Security researchers have refined a long-theoretical profiling technique into a highly practical attack that poses a threat to Tor users and anyone else who wants to shield their identity online.
The technique collects user keystrokes as an individual enters usernames, passwords, and other data into a website. After a training session that typically takes less than 10 minutes, the website—or any other site connected to the website—can then determine with a high degree of certainty when the same individual is conducting subsequent online sessions. The profiling works by measuring the minute differences in the way each person presses keys on computer keyboards. Since the pauses between keystrokes and the precise length of time each key is pressed are unique for each person, the profiles act as a sort of digital fingerprint that can betray its owner's identity.
The prospect of widely available databases that identify users based on subtle differences in their typing was unsettling enough to researchers Per Thorsheim and Paul Moore that they have created a Chrome browser plugin that's designed to blunt the threat. The plugin caches the input keystrokes and after a brief delay relays them to the website in at a pseudo-random rate. Thorsheim, a security expert who organizes the annual PasswordsCon conference, and Moore, an information security consultant at UK-based Urity Group, conceived the plugin after thinking through all the ways the typing profiles could be used to compromise online anonymity.
(Score: 2, Insightful) by unzombied on Saturday August 01 2015, @04:20AM
That's the first red flag.
And there's #2. Those are vague marketing phrases trying to convince, not specific research terms to inform.
(Score: 0) by Anonymous Coward on Saturday August 01 2015, @04:38AM
I have at least 5 different typing styles. Probably more.
It depends on my posture. Am I sitting up, laying on the couch. On my laptop? On my desktop? On my tablet?
(Score: 0) by Anonymous Coward on Saturday August 01 2015, @09:20AM
https://en.wikipedia.org/wiki/Evercookie [wikipedia.org]