Behavioral Profiling on Qubes?

Has there been any discussion regarding behavioral profiling using javascript which creates behvioral profiling using websites?

There is a plugin for chrome which attempts to inject random data into these javascript DOM functions:

but it’s not available for Tor unless Chrome store on Firefox is installed.

This is tracking the state of the issues on Qubes. It doesn’t appear to be working currently.

One could always use a hardware dongle to inject keystroke randomization. A basic Arduino would manage it.


There aren’t any Linux packages that could be installed in sys-usb? Something like interception-tools - ArchWiki

That or something like GitHub - sezanzeb/input-remapper: 🎮 ⌨ An easy to use tool to change the behaviour of your input devices.

A Raspi 4 should also work: GitHub - viggofalster/kiri: KIRI - Keyboard Interception, Remapping, and Injection using Raspberry Pi as an HID Proxy.

If you have some C skills, you should also be able to insert some random delay here:

(that should be qubes_drv mentioned in GUI virtualization | Qubes OS)

Is the Qubes GUI-VM available on R4.1? It’s not available on my version.

The GUI VM is available, but not by default. GUI domain | Qubes OS

Another option:

Use a USB keyboard with sys-usb to dom0 forwarding via qrexec.
Put qrexec-proxy [1] in between and use a plugin to delay the key strokes.

[1] GitHub - 3hhh/qubes-qrexec-proxy: Intransparent and modular Qubes OS qrexec proxy

Good replies, thanks

Which plugin do you recommend using?

Does the qrexec with a plugin option require the GUI domain? How would this be implemented in the GUI domain?

Which way is simpler to setup? qrexec-proxy with a plugin or SYS-GUI?

No, qrexec-proxy is unrelated to the GUI domain.

You’ll probably want to look into the streamline plugin.

A bit related to the topic, OpenSSH added support for keystroke time obfuscation


Caveman solution: have you considered doing all of your typing in your vault qube notepad and then just pasting it in? I do this for performance/reliability reasons but I guess it doubles as behavior profiling protection.

Damn police getting way too crafty ain’t they

1 Like