]: Resist keyboard and mouse biometrics and tracking
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sat Mar 12 19:02:06 UTC 2016
#18537: Resist keyboard and mouse biometrics and tracking
-----------------------------+----------------------
Reporter: cypherpunks | Owner: tbb-team
Type: enhancement | Status: new
Priority: Medium | Milestone:
Component: Tor Browser | Version:
Severity: Normal | Keywords:
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: |
-----------------------------+----------------------
Hi, I think TBB should resist keyboard and mouse biometrics better. This
will prowide protection against mouse pointer tracking for implicit
detection us user's interests.
1 when page is loaded
a) TBB records all mouse and keyboard events, except mouse move,
if JS is enabled. The page doesn't get keyboard and mouse events at all.
b) TBB records the time the page is loaded.
2 When submit event is triggered
a) TBB stops capturing events
b) TBB analyse the events.
c) TBB simulates the events
3 Events analysis
Let a user interacting with visible gui elements: <textarea>s,
<option>s, text fields, buttons and another <input>s.
Then when the form is submited, a user has all the fields filled
with the needed data. He needs to provide a website with the filled data
ignoring all the information about the way they have been filled.
a) create a list of elements
b) when an element gets focus and if it is not in the list, push
it into the end of the list
c) when all events are processed the list of elements is ordered
by the first time they were activated by the user
d) then TBB can create simulated events for these elements based
on their state in the end of interaction and the order of their
activation.
4 Event simulation
a) TBB creates a variable for the time counter and the virtual
mouse pointer (vmp) coordinates
b) TBB loads saved time into it.
a) TBB chooses virtual vmp position according to selected model
c) TBB delays according to selected model because a user cannot
start interacting with page immediately
d) TBB sorts the GUI elements according the order a user is able
to activate them by hitting <TAB> key.
c) TBB chooses model of user a sampling all the params of the
model using probability distribution functions.
e) TBB simulates input events
5 Input events simulation cycle
a) TBB simulates GUI element getting focus according to selected model
b) TBB simulates user interaction with GUI element according to selected
model
a) TBB simulates GUI element loosing focus according to selected model
6 Mouse events simulation (getting focus and interaction)
a) TBB creates mousemove events according to selected model and
changes vmp position
b) TBB creates mousedown event according to selected model
c) TBB creates mousepress event according to selected model
d) TBB creates mouseup event according to selected model
d) TBB creates either click or contextmenu event according to
selected model
7 Keyboard events simulation (changing focuf with TAB or user input)
a) TBB creates keydown event according to selected model
a) TBB creates keypress event according to selected model
a) TBB creates keyup event according to selected model
8 Mouse movement model
The model params are
let t_ev be a time to the next event
let t_l be delay of vmp leaving element
let r={x,y} be vmp coordinates
let r_prev={r_prev_x,r_prev_y}
let v={v_x,v_y} be vmp speed
let v_st be magnitude of speed of pointer in the middle of its way
let phi_l be variation of angle from the line connecting the 2
endpoints
let f be a factor of decelleration
let mag(v) be a magnitude of vector v
let rot(phi) be a rotation matrix
let exp(x) be an exponent
. is dot product
a sample all the params from models using probability distribution
functions.
b determine the endpoint r_t within the target element as as a
sample from uniform distribution
c t+=t_l wait the t_l
in loop
d sample t_ev, v_st and phi_l from the model
e calculate the vector from vmp to endpoint dr=r_t-r
f calculate director d=dr/mag(dr)
j mag(v)=v_st * exp(-mag(dr)/f)
h calculate ds = t_ev * mag(v)
i if overshoot (ds > mag(dr))
ii ds = mag(dr)
iii mag(v) = ds / t_ev
k rotate director d.rot(phi_l)
l v = d * mag(v)
m r+= v*t_ev
n shift clock t+=t_ev
o emit mousemove event
p if the cursor in place (ds >= mag(r)) break the loop
7 Keyboard and mouse button model
let t_d be delay before down event
let t_c be delay between down and click
let t_u be delay between down and up
let t_p be interval between press events
let t_p_th be threshold time for press events
a sample all the params from models using probability distribution
functions.
b td+=t_d
c tu=t+t_u
d tc=t+t_c
e tp_th=t+t_p_th
f emit down event
g if the device is mouse emit either click or context menu event
with t=tc
h if tu>tp_th
for t in range(tp_th,tu,t_p)
emit press event
i emit up event with t=tu
8 The distributions for delays can be derived using Amazon Mechanical Turk
with hand postprocessing to remove fake instances. Another way is to
create an arcade game where players should enter text and click text
fields as fast as they can in order to win.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18537>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tbb-bugs
mailing list