A Barcelona-based security researcher has developed a proof-of-concept that he claims can identify Tor users based how they move their mice.
Norte said if a website is able to generate a unique fingerprint that identifies each user that enters the page then it is possible to track a user’s activity and correlate visits with that user.
Security researcher Lukasz Olejnik told Motherboard he doubted Norte’s findings and said a threat actor would need much more information, such as acceleration, angle of curvature, curvature distance, and other data, to uniquely fingerprint a user.
It appears that developers are looking into the issue based on two official bug reports that mention Norte’s exploits.
Co-founder of the Tor Project Roger Dingledine said in comments emailed to SCMagazine.com it’s great to see more research into fingerprinting attacks, which continue to gain importance as unscrupulous advertisers try to track users on the web.
“The time-based fingerprinting ideas we’re talking about here underscore the progress that Tor Browser has made on closing down all of the easy tracking avenues,” Dingledine said. “The trick now is to close down the ‘noisier’ (less precise) tracking avenues while still maintaining usability,” he added.
UPDATE: This story has been updated to include comments from Roger Dingledine, co-founder of the Tor Project.