Do you have an estimated time for the results, and what method would you use for testing?
1 Like
The problem is mouse movement fingerprinting.
I use the forum by email and in my mail client it is very easy to search for all messages containing the phrase āmouse movement fingerprintingā. For the few years I have been on the forum, in my archive there have been only 2 users who use this exact phrase. The other one had the same writing style and topical fixation on āprivacyā (and āanti-privacy peopleā), āKloakā, and ādeep state user @unmanā.
Demanding from devs to report their āmoney or freedomā priorities while using their FOSS product is softly speaking inappropriate. The project accepts specific proposals for improvements through GitHub.
Besides the fact that Kloak is incompatible with Qubes, I donāt see anything Qubes-specific in this thread.
3 Likes
I still didnāt see at least an example where mouse movement fingerprinting prevention is important for privacy.
1 Like
Like any fingerprinting, the claim is that an adversary would be able to
use some characteristic to link your ultra secret private persona with
another persona bearing identifying information (eg that time you logged in
to Facebook, or GitHub, or your bank, or posted identifying information).
In this case the linking characteristic would be mouse movement
fingerprinting.
So if mouse movement fingerprinting could be used in this way it
would be able to be used to deanonymise.
It is far more likely that you would be deanonymised by simply making
mistakes - eg logging in to GitHub from the same qube and IP where you
had performed your secret hacking activities.
I never presume to speak for the Qubes team.
When I comment in the Forum I speak for myself.
2 Likes
I still didnāt see at least an example where mouse movement fingerprinting prevention is important for privacy.
1 Like
Thank you, thank you!, for all your many valuable contributions @unman !
vnc to mask input device timingsā¦ elegant mitigation!
And when asked āGot a guide for this?ā - you were patient enough
to kindly respond with a ten step guide and provide an easy way to
test efficacy and effectiveness.
No slight to Patrick, or anyone else, but I too
suspect that people who pressed for inclusion of kloak etc had not done these tests themselves.
Thanks again!
3 Likes
But youāre talking about anonymity and corporateblush was asking regarding privacy.
I think even if Iām not trying to be anonymous, mouse tracking is a huge privacy issue because my cursor telemetry leaks sensitive biological and psychological etc data.
Iām dying! it reminded me of Guardians of the galaxy āShe just told everyone your deepest, darkest secret! You must be so embarrassed! Do me, do me!ā 
3 Likes
By the way, am I the only one who confuses āplankretrieverā and ācorporateblushā? Just realized I totally swapped them around in my head when I was answering earlier
1 Like
Itās still much, much less than in real life, walking down the street, going to āTargetā (pun intended), not to talk about going to the airportā¦ But only if you compartmentalize carefully/. One dispVm per one target (pun intended) source/link/site.
It is funny to mention Facebook in the context of mouse movement fingerprints, while you already gave so many private data to be registered at all. Not to talk how pointless is even more to work there and to expect privacy, hahaha.
1 Like
My viewpoint on āanonymousā web browsing depends on your definition of anonymous. I see two major distinctions:
- My browsing can be tied directly to me. This means that they could know that person with name X who lives at location Y has browser Z.
- My browsing can be tied together, but not directly associated with me. User 1329 has browsed these sites. Based on this data, we have this advertisement profile built on them. We know theyāre probably in this demographic with these health concerns and interests.
IMO preventing 1 is achievable and 2 is a pipe dream. I view this as being able to separate personas via changing up your fingerprinting variables depending on use case. Browser setup X is used for banking, etc. this ends up tied to the real you. Browser setup Y is used for medical research. Browser setup Z is used for socials. Each of these ends up having their own tracked profile, but if youāre careful enough they donāt get linked together.
Iām not sure its feasible to do more than that. I feel thereās too many variables to confuse the systems by making enough people look the same. ofc, the opposite might be viable where you can change enough of the data points every request to prevent them from being linked.
Oh, and thereās also the fun side effect that using some of these technologies make you stick out like a sore thumb and probably get your traffic flagged and monitored by nation states. Whether that matters depends on your threat model.
1 Like
You tend to be the kind of person who talks without adding much to the conversation. It feels like the discussion started just to fill space, repeating what is already obvious. When you asked about mouse prediction examples, the other participant already showed them and you dismissed the point. The issue is not whether such fingerprints matter in this decade, or whether they deserve attention. Finding a fix matters more than opinions here. It is a genuine problem that needs addressing. The real discussion should focus on how to mitigate it instead of spending time convincing others about how anonymous and private everything should be.
1 Like
I addressed both examples. One is still conflating anonymity with privacy (already notified by other user), the other one I addressed as ridiculous regarding privacy. So, either ādeconflateā the first, or explain how will you save your privacy when working for Meta, even without them applying MMF.
