Somewhat by accident, we’ve ended up with a new anonymity enhancement in kloak. We now use an “event batching” technique for scroll events similar to what we previously used for mouse movement events. The main reason this was done was actually unrelated to providing better anonymity; Tor Browser and Firefox both had almost entirely non-functional scrolling with kloak because we weren’t sending “axis_discrete” scroll events alongside the normal “axis” scroll events. The quick-and-easy way of adding these kinds of events would have also resulted in usability bugs, and solving those usability bugs required doing about 90% of the work needed to do anonymity-improving event batching, so I decided to do the whole job since it wasn’t much extra effort.
The basic idea behind the enhancement is two-fold: make all scroll devices look like the most common type of scroll device (specifically, “clicky” mouse wheels), and merge together high-resolution and quickly sent scroll events into less-precise, less-frequent scroll events.
- We keep track of the distance the user has scrolled in any particular direction, waiting until the user has scrolled a certain amount in one direction to actually send a scroll event.
- Once the needed scroll distance has accumulated in kloak, we create a scroll event that looks like a mouse wheel “click”, and schedule it for release the same way we schedule all other input events.
- If the user scrolls very quickly and ends up with a large scroll distance in the accumulator, instead of sending a large number of individual scroll events, we combine the scroll events together so that applications see one big scroll event instead of several smaller ones.
While this is supposed to enhance anonymity, it’s worth noting that users can do things that will still allow them to be fingerprinted even with these protections. Just like kloak isn’t able to entirely hide your typing speed or mouse movement speed, it’s also not able to entirely hide your scrolling speed. If you have a mouse with a free-spinning inertial mouse wheel like a Logitech MX Master device, and you attempt to scroll at full speed with it, applications will see a continuous stream of very large scroll events, which will look very different from someone using a true “clicky” mouse wheel. With typing and mouse movement this isn’t so bad, since most people probably don’t have massively different mouse movement speeds, and people can only type so fast, but with scroll speed this is exacerbated because laptop two-finger scrolling and inertial mouse wheels can both scroll much faster than “clicky” mouse wheels ever could. Thus, users should exercise caution when it comes to how they scroll, especially how fast they scroll, when using apps that may attempt to fingerprint them.
Like the enhanced mouse movement anonymization features, the new scrolling anonymization features will be first available in Whonix 18. At the time of this writing the new enhancements aren’t in trixie-developers yet, but they likely will be soon.