Originally published at: https://www.whonix.org/blog/1890-2
Tracking techniques have become more sophisticated with time. They advanced from simple cookies to browser/device fingerprinting (which Tor Browser focuses on defeating) to user behavior fingerprinting. The latter is about profiling how a user types on a keyboard or uses a mouse.
Keystroke dynamics have been around for a while but the massive scale of deployment is new and comes with serious implications for anonymous users. This technology is already used by PRISM partners, banks and massive online courses.
Note that even if a user’s destination does not itself surreptitiously record biometrics, anyone observing the network traffic of SSH in interactive mode or JS applications (functionality like Google suggestions) can generate a model for your biometric statistics.
As a countermeasure security researcher Paul Moore created a prototype Chrome plugin known as KeyboardPrivacy. It works by caching keystrokes and introducing a random delay before passing them on to a webpage. A Firefox add-on was planned but nothing has surfaced so far.
We don’t know how effective VMs are at blunting the threat. Read more if you are interested in helping out.
A very much needed project would be to write a program that mimics the functionality of the this add-on but on the OS level.