As I'm the author of the previous request, and now an endpoint cyber security engineer by trade, I will endorse and reiterate my belief in the need for this tech in the Tails-OS.
Fuckthebop, thanks for bringing this back up. On Mon, Oct 26, 2020, 10:58 fuckthebop <[email protected]> wrote: > Hey, > > Brief introduction on myself: I am a cyberpunk that has been around > quite a while and has always had an interest in privacy, security, and > anonymity but I dabble in a little bit of everything. I have been a > Tails user since about 2014. > > I would like to propose that Tails include an anti-keystroke biometrics > tool such as Kloak (see https://github.com/vmonaco/kloak). I have > reviewed the previous proposal (located here: > https://lists.autistici.org/message/20190328.132622.54c1ee7e.en.html) > and have decided to re-propose the inclusion of this tool with a more > hardened and detailed reasoning. > > To explain what keystroke biometrics is would be very similar to explain > how normal (physical) fingerprinting works. Your fingerprint is > something that is very unique to you and is very difficult to alter or > modify on an ongoing basis. You leave your fingerprint all around you > every day without consciously doing so - and attempting to always wear > gloves to obfuscate your fingerprint is not feasible. Similarly, each > typist has a unique keystroke biometric that is very unlikely to be > shared by any other person in the world and is very difficult for a > typist to consciously alter on an ongoing basis. More on keystroke > biometrics can be read on Wikipedia > (https://en.wikipedia.org/wiki/Keystroke_dynamics) and I will assume > that you have taken a cursory look at that article. > > The reason that this type of obfuscation should be included in Tails is > very simple. One of the design goals of Tails is to make all Tails/Tor > Browser users look the same and share fairly similar fingerprints. We > likely have about 20,000 or so regular Tails users and 2-3 million Tor > users. This is a small fraction of the estimated ~5 billion Internet > users today. Therefore, this small subset (2-3 million users) must look > generally the same to different types of analysis to achieve these > goals. However, each users' own keystroke biometrics distinguishes them > from everyone else and travels across all of their contextual identities. > > Assuming that global intelligence organizations have the Upstream/PRISM > collection apparatus that they most certainly do, it would not be > difficult for a nation-state adversary to know a specific person was > utilizing Tor, even without an ISP's assistance. As discussed, each of > our own keystroke biometrics are intrinsically unique to us as > individuals. If a service was utilizing a keylogger or logging our > keystrokes, they would be able to capture and analyze our keystroke > biometrics data. Let's frame a situation: Claire is a Tails user and is > not utilizing an anti-keystroke biometric tool. Claire signs up for an > email account on a very widely-used email service ("The Service") while > using Tails and while taking the usual precautions. Of course, at some > point, she sends an email using The Service. For any reason, Claire is > the target of a surveillance operation - perhaps she is a journalist in > an oppressive country or she is a whistleblower and is publishing > anonymously. It turns out that The Service has been logging keystroke > biometrics data from its users for a period of time - similar to how > some US phone companies (ahem, Verizon) collected all phone call > metadata/content for NSA over an extended period of time. At some point > during that period, Claire had previously used an account on The Service > linked with her real identity. If The Service was required by a > government to do so or even wanted to do so themselves - they could > compare all collected user keystroke biometric data to see that this > anonymous account's biometric data is extremely similar to a previous > user they had, and they can assume that this previous user and this > anonymous user are one-in-the-same with a high degree of certainty. This > is because it is very unlikely for two separate individuals to have the > same keystroke biometrics, and even if a few people did, this would very > greatly narrow the suspect pool. Even worse, if Claire had multiple > anonymous identities on The Service, they could all at least be linked > to one another, if not also her real identity. There is nothing stopping > a company from collecting this data without a warrant or order because > users willingly turn this data over by using that company's website or > service. If Claire had been using Tails with some type of anti-keystroke > biometric tool, her biometrics would have been randomized on her > anonymous identity and could not have been linked back to her real > identity. > > I understand that there may be some skepticism about this type of > analysis. While there is not clear evidence of a company logging this > type of data for this kind of purpose, it is not something out of the > scope of realism now or in the near future. Additionally, there are > instances today where we can observe companies logging some keystroke > data - such as online payment processors not allowing credit card > numbers to be pasted in number fields because not typing numbers in the > field is a sign of credit card fraud. Also, we have no way to know if > the global surveillance apparatus is logging keystroke data on its own > and/or is forcing or requesting companies to do so in a similar manner > to what the PRISM program accomplishes with NSA accessing Internet > companies' stored data. If that was the case, the global surveillance > apparatus forcing or requesting even just a few major companies to log > and turn over keystroke biometrics data would encompass a very large > amount of the Internet's usership. I would like you to think about if > you have ever used a website or service at two different points in time > on a non-anonymized identity and an anonymized identity whether that > service required you to sign up for an account or not. Obviously, it > need not be that you are using an account on a website for them to be > able to store this type of data, but it would make it much easier for > them to track such data across sessions. > > I feel that we must take a proactive approach on protecting user > anonymity rather than a reactive one - especially when we are servicing > operating systems and software to users that require a high-level of > anonymity in very difficult situations. Including this type of > obfuscation in Tails has benefits that greatly outweigh the negatives. > This is something that very seriously needs to be considered by the dev > team to be included in the near future. Lastly, I want to thank the dev > team for their contributions. > _______________________________________________ > Tails-dev mailing list > [email protected] > https://www.autistici.org/mailman/listinfo/tails-dev > To unsubscribe from this list, send an empty email to > [email protected]. >
_______________________________________________ Tails-dev mailing list [email protected] https://www.autistici.org/mailman/listinfo/tails-dev To unsubscribe from this list, send an empty email to [email protected].
