Over the years Tor has solidified its status as the forerunner of anonymous browsing and internet privacy, but recent findings from independent security researcher Jose Carlos Norte suggest the notorious browser might not be as secure as you think.
Norte has discovered a loophole in Tor that can potentially link your mouse movements back to your identity.
Do business with 5,000 people
TNW NYC is our New York technology event for anyone interested in helping their company grow.
While Tor does indeed offer a higher level of privacy than other browsers, Norte claims that a user’s identity can still be unmasked using an advanced identification method better known as ‘user fingerprinting.’
Making use of “browser exploits, cookies, history [as well as] plugins”, fingerprinting refers to a complex analytical approach that tracks non-standard data on user behavior that can be later correlated to a specific individual.
Using this method websites can generate a unique fingerprint for each user that opens a page. While your identity will remain relatively well-hidden when browsing the Web with Tor, your privacy might be compromised the next time you return to the same website with your regular browser as your fingertip can now be traced back to your identity.
What gives you away is the idiosyncratic patterns in which you move your mouse.
So far, Norte has discovered more than one technique that could lay bare your identity. One of the ways to pinpoint an individual is to measure the speed at which a user scrolls through a page. Alternatively, attackers can also identify you based on how you move the mouse cursor across a page.
Until now, Norte has only tested user fingerprinting in a controlled environment. While the method does not yet guarantee 100 percent accuracy, it certainly raises privacy concerns about future investigations.
➤ Tor Users Can Be Tracked Based on Their Mouse Movements [Softpedia]