[tor-bugs] #16025 [Tor Browser]: Potential anonymity leak in Tor Browser Bundle via Key Map
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu May 14 19:50:56 UTC 2015
#16025: Potential anonymity leak in Tor Browser Bundle via Key Map
-------------------------+----------------------------------
Reporter: cypherpunks | Owner: tbb-team
Type: defect | Status: new
Priority: normal | Milestone:
Component: Tor Browser | Version: Tor: unspecified
Keywords: | Actual Points:
Parent ID: | Points:
-------------------------+----------------------------------
For users of alternative key maps such as AZERTY, Dvorak, etc., the user's
keymap can reveal personally identifiable information about an end-user.
Using JavaScript, it is fairly trivial to identify a user's key map by
comparing key codes and character codes against some fairly simple
patterns to accurately determine the user's key map.
If packet insertion is accomplished between the Tor exit node and the
destination site, malicious JavaScript can be injected which, when the
user types, could determine their keymap. HTTPS on the destination site
can help to prevent packet injection, but if the destination site itself
is malicious or compromised, it would still remain possible to determine
the user's keymap and store data about this interaction which could
potentially identify a user in the end.
A fix for this would involve patching Tor Browser Bundle's Firefox to
never send key codes or alternatively never send char codes to executing
JavaScript. It's also possible to mitigate this by disabling JavaScript,
but many sites depend on JavaScript for basic interaction with the site.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/16025>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list