

Google +1 tracks mouse movements? - Gullanian
http://stackoverflow.com/questions/6667544/why-does-google-1-record-my-mouse-movements

======
tectonic
According to the link, this is being used as a source of entropy to generate
random numbers. Fascinating.

~~~
palish
Hah!

That's so simple, yet so brilliant.

~~~
obtino
Mouse movements have been long used as a source of entropy in desktop
applications.

~~~
shadowfox
Indeed. Putty's keygen thing has been using it for quite a long time for
example

~~~
snippyhollow
/dev/random too :) [http://www.mail-
archive.com/cryptography@c2.net/msg01708.htm...](http://www.mail-
archive.com/cryptography@c2.net/msg01708.html)

------
victoriussecret
I'm not sure how often research papers reflect reality, but Bing may be doing
this as well, according to this Microsoft Research paper:
<http://jeffhuang.com/Final_CursorBehavior_CHI11.pdf>

~~~
antics
This is a very good paper, but it seems to approach mouse tracking
specifically from the search perspective. Perhaps not extremely pertinent, but
still super interesting.

------
anon543
Google Analytics does it too, which makes approx. 85% of all web sites you
visit.

~~~
zobzu
adblock'd sites dont do it :)

------
Palomides
cute, but surely there are less intensive ways of generating random numbers?

~~~
glimcat
I've always been a fan of using electronic noise. It's not complicated to
build a device which does this. Weekend project to "hello world" scale if
you're not too picky about specifics.

Easiest way is probably with a webcam, which will also give you a pretty good
bitrate. The general schema is to read out the bias noise. You do this by
blocking out any incoming light to get dark noise + bias noise. Dark noise is
an assumed static shift due to CCD characteristics, so read N frames of this
and look for the median signal. Subtract that off and you've got the bias, or
at least something that's close enough for a weekend project.

Better version, start reading up on the math of noise sources in whatever
device you want to use for a sensor. Also do an analysis of N samples to see
how close the result comes to the expectation value given the type of noise
involved and what deviation is expected at N samples.

~~~
baddox
There's no way to deploy this over the web, unless you use Flash to acquire
their webcam video or audio.

~~~
glimcat
Packet latency, for example.

The general idea is that there are many noise sources which technology
normally needs to route around. To find random number sources, you reverse
this.

~~~
pilif
Even something as simple as packet latency is really hard to get from JS. the
timing functions you get from the browser are way too low resolution. Also the
only network latency you can test for is doing an xmlhttp request as that's
the only way o do any network communication (minus web sockets which arent
generally available)

Aside of that, you get no direct hardware access to measure and even if you
would, there is still the timer resolution problem.

Very recent browsers provide an API to get strong random numbers, but this is
even less widely available than web sockets.

So either you take the mouse movement or you use something like Java or Flash,
or you use bad numbers.

~~~
yid
> * the timing functions you get from the browser are way too low resolution.*

The JS time function returns epoch milliseconds, not seconds. At the scale of
network latency (hundreds if not thousands of milliseconds), the lower order
bits should be effectively uniformly distributed. Resolution isn't your
problem, the number of usable bits per network call is.

~~~
pilif
The problem is that the JS engines in browsers rely on not-so-sophisticated
APIs to get to their millisecond values. This means that yes, you do get time
in milliseconds, but the value is only updated every 40 to 100 ms

~~~
AshleysBrain
I think some browsers on Windows are using QueryPerformanceCounter for timing,
which has microsecond precision.

------
brianshumate
Seems like overall, it's definitely code to help thwart gaming of the +1
system, as there is already a cottage industry that offers (presumably)
automated +1 clicking services for money.

------
known
<http://www.ghostery.com/> prevents it

------
sundae79
Does the emperor wear any clothes?

