Skip to content

GitLab

Trac
Trac

GitLab is used only for code review, issue tracking and project management. Canonical locations for source code are still https://gitweb.torproject.org/ https://git.torproject.org/ and git-rw.torproject.org.

Closed (moved)
Opened by Trac@tracbot

Regression in keyboard fingerprinting

I just compared fingerprinting protection between 8.0a8 and 8.0a9. There appears to be a regression when it comes to key combination with AtlGraph.

My system:

OS: Whonix 14 (Debian stretch) on Qubes OS 4.0 Keyboard layout: Neo (https://neo-layout.org/index_en.html)

For testing I used https://arthuredelstein.github.io/tordemos/keyboard.html.

There are several keys that have regressed:

== Numbers

When typing the number 0 using the key pad on layer 4 ('<' + space) I observe this differences:

8.0a8: code: Digit0, modifierState: empty 8.0a9: code: Space, modifierState: AltGraph

Similarly, other numbers, when typing using the number pad on layer 4, show the actual key that was pressed (KeyM, KeyJ, KeyU, …) instead of DigitX.

== Navigation Keys

Arrow up:

8.0a8: code: ArrowUp, modifierState: empty 8.0a9: code: ArrowUp, modifierState: AltGraph

The modifier leaks with many of the keys on layer 4. Including, all arrow keys, escape, home, end, delete, back and comma. Interestingly, period and colon don't leak the modifier.

I also noticed that colon is recognized as semicolon (on all layers) but that's also the case in older Tor Browser version.

Trac:
Username: pege

To upload designs, you'll need to enable LFS and have admin enable hashed storage. More information