Keyboard/Mouse Fingerprinting Defense


ID: 542
PHID: PHID-TASK-ap6oepvzftem26jv5m77
Author: HulaHoop
Status at Migration Time: resolved
Priority at Migration Time: Normal


Attack summary: the timings of and between key presses are unique to each person. They are actively used in the wild to track individuals with extreme accuracy and leads to complete unmasking.

The only choices that seem available is to:

  • write a custom keyboard device driver [1] Difficulty very hard. Unlikely to get mainlined.

  • abstract the system keyboard input as an (internal) network stream that we can add random latency to before releasing it back to the system. (Idea inspired by [2])

The second option is best because its display server agnostic, system wide, easier to implement.

How option 2 would work:

Netevent is a program that redirects input events from the host to a specified destination. Naturally we can set the destination as the host too over the loopback interface. Apply the netfilter_queing rules by @ethanwhite on loopback to introduce random delays.

This package would run as service on host out of reach of malicious code in VM and to provide system wide protection.

Testing defense if it actually works:

Keyboard demos:

Mouse demo:

Mouse pointer motion fingerprinting is also another effective attack [4][5]. Luckily netevent also abstracts mouse input events.

[1] Protection tool for Whonix, Tails · Issue #1 · vmonaco/keystroke-obfuscation · GitHub
[2] windows - How can I introduce input lag (keyboard and mouse) to my system? - Stack Overflow
[3] Share devices over the net · Blub/netevent Wiki · GitHub (GPLv2)
[4] Advanced Tor Browser Fingerprinting


  • Qubes Feature Request: Anti-Keystroke Fingerprinting Tool
  • try kloak anti keystroke deanonymization tool and leave feedback (done): T583
  • keep an eye on kloak anti keystroke deanonymization tool: T596



2016-08-19 03:23:55 UTC


2016-08-28 05:15:47 UTC


2016-08-27 18:56:26 UTC


2016-09-01 19:10:40 UTC


2017-01-10 11:59:47 UTC


2020-08-13 08:32:09 UTC