Tor Mouse User Fingerprinting
What would your mouse habits reveal?Reuters

A computer programmer and researcher has outlined how Tor browser users could be opening themselves up to web hackers and spies, based only on the habitual nature of their mouse movements.

While Tor is designed to protect user privacy by hiding their IP address (as well as erasing cache and history data after use, among other protective measures), the open source browser for Windows, Mac and Linux could still be subject to user fingerprinting according, to Jose Carlos Norte.

Norte asserts that by using the Javascript coding language that runs in the Tor browser, a hacker could assess the historic patterns associated with a user's mouse movements and wheel scrolling inside less secure browsers to fingerprint the same user inside a Tor webpage.

"Every user moves the mouse in a unique way," Norte told Motherboard. "If you can observe those movements in enough pages the user visits outside of Tor, you can create a unique fingerprint for that user. Then you can identify him inside of Tor, based on how he or she uses t2he mouse."

"Mouse movements tracking could be a form of behavioural tracking"

Norte has even produced a proof of concept showing the method hackers could use to obtain the fingerprint data. He outlined in his research that the Tor API getClientRects could be used as a vector for user fingerprinting, as it also factors in resolution and font configuration when analysed.

Privacy and security researcher Lukasz Olejnik maintained: "If enhanced, mouse movements tracking could be a form of behaviuoral tracking", however in its current state, researchers and subsequently web spies would face "a challenge to use [the analysis] effectively".

For those concerned about being tracked in the Tor browser in this way, disabling the default Javascript setting will put a stop to anyone nosing around your mouse habits.