How your mouse movements can be used to track you on the Tor network

Your own fingers may be betray you on the Tor network thanks to a new tracking technique.
Written by Charlie Osborne, Contributing Writer

Can the movements of your mousepad betray your activities on surveillance-thwarting networks? According to one researcher, it's possible.


Jose Carlos Norte, a security researcher based in Barcelona, has devised a technique in which users can be tracked and their online activities watched -- even across the Tor network.

The Tor network is used by privacy advocates, journalists, traders -- both legal and illegal -- as well as users who simply don't want their online activities on the record. The network offers one of the best layers of privacy out there, being comprised of nodes and relays, of which obscure your IP address and the flow of traffic -- therefore making it difficult to track down specific users.

In comparison, browsing the Web through standard browsers such as Firefox and Chrome allows you to be followed via tracking cookies, browser histories, search enquiries and plugins, among other software.

In today's cyberattack and surveillance-happy landscape, using encryption and networks which provide layers of privacy protection is not a bad idea. However, there is no one-stop solution for being anonymous online, and Norte's new techniques highlight this concept well.

Tor and the Tor browser are able to mask IP addresses, but user fingerprints -- behaviors, patterns and writing styles -- could still be used to identify users online.

If a Web domain is able to generate a unique fingerprint for each user, then it is possible to track and correlate their visits, even if an IP is obscured.

"Even worse, it could be possible to identify the user if the fingerprint is the same in [the] Tor browser and in the normal browser used to browse [the] Internet," Norte says. "It is very important for the Tor browser to prevent any attempt on fingerprinting the user."

Over the past few weeks, the security researcher has developed a fingerprinting method based on JavaScript with the overall aim of exploring this concept and potentially improving the Tor browser as a result, according to a blog post this week.

The code, dubbed UberCookie, is deployed onto a website. As most browsers, including the Tor browser, enable JavaScript by default, the code is able to begin tracking mouse wheel movements.

UberCookie is able to slurp hardware data "leaked" by most browsers, including the mouse wheel event. Elements which can be captured include usage patterns, scroll speed and hardware capabilities.

However, the researcher said the most interesting fingerprint vector in the Tor browser is getClientRects, which allows the code to get the exact pixel position and size of a box of a given DOM element.

"Depending on the resolution, font configuration and lots of other factors, the results of getClientRects are different, allowing for a very quick and easy fingerprinting vector, even better than the canvas fingerprinting that is fixed," the researcher says.

Norte has provided a proof-of-concept (PoP) and demo to demonstrate the attack.

While this fingerprinting technique is interesting, it is unlikely it could be used en masse to track users. However, this kind of research can help patch up weaknesses in surveillance-thwarting networks and help keep online privacy alive.

Security researcher Lukasz Olejnik told Motherboard:

"The utilized techniques seems to be used in a rather basic form, time and mouse movements analysis are known in the research community to differentiate between devices/users, it still poses a challenge to use them effectively.
If enhanced, mouse movements tracking could be a form of behavioral tracking."

ZDNet has reached out to the Tor project and will update if we hear back.

10 things you didn't know about the Dark Web

Read on: Top picks

Editorial standards