Skip to content
Technology & Innovation

Tor Users Can Be Tracked by Their Mouse Movements

Jose Carlos Norte has found a way to fingerprint Tor users and track them based on their mouse movements. However, the exploit can only be used if JavaScript is enabled in the browser.

Only you can jiggle that mouse in such a unique way, and there are people out there who might use this information to identify you. This ID technique could even be used to fingerprint those of us who use anonymous networks, like Tor, according to researcher Jose Carlos Norte.

“I have been able to fingerprint Tor browser users in controlled environments and I think it could be interesting to share all the findings for further discussion and to improve Tor browser,” he said on his website.

Tor works to anonymize its users on several levels: by covering up unique information surrounding your computer, which can be used to fingerprint you, and where your logging in from. Websites can fingerprint someone based on the screen size of their browser window, operating system, text size, and so on. Tor browser has implemented countermeasures on many of these fronts to make sure those who make use of its anonymous network can’t be fingerprinted by ads, governments, or nefarious individuals.

Norte’s exploit only works if users have JavaScript enabled in Tor browser. Through this method, he writes it became “easy to fingerprint users using tor browser to track their activity online and correlate their visits to different pages.”

We create a unique set of data when we use our mouse. If there’s a mouse wheel, for instance, says Norte, “The mouse wheel event in Tor Browser (and most browsers) leaks information of the underlying hardware used to scroll the webpage.”

“Another leak in the mouse wheel, is the scroll speed that is linked to the configuration of the operating system and the hardware capabilities itself,” he adds.

Even the speed at which we move our mouse can be used to fingerprint us.Since the speed of the mouse is controlled by the operating system and related to hardware, and can be read using javascript if you can measure time using the mentioned strategies.”

Tor is a good way to maintain privacy on the internet, but it’s not a perfect solution. There will always be people out there trying to find a way to crack the Tor network and de-anonymize its users. But its important to understand that this network of users includes activists, journalist, and those who wish to escape informational tyranny in their home countries.

The current solution to avoid this fingerprinting method is to keep JavaScript disabled.Bug tickets reveal Tor is working on a solution.

***

Photo Credit: DON EMMERT/AFP/Getty Images

Tor screenshot: Linux Screenshots/ Flickr

Natalie has been writing professionally for about 6 years. After graduating from Ithaca College with a degree in Feature Writing, she snagged a job at PCMag.com where she had the opportunity to review all the latest consumer gadgets. Since then she has become a writer for hire, freelancing for various websites. In her spare time, you may find her riding her motorcycle, reading YA novels, hiking, or playing video games. Follow her on Twitter: @nat_schumaker


Related

Up Next