keyboardPrivacy is a device that protects you against typing-based profiling
Remember keyboardPrivacy? We reviewed the proof-of-concept Chrome extension back in 2015 when it was first released to protect its users against one from of behavioral targeting: the analysis of typing patterns.
All users had to do was install the Chrome extension and be protected against different forms of typing-based tracking.
Firefox users can check out the Behavioral Keyboard Privacy extension for the browser instead.
Technically speaking, the extension does manipulate two core metrics used to identify a person based on the typing pattern. Dwell Time and Gap Time define the time that a key is pressed and the time between key presses respectively.
The security researcher launched a campaign on Indiegogo today to fund a hardware-based device that prevents the identification of the user based on typing.
The device is placed between the keyboard and the computer. Just like the Chrome extension, it works automatically once it is put in place.
The device offers several advantages over browser extensions, namely that it works on the entire system and not just in a single-browser, that it does not require the installation of software, cannot be detected and does not cause latency on some sites.
The two downsides are that a single device costs Â£35 GBP (roughly 40 Euro / Dollar), and that it only seems to work with USB-based keyboards and not with other ports, e.g. PS/2.
Tip: if you are interested in finding out if you can be identified, you may want to run the free online test on the KeyTrac website.
You are asked to type two paragraphs of English text that is used to analyze the typing behavior, and then another paragraph that is used for identification. KeyTrac recommends to ask someone else first to type the second text that it uses for identification as it should demonstrate negative and positive identification.
More and more sites use behavioral tracking, e.g. for fraud detection. A hardware-based device protects against typing-based behavioral identification just like the Chrome extension but with several advantages. While it may be used in more environments because of that, it too may not be used in all or with all devices, e.g. a laptop with connected keyboard.
Now You: Did you take the behavioral targeting typing test? What was the outcome?
Useless here, as I type all my messages in notepad then copy/paste it on whatever message box online. I do this just in case any network errors occur, so I don’t have to re-type my message. I also don’t have to deal with too small/narrow message boxes, or with idiotic (yes, it is idiotic, it’s not helpful at all, stop it) auto formatting of text some websites like to do.
Really, into notepad? Sounds like a complete placebo to me.
I simply use a self written UserScript that warns me on sites that use JS to analyze typing behaviour. It also warns me about input hijacking where scroll speeds are manipulated.
uMatrix and uBlock block such tools on most sites very very reliably.
The reason why I write externally is due to potential network errors and having to retype my messages. I don’t care about this particular way of tracking myself.
For those suffering extreme paranoia to help fend off the efforts of those who suffer extreme anxiety if they don’t scrape data from every possible user.
I mainly type everything in notepad and just paste it at the website or other app that requires said text. So, good luck tracking that Ctrl-V pattern (always the same).
Aside from that, I wonder is that device use some kind of chip that can get hacked and used by a third party for better tracking you (in other words, using your “defense” against yourself.)
Damn. I’m a touch-typist so I don’t even look at the keyboard while I’m typing – I learned it in high school and type over 100wpm. The test got me at 100% recognition, even when I intentionally altered my typing style. (Even switching to hunt-and-peck it nailed me accurately). Spooky – and scary, too.
How you type is one thing, how you say things is another.
It is entirely possible to identify someone by their linguistic style. The exact way you speak is as unique as your fingerprint. There was an attempt to identify Satoshi Nakamoto through stylometric analysis, but the result was inconclusive due to the limited data sample size. However if someone has written hundreds or even thousands of posts on some forum, that would be a very large sample size with which analysis tools can form an extremely accurate profile. This form of tracking is based entirely on the human rather than the browser or device being used and is therefore much harder to mitigate. What you say can be used against you.
Exactly how I recognize the sockpuppets of some regulars here by their ever constant choice of re-using specific unique words and phrases.