update readme

master
Kevin F 6 months ago
parent 922a0bdbd1
commit abd9486a37
  1. 32
      README.md
  2. 2
      settings/button.html

@ -12,14 +12,31 @@ There are spy libraries that can determine how long keys are held down and the t
This addon was created to skew the key press timing by limiting the speed of presses. The speed is changed randomly on each page load, with a min of 150ms and a max of 300ms.
It uses a less than ideal thread locking solution, as simply buffering text does not stop event listeners from spies. **Now it also has a non-default setting to use prompt() on non-password single line input elements. This reduces CPU usage and increase typing speed while offering better protection than the delay approach.**
You can whitelist domains that you trust on the addon settings page, but it was decided not to support changing the key speed manually as that would add another fingerprinting avenue.
Development Roadmap:
# Usage
This addon has two methods of protecting yourself.
## On-page protection
The easiest is to simply type on a page as normal. This method breaks the least amount of websites, but it can be frustrating to type a lot and it causes CPU spikes because of a limitation in javascript event processing.
You can whitelist sites by using the button in the addon's popup or by manually adding them on the addon settings page.
## Toolbar input
You can also enter text into the textarea in the toolbar button which will be instantly transfered to the page. This method allows you to type without lag, but it breaks on many websites and can still be tracked if a website is checking input changes as opposed to key events.
To avoid using the mouse to do this, you can press ctrl+1 (config [the same way as any addon](https://support.mozilla.org/en-US/kb/manage-extension-shortcuts-firefox)) to open the popup and press esc when done.
# Development Roadmap:
* ~~Menu button to add whitelisted domain more quickly~~
* Buffered window/menu/popup option to type quickly but prevent page surveillance
* ~~Buffered window/menu/popup option to type quickly but prevent page surveillance~~
* Identify websites that break on-page protection by lighting up the icon when on page protection is active
* More throrough testing against different avenues of keyboard surveillance
* Stylometry protection
@ -28,9 +45,10 @@ Development Roadmap:
# Caveats
* **This addon may not defeat all types of keyboard biometric surveillance**, however it was tested against the Keytrac and TypingDNA demos and it worked well.
* **It is recommended to turn on privacy.resistFingerprinting to avoid leaking your keyboard layout; however this addon protects against that as well if you strictly use the toolbar box**
* **This addon does not yet deal with stylometry**
* Some websites override all key events in which case it is not (yet) possible to protect against keyboarding analysis there
* You may see higher CPU usage while typing. This is due do the unideal locking solution described above
* Typing directly on pages will have CPU spikes due to a browser limitation
* Do not confuse this with spying keyboard apps on mobile devices, this cannot address that.
* Not tested on Firefox Android
-----
@ -41,5 +59,9 @@ www dot keytrac dot net/en/
www dot typingdna dot com/
(If you try the spy software demos, keep in mind that this addon changes your fingerprint for on-page typing on reload)
Keep in mind that scripts embeded on pages are not the only way to spy on you. [CSS can record keystrokes](https://css-tricks.com/css-keylogger/) and things such as autocomplete or typing notifications may measure your typing speed server side.
https://www.whonix.org/wiki/Stylometry
[https://www.whonix.org/wiki/Keystroke_Deanonymization](https://www.whonix.org/wiki/Keystroke_Deanonymization)

@ -14,6 +14,6 @@
<br>
<br>
<textarea tabindex="0" id="keyBuffer" cols="20" rows="10" placeholder="Text typed here will be sent to active input/textarea elements. Breaks on many sites, but is faster than typing directly on the page"></textarea>
<textarea tabindex="0" id="keyBuffer" cols="20" rows="10" placeholder="Text typed here will be sent to active input/textarea elements. Breaks on many sites, but is faster than typing directly on the page."></textarea>
</body>
</html>
Loading…
Cancel
Save