Re: [Tails-dev] Proposal for Kloak

Delete this message

Reply to this message
Author: Justin McAfee
Date:  
To: The Tails public development discussion list
Subject: Re: [Tails-dev] Proposal for Kloak
As I'm the author of the previous request, and now an endpoint cyber
security engineer by trade, I will endorse and reiterate my belief in the
need for this tech in the Tails-OS.

Fuckthebop, thanks for bringing this back up.

On Mon, Oct 26, 2020, 10:58 fuckthebop <fuckthebop@???> wrote:

> Hey,
>
> Brief introduction on myself: I am a cyberpunk that has been around
> quite a while and has always had an interest in privacy, security, and
> anonymity but I dabble in a little bit of everything. I have been a
> Tails user since about 2014.
>
> I would like to propose that Tails include an anti-keystroke biometrics
> tool such as Kloak (see https://github.com/vmonaco/kloak). I have
> reviewed the previous proposal (located here:
> https://lists.autistici.org/message/20190328.132622.54c1ee7e.en.html)
> and have decided to re-propose the inclusion of this tool with a more
> hardened and detailed reasoning.
>
> To explain what keystroke biometrics is would be very similar to explain
> how normal (physical) fingerprinting works. Your fingerprint is
> something that is very unique to you and is very difficult to alter or
> modify on an ongoing basis. You leave your fingerprint all around you
> every day without consciously doing so - and attempting to always wear
> gloves to obfuscate your fingerprint is not feasible. Similarly, each
> typist has a unique keystroke biometric that is very unlikely to be
> shared by any other person in the world and is very difficult for a
> typist to consciously alter on an ongoing basis. More on keystroke
> biometrics can be read on Wikipedia
> (https://en.wikipedia.org/wiki/Keystroke_dynamics) and I will assume
> that you have taken a cursory look at that article.
>
> The reason that this type of obfuscation should be included in Tails is
> very simple. One of the design goals of Tails is to make all Tails/Tor
> Browser users look the same and share fairly similar fingerprints. We
> likely have about 20,000 or so regular Tails users and 2-3 million Tor
> users. This is a small fraction of the estimated ~5 billion Internet
> users today. Therefore, this small subset (2-3 million users) must look
> generally the same to different types of analysis to achieve these
> goals. However, each users' own keystroke biometrics distinguishes them
> from everyone else and travels across all of their contextual identities.
>
> Assuming that global intelligence organizations have the Upstream/PRISM
> collection apparatus that they most certainly do, it would not be
> difficult for a nation-state adversary to know a specific person was
> utilizing Tor, even without an ISP's assistance. As discussed, each of
> our own keystroke biometrics are intrinsically unique to us as
> individuals. If a service was utilizing a keylogger or logging our
> keystrokes, they would be able to capture and analyze our keystroke
> biometrics data. Let's frame a situation: Claire is a Tails user and is
> not utilizing an anti-keystroke biometric tool. Claire signs up for an
> email account on a very widely-used email service ("The Service") while
> using Tails and while taking the usual precautions. Of course, at some
> point, she sends an email using The Service. For any reason, Claire is
> the target of a surveillance operation - perhaps she is a journalist in
> an oppressive country or she is a whistleblower and is publishing
> anonymously. It turns out that The Service has been logging keystroke
> biometrics data from its users for a period of time - similar to how
> some US phone companies (ahem, Verizon) collected all phone call
> metadata/content for NSA over an extended period of time. At some point
> during that period, Claire had previously used an account on The Service
> linked with her real identity. If The Service was required by a
> government to do so or even wanted to do so themselves - they could
> compare all collected user keystroke biometric data to see that this
> anonymous account's biometric data is extremely similar to a previous
> user they had, and they can assume that this previous user and this
> anonymous user are one-in-the-same with a high degree of certainty. This
> is because it is very unlikely for two separate individuals to have the
> same keystroke biometrics, and even if a few people did, this would very
> greatly narrow the suspect pool. Even worse, if Claire had multiple
> anonymous identities on The Service, they could all at least be linked
> to one another, if not also her real identity. There is nothing stopping
> a company from collecting this data without a warrant or order because
> users willingly turn this data over by using that company's website or
> service. If Claire had been using Tails with some type of anti-keystroke
> biometric tool, her biometrics would have been randomized on her
> anonymous identity and could not have been linked back to her real
> identity.
>
> I understand that there may be some skepticism about this type of
> analysis. While there is not clear evidence of a company logging this
> type of data for this kind of purpose, it is not something out of the
> scope of realism now or in the near future. Additionally, there are
> instances today where we can observe companies logging some keystroke
> data - such as online payment processors not allowing credit card
> numbers to be pasted in number fields because not typing numbers in the
> field is a sign of credit card fraud. Also, we have no way to know if
> the global surveillance apparatus is logging keystroke data on its own
> and/or is forcing or requesting companies to do so in a similar manner
> to what the PRISM program accomplishes with NSA accessing Internet
> companies' stored data. If that was the case, the global surveillance
> apparatus forcing or requesting even just a few major companies to log
> and turn over keystroke biometrics data would encompass a very large
> amount of the Internet's usership. I would like you to think about if
> you have ever used a website or service at two different points in time
> on a non-anonymized identity and an anonymized identity whether that
> service required you to sign up for an account or not. Obviously, it
> need not be that you are using an account on a website for them to be
> able to store this type of data, but it would make it much easier for
> them to track such data across sessions.
>
> I feel that we must take a proactive approach on protecting user
> anonymity rather than a reactive one - especially when we are servicing
> operating systems and software to users that require a high-level of
> anonymity in very difficult situations. Including this type of
> obfuscation in Tails has benefits that greatly outweigh the negatives.
> This is something that very seriously needs to be considered by the dev
> team to be included in the near future. Lastly, I want to thank the dev
> team for their contributions.
> _______________________________________________
> Tails-dev mailing list
> Tails-dev@???
> https://www.autistici.org/mailman/listinfo/tails-dev
> To unsubscribe from this list, send an empty email to
> Tails-dev-unsubscribe@???.
>