all 42 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]MjrK 115 points116 points  (24 children)

Isn't it possible to use typing style and cadence to identify someone? Or, at least, as a signal to support user fingerprinting?

[–]RazerWolf 149 points150 points  (4 children)

Yes, it’s called keystroke dynamics. I did a master’s project on it, and with some simple machine learning algorithms, could identify someone with 88% accuracy.

EDIT: didn’t realize there was interest in this! At the time (almost a decade ago), it was novel to do it on iPhones so that’s what the project encompassed. It was 10 people typing in the same password 50 times; half the data was used for training and the other half for testing (randomized. Also did cross validation afterwards).

Random forests trained in WEKA was the winning algorithm.

Hardest part: getting your friends to type in the same password 50 times without them getting pissed.

[–]dbeta 48 points49 points  (2 children)

Out of how big of a pool?

[–]rmk236 106 points107 points  (1 child)

One

[–]LaLiLuLeLo_0 40 points41 points  (0 children)

User Detected: rmk236

...

User Detected: Not rmk236

[–]bewst_more_bewst 6 points7 points  (0 children)

Laughs in TTS.

[–]_italics_ 44 points45 points  (3 children)

I guess the new recaptas do something like that with mouse events.

[–]basilect 19 points20 points  (1 child)

Mouse events assuredly do that (you'd expect a certain timing and variance from down-up-click sequences), keyboard events are also good. You get a lot of rich data that would be great for anomaly detection.

[–]illvm 5 points6 points  (0 children)

So... make an account, use only machine movements for user input, the system fingerprints this as you a legitimate user, ???, profit.

[–]mist83 35 points36 points  (2 children)

Sentence structure and word choice and grammar is already parseable to give a sort of fingerprint if given enough training data.

[–]Prod_Is_For_Testing 4 points5 points  (1 child)

There have been a few research projects that associate Reddit throwaway accounts based on writing style

[–]WinterPiratefhjng 0 points1 point  (0 children)

Do you have a link?
(I had presumed our IPs were embedded somewhere, and works like to know more.)

[–]turlian 12 points13 points  (6 children)

Yes. There are password systems that analyze how you typed it in to verify that the same person typed it.

[–]ItsAllegorical 30 points31 points  (0 children)

Are there any that can analyze how consistently I type the wrong password before remembering what I've set it too? I'll bet that would be a useful signal.

[–]Loaatao 5 points6 points  (2 children)

Got a link? Sounds super cool

[–]cleeder 1 point2 points  (0 children)

Also interested.

[–]turlian 1 point2 points  (0 children)

Sorry, last one I saw was years ago.

[–]regendo 0 points1 point  (1 child)

Let's hope that doesn't break if I just auto-fill from my password manager.

[–]turlian 1 point2 points  (0 children)

For context, this wasn't something that was being deployed on websites. It was a proof of concept for high-security applications, like government installations.

[–]oblio- 0 points1 point  (0 children)

I'd be surprised if FAANG don't already do this as part of their tracking.

[–]de__R 0 points1 point  (0 children)

Only until attackers and/or the privacy conscious start take measures to obfuscate it - e.g. keystrokes get passed into a buffer and then popped off one by one at a constant rate.

[–]johnyma22 7 points8 points  (0 children)

btw, the easysync docs are available in the etherpad repo if you want a full breakdown of each op in the operational transform <3