Click bait: Tor users can be tracked by mouse movements

© Gleb Garanich
The way you move your mouse is unique, like fingerprints, and can be used by dark forces to track you on supposedly anonymous and secure networks like Tor, according to a Barcelona researcher.

Jose Carlos Norte discovered the snooping method in recent weeks.

“I have been able to fingerprint Tor browser users in controlled environments and I think it could be interesting to share all the findings for further discussion and to improve Tor browser,” he said on his website.

Using Javascript, a hacker could identify a user based on the movements in their mouse as Tor uses the programming language by default.

Networks such as Tor are vital resources for those wishing to use the internet securely like whistleblowers, journalists, and political dissidents.

Tor previously countered fingerprinting methods like analyzing local time, operating systems, and fonts through updates.

Norte was able to show the unique data a user creates through their mouse.

“It is easy to fingerprint users using Tor browser to track their activity online and correlate their visits to different pages,” he said.

Mouse wheel information contains scrolling speed, distance, and hardware used.

Mouse speed fingerprinting reveals how a cursor moves across the page, which is controlled by the operating system and hardware.

While the method has some limitations, like the variation of mouse movements based on different devices, there is scope to build an even more advanced method of tracking users through mouse movement.

A recent study showed users’ moods can be detected based on mouse clicks. A frustrated or annoyed mouse user will take larger and slower mouse movements. The scientists were able to detect negative emotions with 82 percent accuracy.  

The solution to mouse fingerprinting is to deactivate Javascript altogether, although Tor is likely to address the issue, based on recent bug reports.