Typing patterns are the latest anonymity-shattering personal identifier


#1

[Read the post]


#2

You could. Probably. Guess who is. Typing if. It was Sir Christoper. Walken.


#3

Seems like building this into the browser is doable. An extension is good, but ideally it’d involve sandboxing and then batch reporting (say 4x / second) key events in all cases, while displaying the visible browser environment perfectly. And I think that second part has to be native to the browser. You could still pick up patterns, but with much less signal in the noise.

This would bork gaming, which needs the precision, but perhaps there could be an opt-out protocol, similar to location sharing.


#4

Not so much patterns as content, but I recently received a weird “ARE YOU THIS JOURNALIST” pm to my Reddit account. Due to the specific target they asked about “for research”, I believe for the purposes of unmasking/reprisal.

I do have particular mannerisms and words I use more than others, but the guess was as hilariously misplaced as it was creepy.


#5

On the internet no one knows that you are Frog


#6

This technique is less useful for unmasking users, and more useful in detecting man in the browser injections, debugging, and account take overs.


#7

Similar to techniques dating back to WWII where the substitution of an agent could be detected by the change in the “hand” of their Morse code transmissions


#8

I know, I know!!! William Shatner, right?


#9

This sort of thing seems more useful for tempest monitorng, where gestural interaction is always broadcasting.

But for web browsers the fix is easy - don’t send data constantly. This one of most significant peeves about web browsers. Only send data when I specify with the “return” key! Only update the page I am reading when I specify! It’s a UI/UX fiasco.


#10

This is not new at all. There was sample code for this in a issue of Byte magazine back in the early 90s and not long after that a commercial product to lock your PC with a pass-phrase. The differentiating feature from other locking apps of the time being that even if somebody knew the passphrase they would have difficulty replicating your typing tempo.


#11

CAT-LIKE TYPING DETECTED


#12

You could, for example, prepare your text in a notepad before cut-pasting them into a browser text field if it really bothers you, but this too would be your identifying browsing habit if you were to do this all the time.


#13

I wonder if Cory would recommend putting gravel in your gloves to mask your typing gait.


#14

I hope you said yes.


#15

I didn’t need people chasing down my posts and personal life trying to triangulate my location based on posts made, so I gave a less trolly response.


#16

you actually responded? I wouldn’t have.


#17

There are other reasons why it is better to have browsers only send or receive data when I need them to, which copy-and-paste techniques do not remedy.


#18

I’ve been stalked before by an online character, someone I’ve never met before visiting my apartment building and leaving creepy evidence of which online.

I’d rather avoid the “fun” when you’ve already got someone attempting to contact me about profiling, who the heck knows what’s wrong with internet randos?


#19

i see. I was thinking there was no good outcome to helping the questioner; so therefore, logically, do nothing. but I guess if they’re local, or willing and able to travel, what happened to you before is a possibility. yeah, good call.


#20

So I see…

:stuck_out_tongue: