Can Your Typing Style Be a Privacy Risk?


Person typing on the keyboard of the Acer Aspire Vero
Jason Montoya / How-To Geek

Your unique typing style, consisting of rhythm, speed, and pattern, can identify you when you’re anonymous, due to the use of keystroke biometrics. This technology, initially developed for authentication, could now be used for tracking purposes by marketing companies and even governments, making anonymity online increasingly challenging. Tools to prevent keyboard profiling are emerging, but awareness and careful consideration of your digital footprint are becoming more important than ever.

You probably don’t think much about how you type, but it might tell the world more about you than you think. In fact, your typing style by itself could be enough data to identify you when you think you’re anonymous.

Everyone Types a Little Differently

Think of how you type. Do you peck at the keys with two fingers, or have you mastered fluid ten-finger touch typing? Do you frequently use backspace, or are your words typed perfectly on the first try? I have a few words that I consistently mistype, the funniest of which is probably “minceraft” when I meant to write Minecraft, and you’re probably no different!

RELATED: Privacy vs. Security: What’s the Difference?

It turns out that everyone types a little differently, much like our handwriting styles. These idiosyncrasies in typing rhythm, speed, and pattern create a sort of ‘typing DNA,’ which is (for practical purposes) unique to each individual.

Keystroke Biometrics Already Exists

This might sound like a plot out of a dystopian novel, but the technology to measure these variations, known as keystroke biometrics (also, keystroke dynamics), already exists. Developed initially for authentication purposes, keystroke biometrics leverages advanced algorithms to analyze the unique aspects of a user’s typing behavior.

It’s designed to identify individuals based on their typing rhythm, speed, as well as the “dwell” time (how long a key is pressed) and “flight” time (the interval between pressing one key and the next). Don’t let the name fool you, either. Your mouse movements can also be included in the overall pattern, making the whole process even more accurate.

RELATED: Smartphone Keyboards Are a Privacy Nightmare

Keystroke biometrics is used as a layer of security in some sensitive industries where a password isn’t enough. In these scenarios, not only do you need to know the password, but you also have to type it in the same way as the original user.

I first encountered keystroke biometrics while working on projects to secure online university exams. The idea was that students couldn’t cheat by getting someone to write the exam for them. Since you had a previous sample of their typing style, you could compare it to the typing during the exam, and if they didn’t match, this signaled a need for further investigation.

That sounds like a pretty good idea, and it is. However, like all technology, this has a potential dark side.

How Keystroke Biometrics Could Be Used To Track You

Imagine being tracked across the web, not by cookies or your IP address, but by the way you type. Anywhere you type, be it an online forum, a social media platform, or an email, could become a source of data for trackers.

It wouldn’t matter if you were using Tor, or a VPN, or were behind seven proxies. They’d know it was you!

Internet marketing companies are constantly looking for more ways to understand their audience, and the unique typing style could provide a wealth of data. This could mean even more targeted advertising, or worse, the potential for more invasive data breaches.

There’s also the risk of state-level surveillance. Governments around the world have used various digital tracking methods for law enforcement and national security. If keystroke biometrics becomes a mainstream technology, it could lead to an entirely new level of surveillance where governments could potentially identify dissidents or whistleblowers based on their unique typing style.

All they’d need to do was implant the right software in a web page, monitor typing on public computers (with facial recognition), or infect someone’s computer with malware that does the same job. However they do it, once they have a sample of a person’s typing style, that person can never type on a computer again without potentially being identified.

It’s Not Just How You Write, But What

The implications of keystroke biometrics go beyond the rhythm and speed of your typing. It’s not just how you write, but what you write that could be analyzed for patterns and used to profile you.

The things we write about, our choice of words, the way we construct sentences contribute to a unique ‘writing style.’ This is another layer of information that could be used to identify us or make assumptions about our personality, political beliefs, and much more.

RELATED: 10 Google Account Privacy Settings to Change

The latest surge in AI that can analyze and replicate natural language to an astounding degree could mean a future where a computer program could spit out a probability that a specific document was written by you, which might be an even scarier prospect than being outed by your bad typing habits.

RELATED: What Is ChatGPT, and Why Is It Important?

What can anyone do? While it’s not a hot-button issue yet, some tools already claim to help prevent this sort of keyboard profiling. For example, the Keyboard Privacy Chrome extension promises to randomize when your keystrokes register, making keystroke profiling ineffective. We’re not endorsing this specific extension, merely highlighting it as a tool that has arisen in response to the problem.

Naturally, introducing any sort of tool like this creates its own potential for security issues (and browser extensions are a privacy nightmare). Perhaps one day, we’ll see such features built right into the OS or device, not unlike how Apple baked increased privacy and tracker blocking into iOS 14 and iOS 15 updates.

Should You Be Concerned?

So where does that leave you in the face of the for-now-theoretical threat that your typing style will be used to identify you? For most of us, that leaves us in the position of simply being more aware that everything we do online is part of a complex and personally identifiable fingerprint we create for ourselves.

And if you have something you want to share more anonymously with the best chance of wiping away the bit of fingerprint your typing and writing style creates, you may need to fight an algorithm with an algorithm. How? By using a generative AI to write the document or post you want to release anonymously, purposefully using a non-human writing pattern or style, while still reflecting what it is that you wanted to say.

In the early age of the internet, it might have been enough to use a different IP address and a different username or email address to maintain a substantial level of anonymity. But in the present, and certainly going forward, it is wise to assume that whatever you are doing or saying online can be now, or eventually with more advanced tools, linked back to you. So while we certainly wouldn’t encourage anyone to be needlessly terrified of posting anything online, we would encourage everyone never to assume anonymity and adjust their behavior accordingly based on the risk and privacy concerns they have about what they are sharing online.

Leave a Comment