TOR’s Anonymity Promise Slashed- Users can be Tracked with their Mouse Movements!
TOR is used by probably millions of Internet users simply because it keeps their identities hidden and protected from potential exploiters. However, Tor browser has been receiving criticism by several security researchers regarding various vulnerabilities that may expose the identity of the user.
Now, an independent security researcher Jose Carlos Norte has identified several key flaws in fingerprinting techniques that can be used against Tor users.
Norte has revealed his findings in a series of articles along with an actual demonstration of how this can take place. He states that a Tor user can be tracked down with the speed at which the mouse wheel is used by him/her to scroll down through a web page. This is an effective technique to track user movements. However, there are millions of users who scroll through web pages using the same mouse wheel speed. So, how can this technique be so effective?
Twitter Alerting Users on State-Backed Attacks, Urging Use of Tor
To this, Norte responds that it is possible that the attacker identifies the scroll pattern according to every user’s idiosyncrasies. It is also possible that exploiters log the speed at which the mouse cursor is moved across a page.
The interesting part is that, since every user has set personal OS mouse sensitivity preferences and preferred set of gestures while using a mouse, therefore, this technique may turn out to be effective. So, if someone is using the trackpad on a laptop, it gets a lot easier to track not just the movements but the entire machine simply by employing a fingerprint technique.
Norte also identified that if users run a CPU-intensive JavaScript operation in Tor, the time required to execute that task can be recorded. This information can be used to pin a suspect on a computer from where Tor browser has been used.
But Norte states that the effectiveness of these methods is dependent upon the ability of the attackers to measure time accurately on Tor, at the 1-millisecond level. This means an attacker must possess lightning fast reflexes to complete the task within due time.
What we can tell you in a nutshell is that, if you don’t want your movements to be tracked- stop using Tor unless it is REALLY necessary.