Mixed kloak anti keystroke / mice deanonymization tool package or better two separate packages?
38 views
Skip to first unread message
Patrick Schleizer
Jan 6, 2017, 1:50:48 PM1/6/17
to debian-...@lists.debian.org, pkg-privacy...@lists.alioth.debian.org, Whonix-devel, qubes...@googlegroups.com, vinm...@gmail.com
kloak is an anti keystroke deanonymization tool. [1] A major enhancement
for the privacy software ecosystem. It's new and currently called a
prototype. We're currently discussing it [2] with upstream, Debian
packaging it [3] [4].
Upstream might also in future provide a anti mice keystroke
deanonymization tool.
I am currently wondering if I should suggest to upstream to create two
separate packages for anti keyboard and anti mice deanonymization or if
a shared package with both tools would be better?
Keystroke deanonymization is a huge danger to privacy. This attack even
works if one is using Tor Browser. There is an impressive commercial
keystroke tracking demo. [5] Even if Tor Browser - one day - defeats
this attack, we still want to solve it for other software such as ssh.
Best regards,
Patrick
[1] https://github.com/vmonaco/kloak
[2] https://github.com/vmonaco/keystroke-obfuscation/issues/1
[3] https://github.com/vmonaco/kloak/issues/3
[4] https://github.com/vmonaco/kloak/pull/5
[5] https://www.keytrac.net/en/tryout
for the privacy software ecosystem. It's new and currently called a
prototype. We're currently discussing it [2] with upstream, Debian
packaging it [3] [4].
Upstream might also in future provide a anti mice keystroke
deanonymization tool.
I am currently wondering if I should suggest to upstream to create two
separate packages for anti keyboard and anti mice deanonymization or if
a shared package with both tools would be better?
Keystroke deanonymization is a huge danger to privacy. This attack even
works if one is using Tor Browser. There is an impressive commercial
keystroke tracking demo. [5] Even if Tor Browser - one day - defeats
this attack, we still want to solve it for other software such as ssh.
Best regards,
Patrick
[1] https://github.com/vmonaco/kloak
[2] https://github.com/vmonaco/keystroke-obfuscation/issues/1
[3] https://github.com/vmonaco/kloak/issues/3
[4] https://github.com/vmonaco/kloak/pull/5
[5] https://www.keytrac.net/en/tryout
Paul Wise
Jan 6, 2017, 8:17:33 PM1/6/17
to Patrick Schleizer, debian-...@lists.debian.org, pkg-privacy...@lists.alioth.debian.org, Whonix-devel, qubes...@googlegroups.com, vinm...@gmail.com
On Sat, Jan 7, 2017 at 2:50 AM, Patrick Schleizer wrote:
> kloak is an anti keystroke deanonymization tool. [1] A major enhancement
> for the privacy software ecosystem. It's new and currently called a
> prototype. We're currently discussing it [2] with upstream, Debian
> packaging it [3] [4].
Interesting project.
> kloak is an anti keystroke deanonymization tool. [1] A major enhancement
> for the privacy software ecosystem. It's new and currently called a
> prototype. We're currently discussing it [2] with upstream, Debian
> packaging it [3] [4].
> I am currently wondering if I should suggest to upstream to create two
> separate packages for anti keyboard and anti mice deanonymization or if
> a shared package with both tools would be better?
Adding joystick/touchscreen/etc anonymisation might be interesting too.
--
bye,
pabs
https://wiki.debian.org/PaulWise
Patrick Schleizer
Jan 6, 2017, 8:35:28 PM1/6/17
to Paul Wise, debian-...@lists.debian.org, pkg-privacy...@lists.alioth.debian.org, Whonix-devel, qubes...@googlegroups.com, vinm...@gmail.com
Paul Wise:
Okay.
I guess two binaries are fine. (One per keyboard, another one for mice.)
As well as two systemd unit files.
Would 'sudo systemctl mask kloak' be a good enough an option to
selectively disable that component etc.?
I guess two binaries are fine. (One per keyboard, another one for mice.)
As well as two systemd unit files.
Would 'sudo systemctl mask kloak' be a good enough an option to
selectively disable that component etc.?
Paul Wise
Jan 6, 2017, 8:40:05 PM1/6/17
to Patrick Schleizer, debian-...@lists.debian.org, pkg-privacy...@lists.alioth.debian.org, Whonix-devel, qubes...@googlegroups.com, vinm...@gmail.com
On Sat, 2017-01-07 at 01:35 +0000, Patrick Schleizer wrote:
> Would 'sudo systemctl mask kloak' be a good enough an option to
> selectively disable that component etc.?
That sounds reasonable to me, as long as it is documented.
> Would 'sudo systemctl mask kloak' be a good enough an option to
> selectively disable that component etc.?
Reply all
Reply to author
Forward
0 new messages