[tbb-dev] [mobile browser developer candidate] Bug 16678 - Enhance KeyboardEvent fingerprinting resistence
Matthew Finkel
matthew.finkel at gmail.com
Tue Sep 26 06:52:17 UTC 2017
Hi All,
I pushed a final branch for this ticket [0]. I'll update the ticket, as well.
As mentioned on the ticket, this enhancement was complicated by the fact that
unicode codepoints are accessible by keys directly on the keyboard, as well as
using dead keys + another character. The former, using a dead key combination,
dispatches multiple keydown events, while the latter only dispatches a single
keydown event. As a mitigation, we can suppress the keydown event generated by
the dead key, exactly the same way the Alt/AltGr/Shift keys are suppressed [1].
The result of this is simply only emitting a keypress of the raw keyboard
character, and to a webpage it appears like the dead key wasn't pressed.
I believe I know how we can implement this correctly, such that "dead key +
character" appears identical to a keyboard character.
Many thanks to Arthur for his valuable feedback, [2] includes some fixups and
improvements.
Thank you,
Matt
[-1] https://trac.torproject.org/projects/tor/ticket/16678
[0] https://github.com/sysrqb/tor-browser/tree/bug16678_2
[1] https://github.com/sysrqb/tor-browser/commit/29d8c9ffec2340e64ad26a0dbc48315b47ac6028
[2] https://github.com/sysrqb/tor-browser/commit/962194b1151768ddc6d3beb30132d833c1a4a81f
More information about the tbb-dev
mailing list