Websites can track us by the way we type

– Here’s an article explaining how websites can identify who is typing by watching patterns in how we touch the keys.  I.e., how long you hold particular keys down and how much time elapses between different keystrokes.

– And the article describes a Google Chrome add-on that will mask this for you so you can become anonymous again.

– It is getting harder and harder to move about in the world anonymously.  There are some who would say, “If you are not doing anything wrong, why would you care?”  I don’t subscribe to that.  We are, by common social agreement and oftentimes by the rule of law, innocent until proved guilty.

– The people that hold and use these tools may be benign towards us today but there’s no guarantee that they will remain so in the future.  So, it seems obvious to me that if someone wants to exert greater control over us in the future, they will already have all the tools they need to win the battle to control us before a shot is fired.

– dennis

= = = = = = = = = = = = =

Meet KeyboardPrivacy: a proof-of-concept Google Chrome extension that masks how long your fingers linger on each key you depress as you type and how much of a time lag there is between each of your key presses.

And just why would you need to disguise these typing traits – also known as periodicity – which are as unique to individuals as fingerprints?

Because there’s technology out there that can measure our typing characteristics, on the scale of millisecond-long delays and key presses, and use the data to profile us with such a high degree of accuracy that – Tor or no Tor – you won’t stay anonymous when browsing online.

Examples include profiling technology from a Swedish company called BehavioSec that can identify site visitors, based on their typing habits, with a session score of 99% and a confidence rate of 80%.

That type of success comes after the technology has been trained on a mere 44 input characters.

The extension, designed to obfuscate our typing patterns, comes from security researchers Per Thorsheim and Paul Moore.

On Tuesday, Moore said on his blog that UK banks are rumored to be actively trialing such technology to try to detect and minimize the risk of fraud.

That rumor is backed up by news reports mentioning that, as of March 2013, BehavioSec counted Sweden’s top ten national banks – along with Samsung – among its clients.

Why would the researchers want to fight off banks’ efforts to detect fraudulent activity on our accounts?

And why would bank customers want to reduce security by throwing a monkey wrench – or, really, in this case, it’s more like introducing the technical equivalent of a highly accurate cat walking across our keyboards – into banks’ efforts?

Because as it is, we’re trading privacy for security, Moore said.

…More:

 

Comments are closed.