[tor-bugs] #15646 [Tor Browser]: KeyboardEvent may allow fingerprinting of keyboard layout

Tor Bug Tracker & Wiki blackhole at torproject.org
Mon Jun 22 10:36:44 UTC 2015 

#15646: KeyboardEvent may allow fingerprinting of keyboard layout
-------------------------+-------------------------------------------------
     Reporter:           |      Owner:  arthuredelstein
  cypherpunks            |     Status:  needs_revision
         Type:  defect   |  Milestone:
     Priority:  major    |    Version:
    Component:  Tor      |   Keywords:  ff38-esr, tbb-fingerprinting, tbb-5
  Browser                |  .0a-highrisk, TorBrowserTeam201506R
   Resolution:           |  Parent ID:
Actual Points:           |
       Points:           |
-------------------------+-------------------------------------------------
Changes (by gk):

 * status:  needs_review => needs_revision


Comment:

 Replying to [comment:6 arthuredelstein]:
 > Here's a patch for review:
 > https://github.com/arthuredelstein/tor-
 browser/commit/a409f8ffa3a26a3d96c5bba8ff6caa4e0b8d61db
 >
 > To summarize: I provide consensus (US-English-style) fake properties for
 `KeyboardEvent`, namely `code`, `keyCode`, `location` and `shiftKey`. So,
 for example, if the user types `?`, the result will be `code = 'Slash'`,
 `keyCode = 191`, `shiftKey = true`, `location = 0`, regardless of the
 keyboard layout. Numbers are always reported as arriving from the keys
 located above "QWERTY", even if they are typed on the NumPad.

 The `?` test with en-US bundles

 On a Windows 7 machine with a german keyboard and german keyboard layout I
 get
 {{{
 event = keydown
 key = ?
 charCode = 0
 which = 63
 code = Minus
 keyCode = 63
 location = 0
 }}}
 {{{
 event = keypress
 key = ?
 charCode = 63
 which = 63
 code = Minus
 keyCode = 0
 location = 0
 }}}

 On a Ubuntu 14.04 with a german keyboard and an en-US keyboard layout I
 get
 {{{
 event = keydown
 key = ?
 charCode = 0
 which = 191
 code = Slash
 keyCode = 191
 location = 0
 }}}
 {{{
 event = keypress
 key = ?
 charCode = 63
 which = 63
 code = Slash
 keyCode = 0
 location = 0
 }}}

 Thus, I think this needs revision. I am not exactly sure in which regard
 though: s/63/191/g and s/Minus/Slash/g ? What about the `keyCode = 0`
 cases?

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/15646#comment:13>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list