I still havenāt seen a single threat model/goal that would justify avoiding MMF regarding privacy.
On the contrary, I recognize monolithic OS way of thinking, not even bothering to test what @unman kindly and patiently presented, and I am almost sure no one understanding Qubes OS will add anything else to that. You are the ones insisting blindly, actually.
This topicās subject is more for What would you like to see improved in Qubes OS?
It is not a goal per se. Give us a goal that is not already achievable regarding privacy, or I suspect nobody from the team will bother to ākloakā for the sake of ākloakingā.
So, please try not to slip into ad hominem, because I was very specific to whom Iām addressing my posts to. Look at it like memento mori.
Good luck with āresolvingā the issue. I wonāt bother you anymore. I didnāt realize I was that powerful.
1 Like
You are assuming I havenāt tested but I never said that. I explained to you that I donāt think thereās a good way to test it.
You havenāt explained what you tested. ācustom MLā can mean anything.
You have been very vague in this topic. So many posts have been because of the vague statements you made about assisted technologies.
Itās good you admit that those estimates are unreliable now.
You also end by saying relatively few will use use text based browsers. That means you will have a unique browser fingerprint.
You donāt get grouped up into just a general assisted technology fingerprint, you get grouped up into specifically the text based browser fingerprint. Every browser has a different fingerprint. And different configurations give different fingerprints.
I hope you can show us what this ācustom MLā is. And why do you think itās competitive to a production ready proprietary mouse movement fingerprinter big tech uses?
1 Like
This message is all in fun. But to add to your data
set mouse movement fingerprinting does seem of concern
to privacy people unwilling to trade money f or freedom.
Mod(s) please delete my message since I donāt see
anything Qubes-specific in my post. 
1 Like
Qubes already has this feature. It is called gui-events-max-delay.
2 Likes
Thanks for the link. But it clearly states, there is no effective protection against mouse fingerprinting:
Qubes event buffering uses a scheduling system that queues events as they arrive and tries to ensure no event is delayed longer than the set maximum delay value. Because pointing devices flood the queue with events when the pointer is moved, this usually results in almost all of the events involved in a pointer movement being delayed for exactly the maximum delay time. This removes almost all anonymizing jitter and may allow an adversary to fingerprint and identify the user via mouse movements even if Kloak or event buffering is being used.
(emphasis by me)
1 Like
I wonder what your idea of a browser fingerprint is.
Compare:
(A) Very unpopular: A single HTTP request (e.g. cURL) to download some web page. Connection closed.
(B) What most people do: Continuous HTTP requests through various JS, XHR, scrolling, moving, clicking, keep-alives, 3rt party connections, etc. You are āhiding in the crowdā of all others who do all that because they were told that not touching TB settings provided the best anonymity.
Which will be more identifying? And what exactly can be identified?
āSecureā or ānot secureā per se has no meaning. Security is evaluated in context. Email authentication and transport use the same encryption algorithms that other Internet protocols use, including Tor. You can encrypt the mail body with PGP.
The same applies to privacy and anonymity. There is no perfect anonymity, perfect privacy and all the rest of that utopian perfectionism. There is just a web page you visit and depending on what you want from that connection and what is required from you, you make your decisions.
1 Like
Im not sure it helps in the conversation but happy to share as im using two solutions that deals with the issues mentioned above.
- Portmaster with SPN exits
- Firefox with an extension named Chameleon
Both deals with privacy and ārandomised every x minutesā fingerprinting to a level that certain smudgy website (in special Cloudfare captcha) refuses to allow me access so im forced to create a separated once-off profile or abandon that website.
1 Like
I didnāt quite understand what you meant. What identities did you mean? Maybe you meant to say āidentifiersā? There is no purpose here to mingle with any other identities. The goal here is to ensure that the fingerprints do not match each other.
People, for the most part, use devices with their āworking handā. Therefore, the fingerprints that they left somewhere are the fingerprints of their working hand. Thatās why I recommend changing your hand and input device to work anonymously. Both should give a different fingerprint from the known one.
Also, as a variant, people can change their input device settings so that it imitates a slightly broken device behavior. It will add some additional, unusual, movements (so to speak ānoiseā) to the hand because user did not get used to the new settings yet. And to ensure that this never happens, he can change the settings again from time to time. So that you never get used to the new settings and again start to show the usual pattern of hand movements that was there before changing the settings. But I still prefer my first variant with different hand and device. Itās more reliable.
Not all people who vitally need anonymity use the services you listed. Let those who use it think about your question.
One way or another, I publicly presented my own, simple, but nevertheless, somehow effective methods of combating this fingerprinting.
1 Like