Resist keyboard and mouse biometrics and tracking
Hi, I think TBB should resist keyboard and mouse biometrics better. This will prowide protection against mouse pointer tracking for implicit detection us user's interests.
1 when page is loaded a) TBB records all mouse and keyboard events, except mouse move, if JS is enabled. The page doesn't get keyboard and mouse events at all. b) TBB records the time the page is loaded.
2 When submit event is triggered a) TBB stops capturing events b) TBB analyse the events. c) TBB simulates the events
3 Events analysis Let a user interacting with visible gui elements: s, s, text fields, buttons and another s. Then when the form is submited, a user has all the fields filled with the needed data. He needs to provide a website with the filled data ignoring all the information about the way they have been filled.
a) create a list of elements
b) when an element gets focus and if it is not in the list, push it into the end of the list
c) when all events are processed the list of elements is ordered by the first time they were activated by the user
d) then TBB can create simulated events for these elements based on their state in the end of interaction and the order of their activation.
4 Event simulation a) TBB creates a variable for the time counter and the virtual mouse pointer (vmp) coordinates b) TBB loads saved time into it. a) TBB chooses virtual vmp position according to selected model c) TBB delays according to selected model because a user cannot start interacting with page immediately d) TBB sorts the GUI elements according the order a user is able to activate them by hitting key. c) TBB chooses model of user a sampling all the params of the model using probability distribution functions. e) TBB simulates input events
5 Input events simulation cycle a) TBB simulates GUI element getting focus according to selected model b) TBB simulates user interaction with GUI element according to selected model a) TBB simulates GUI element loosing focus according to selected model
6 Mouse events simulation (getting focus and interaction) a) TBB creates mousemove events according to selected model and changes vmp position b) TBB creates mousedown event according to selected model c) TBB creates mousepress event according to selected model d) TBB creates mouseup event according to selected model d) TBB creates either click or contextmenu event according to selected model
7 Keyboard events simulation (changing focuf with TAB or user input) a) TBB creates keydown event according to selected model a) TBB creates keypress event according to selected model a) TBB creates keyup event according to selected model
8 Mouse movement model The model params are let t_ev be a time to the next event let t_l be delay of vmp leaving element
let r={x,y} be vmp coordinates
let r_prev={r_prev_x,r_prev_y}
let v={v_x,v_y} be vmp speed
let v_st be magnitude of speed of pointer in the middle of its way
let phi_l be variation of angle from the line connecting the 2 endpoints
let f be a factor of decelleration
let mag(v) be a magnitude of vector v
let rot(phi) be a rotation matrix
let exp(x) be an exponent
. is dot product
a sample all the params from models using probability distribution functions.
b determine the endpoint r_t within the target element as as a sample from uniform distribution
c t+=t_l wait the t_l
in loop
d sample t_ev, v_st and phi_l from the model
e calculate the vector from vmp to endpoint dr=r_t-r
f calculate director d=dr/mag(dr)
j mag(v)=v_st * exp(-mag(dr)/f)
h calculate ds = t_ev * mag(v)
i if overshoot (ds > mag(dr))
ii ds = mag(dr)
iii mag(v) = ds / t_ev
k rotate director d.rot(phi_l)
l v = d * mag(v)
m r+= v*t_ev
n shift clock t+=t_ev
o emit mousemove event
p if the cursor in place (ds >= mag(r)) break the loop
7 Keyboard and mouse button model let t_d be delay before down event let t_c be delay between down and click let t_u be delay between down and up let t_p be interval between press events let t_p_th be threshold time for press events
a sample all the params from models using probability distribution functions.
b td+=t_d
c tu=t+t_u
d tc=t+t_c
e tp_th=t+t_p_th
f emit down event
g if the device is mouse emit either click or context menu event with t=tc
h if tu>tp_th
for t in range(tp_th,tu,t_p)
emit press event
i emit up event with t=tu
8 The distributions for delays can be derived using Amazon Mechanical Turk with hand postprocessing to remove fake instances. Another way is to create an arcade game where players should enter text and click text fields as fast as they can in order to win.