Tor Users Can Be Tracked Based On Their Mouse Movements

An anonymous reader writes: The way you move your mouse is unique, like fingerprints, and can be used by dark forces to track you on supposedly anonymous and secure networks like Tor, according to a Barcelona researcher. Because the Tor Project has failed to address a ten-month-old issue regarding "time measurement via JavaScript," there are a series of user fingerprinting techniques that are quite accurate at identifying users based on their mouse movements, scrolling speed, and how their browser and hardware reacts to certain JavaScript code. If a user visits a "fingerprinting" website via Tor and then via a normal browser, an attacker can have a general idea about their identity and can even pinpoint them to real IPs. The data that is usually logged in fingerprinting schemes is not 100% reliable or accurate for that matter, but it provides a starting point for future investigations.

Noscript.

[sims+2]

This one of the reasons why they should have never left noscript off by default.

Re:Noscript.

[Jack+Griffin]

Makes no difference, we're all fucked. Technology is now reaching a point where humans cannot compete with machines.
Your cell phone provider already has enough info to know everywhere you are at any point in time, who your friends and family are, who you call and how often. Google knows all your web habits, and what you hobbies are, and you bank knows every cent you spend, where and on what. And this info is freely bought and sold to marketing companies and other bad actors. It only takes one slip to connect a name to this data and your life is captured on record forever. We need to start preparing for a non-private reality, than try to hang onto any semblance of privacy we think we still have. Even as I type this some algorithm somewhere has already tied my writing style to all my other web aliases and is connecting me to my real identity.
Privacy is dead.

Re:Noscript.

[dbIII]

According to his user number he was born yesterday

A real name as a login is a bit of a major clue for that as well.

Why do kids do that today?

Unless you are a public figure that treats stuff you write here as carefully as a press release it is a very bad move to use your real name as a login.

Re:Guess it's time to

[bloodhawk]

I would imagine trackpads are vulnerable to the exact same fingerprinting techniques. browser priority is unlikely to have any significant effect on timing and tracking of these events and it would be an absolute pain in the arse.

Re:I don't see it.

They don't have to. They just have to parade some "experts" in front of a jury and say they're pretty sure they matched your mouse movement to a pedo. Sort of like how the FBI handles hair analysis. If the government wants you gone, this is just another tool in the toolbox.

Re:Guess it's time to

[ShanghaiBill]

I would imagine trackpads are vulnerable to the exact same fingerprinting techniques.

What Cdsparrow is saying is that you use a trackpad on Tor, and use a mouse for normal browsing. Both can be fingerprinted, but they won't be the same fingerprint. When I want to arrange a major drug deal, or hire an assassin, I use a different computer (a second hand Chromebook that I bought for cash), and I connect through a public WiFi. It has a trackpad, a different browser, and a much slower CPU than my desktop.

Re:Gee Fucking Whiz

[Aighearach]

Yeah but if you're not on Tor, you're not doing anything illegal and you're not worried about tracking of that sort because normally of course the remote server knows your IP and everything, and there are a zillion potential logs or whatever in the middle.

If you're on Tor for free speech, of course you don't care because you're not there for privacy; you're there to disguise your activities from local observation of the network. You already have to trust the remote server not to tattle to your government in that case.