On 10/06/2015 02:55 PM, Travis Biehn wrote: > It's sort of like voice biometrics - two people can share the same > 'feature set' but you and your attacker (the person who has your banking > password) are 'unlikely' to. > > It's not useful for positive identification by itself, out of that large > database there would be many collisions.
True. But that's only one scenario in which such biometrics profiling could be used. I don't know of any bank that uses that, though. Anywhoo… Another worrying scenario is using keypress timings to profile netizens in addition to other ways of recognizing them (be it User-agent string, Adobe Flash player + system font list, HTML5 <canvas> element). I thing we should try to think of ways to mitigate this attack. Thoughts? -- czesiek
signature.asc
Description: OpenPGP digital signature
