This post is also available in: עברית (Hebrew)
The privacy focused Tor network has been a regular feature of the news in recent years, most recently with the confirmation by a US Federal judge the Carnegie Mellon University was commissioned by the US government to break Tor’s encryption. Now, a security researcher from Barcelona claims he has developed a proof-of-concept for a method to identify Tor users based on their mouse movements.
“Every user moves the mouse in a unique way,” Norte told Motherboard. “If you can observe those movements in enough pages the user visits outside of Tor, you can create a unique fingerprint for that user. Then you can identify him inside of Tor, based on how he or she uses the mouse,” he said.
Lukasz Olejnik, a security researcher, told Motherboard that he finds Norte’s findings doubtful. According to him, to identify a user, a threat actor would need much more information than Norte’s method, which would include: angle of curvature, acceleration, curvature distance, and more. “[T]ime and mouse movements analysis are known in the research community to differentiate between devices/users, it still poses a challenge to use them effectively,” he said.
The Tor Project has yet to respond to requests for comment, but Motherboard reports that “it seems that its developers are looking into this issue, according to two official bug reports.”