Compare commits
2 Commits
e39251cafc
...
abd9486a37
Author | SHA1 | Date | |
---|---|---|---|
|
abd9486a37 | ||
|
922a0bdbd1 |
32
README.md
32
README.md
@ -12,14 +12,31 @@ There are spy libraries that can determine how long keys are held down and the t
|
||||
|
||||
This addon was created to skew the key press timing by limiting the speed of presses. The speed is changed randomly on each page load, with a min of 150ms and a max of 300ms.
|
||||
|
||||
It uses a less than ideal thread locking solution, as simply buffering text does not stop event listeners from spies. **Now it also has a non-default setting to use prompt() on non-password single line input elements. This reduces CPU usage and increase typing speed while offering better protection than the delay approach.**
|
||||
|
||||
You can whitelist domains that you trust on the addon settings page, but it was decided not to support changing the key speed manually as that would add another fingerprinting avenue.
|
||||
|
||||
Development Roadmap:
|
||||
# Usage
|
||||
|
||||
This addon has two methods of protecting yourself.
|
||||
|
||||
## On-page protection
|
||||
|
||||
The easiest is to simply type on a page as normal. This method breaks the least amount of websites, but it can be frustrating to type a lot and it causes CPU spikes because of a limitation in javascript event processing.
|
||||
|
||||
You can whitelist sites by using the button in the addon's popup or by manually adding them on the addon settings page.
|
||||
|
||||
## Toolbar input
|
||||
|
||||
You can also enter text into the textarea in the toolbar button which will be instantly transfered to the page. This method allows you to type without lag, but it breaks on many websites and can still be tracked if a website is checking input changes as opposed to key events.
|
||||
|
||||
To avoid using the mouse to do this, you can press ctrl+1 (config [the same way as any addon](https://support.mozilla.org/en-US/kb/manage-extension-shortcuts-firefox)) to open the popup and press esc when done.
|
||||
|
||||
|
||||
|
||||
# Development Roadmap:
|
||||
|
||||
* ~~Menu button to add whitelisted domain more quickly~~
|
||||
* Buffered window/menu/popup option to type quickly but prevent page surveillance
|
||||
* ~~Buffered window/menu/popup option to type quickly but prevent page surveillance~~
|
||||
* Identify websites that break on-page protection by lighting up the icon when on page protection is active
|
||||
* More throrough testing against different avenues of keyboard surveillance
|
||||
* Stylometry protection
|
||||
|
||||
@ -28,9 +45,10 @@ Development Roadmap:
|
||||
# Caveats
|
||||
|
||||
* **This addon may not defeat all types of keyboard biometric surveillance**, however it was tested against the Keytrac and TypingDNA demos and it worked well.
|
||||
* **It is recommended to turn on privacy.resistFingerprinting to avoid leaking your keyboard layout; however this addon protects against that as well if you strictly use the toolbar box**
|
||||
* **This addon does not yet deal with stylometry**
|
||||
* Some websites override all key events in which case it is not (yet) possible to protect against keyboarding analysis there
|
||||
* You may see higher CPU usage while typing. This is due do the unideal locking solution described above
|
||||
* Typing directly on pages will have CPU spikes due to a browser limitation
|
||||
* Do not confuse this with spying keyboard apps on mobile devices, this cannot address that.
|
||||
* Not tested on Firefox Android
|
||||
-----
|
||||
@ -41,5 +59,9 @@ www dot keytrac dot net/en/
|
||||
|
||||
www dot typingdna dot com/
|
||||
|
||||
(If you try the spy software demos, keep in mind that this addon changes your fingerprint for on-page typing on reload)
|
||||
|
||||
Keep in mind that scripts embeded on pages are not the only way to spy on you. [CSS can record keystrokes](https://css-tricks.com/css-keylogger/) and things such as autocomplete or typing notifications may measure your typing speed server side.
|
||||
|
||||
https://www.whonix.org/wiki/Stylometry
|
||||
[https://www.whonix.org/wiki/Keystroke_Deanonymization](https://www.whonix.org/wiki/Keystroke_Deanonymization)
|
||||
|
@ -36,8 +36,8 @@ let appCode = function (){
|
||||
document.selection.empty()
|
||||
}
|
||||
}
|
||||
let minValue = 75
|
||||
let maxValue = 150
|
||||
let minValue = 50
|
||||
let maxValue = 75
|
||||
let time = 0
|
||||
let last = null
|
||||
|
||||
@ -100,9 +100,8 @@ let appCode = function (){
|
||||
|
||||
function pausecomp(millis)
|
||||
{
|
||||
// Yes i know this wastes cpu. i don't like it either, but it seems a blocking
|
||||
// approach is needed to prevent spying event listeners from reading key events in *real time*
|
||||
// Might use an off-page buffer solution in the future
|
||||
// Yes i know this wastes cpu. i don't like it either, but it is the only way
|
||||
// i know of to have real page keypress events that aren't trackable
|
||||
var date = new Date();
|
||||
var curDate = null;
|
||||
do { curDate = new Date(); }
|
||||
|
@ -9,10 +9,11 @@
|
||||
</head>
|
||||
<body>
|
||||
<header id="siteDomain"></header>
|
||||
<button id="toggleSite">Disable Keyboard Privacy</button>
|
||||
<button id="toggleSite">Disable Slow Typing</button>
|
||||
<p id="reloadPage">Refresh the page to apply</p>
|
||||
|
||||
<br>
|
||||
<textarea tabindex="0" id="keyBuffer" cols="20" rows="10" placeholder="Text typed here will be sent to active input/textarea elements. Breaks on many sites, but is faster than typing directly on the page"></textarea>
|
||||
<br>
|
||||
<textarea tabindex="0" id="keyBuffer" cols="20" rows="10" placeholder="Text typed here will be sent to active input/textarea elements. Breaks on many sites, but is faster than typing directly on the page."></textarea>
|
||||
</body>
|
||||
</html>
|
@ -33,7 +33,7 @@ browser.storage.sync.get("keyboardprivacywhitelist")
|
||||
let hostname = extractHostname(tabVal[0].url).replace('www.', '')
|
||||
document.getElementById('siteDomain').innerText = hostname
|
||||
if (val.keyboardprivacywhitelist.includes(hostname)) {
|
||||
document.getElementById('toggleSite').innerText = 'Enable Keyboard Privacy'
|
||||
document.getElementById('toggleSite').innerText = 'Enable Slow Typing'
|
||||
}
|
||||
})
|
||||
.catch(reportError);
|
||||
@ -104,11 +104,11 @@ document.getElementById('toggleSite').onclick = async function(){
|
||||
}
|
||||
document.getElementById('toggleSite').setAttribute('disabled', true)
|
||||
if (document.getElementById('toggleSite').innerText.startsWith('Disable')){
|
||||
document.getElementById('toggleSite').innerText = 'Enable Keyboard Privacy'
|
||||
document.getElementById('toggleSite').innerText = 'Enable Slow Typing'
|
||||
changeWhitelist(document.getElementById('siteDomain').innerText, true)
|
||||
}
|
||||
else if (document.getElementById('toggleSite').innerText.startsWith('Enable')){
|
||||
document.getElementById('toggleSite').innerText = 'Disable Keyboard Privacy'
|
||||
document.getElementById('toggleSite').innerText = 'Disable Slow Typing'
|
||||
changeWhitelist(document.getElementById('siteDomain').innerText, false)
|
||||
}
|
||||
setTimeout(function(){fixDuplicateCommas()}, 1000)
|
||||
|
Loading…
Reference in New Issue
Block a user