Stories
Slash Boxes
Comments

SoylentNews is people

posted by janrinok on Saturday August 01 2015, @02:54AM   Printer-friendly
from the way-I-type-I'm-not-surprised dept.

Security researchers have refined a long-theoretical profiling technique into a highly practical attack that poses a threat to Tor users and anyone else who wants to shield their identity online.

The technique collects user keystrokes as an individual enters usernames, passwords, and other data into a website. After a training session that typically takes less than 10 minutes, the website—or any other site connected to the website—can then determine with a high degree of certainty when the same individual is conducting subsequent online sessions. The profiling works by measuring the minute differences in the way each person presses keys on computer keyboards. Since the pauses between keystrokes and the precise length of time each key is pressed are unique for each person, the profiles act as a sort of digital fingerprint that can betray its owner's identity.

The prospect of widely available databases that identify users based on subtle differences in their typing was unsettling enough to researchers Per Thorsheim and Paul Moore that they have created a Chrome browser plugin that's designed to blunt the threat. The plugin caches the input keystrokes and after a brief delay relays them to the website in at a pseudo-random rate. Thorsheim, a security expert who organizes the annual PasswordsCon conference, and Moore, an information security consultant at UK-based Urity Group, conceived the plugin after thinking through all the ways the typing profiles could be used to compromise online anonymity.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2, Insightful) by unzombied on Saturday August 01 2015, @04:20AM

    by unzombied (4572) on Saturday August 01 2015, @04:20AM (#216638)

    can then determine with a high degree of certainty

    That's the first red flag.

    profiles act as a sort of digital fingerprint

    And there's #2. Those are vague marketing phrases trying to convince, not specific research terms to inform.

    Starting Score:    1  point
    Moderation   +1  
       Insightful=2, Overrated=1, Total=3
    Extra 'Insightful' Modifier   0  

    Total Score:   2  
  • (Score: 0) by Anonymous Coward on Saturday August 01 2015, @04:38AM

    by Anonymous Coward on Saturday August 01 2015, @04:38AM (#216642)

    I have at least 5 different typing styles. Probably more.

    It depends on my posture. Am I sitting up, laying on the couch. On my laptop? On my desktop? On my tablet?

  • (Score: 0) by Anonymous Coward on Saturday August 01 2015, @09:20AM

    by Anonymous Coward on Saturday August 01 2015, @09:20AM (#216712)