Kloak is a privacy tool designed to obfuscate typing behavior at the device level, making keystroke biometrics less effective for user identification and impersonation. It targets users concerned about their typing patterns being used to track or impersonate them, offering a method to anonymize keystroke timing.

How It Works

Kloak operates by intercepting keyboard input events, specifically the time intervals between key press and release. It introduces a configurable random delay to these intervals before forwarding the events to the operating system via the uinput kernel module. This approach aims to disrupt the unique timing patterns that keystroke biometric systems rely on, thereby enhancing pseudo-anonymity.

Quick Start & Requirements

• Installation: Compile from source using make all. Alternatively, install via Whonix APT repository (sudo apt-get install kloak).
• Prerequisites: make, pkgconf-pkg-config, libsodium, libsodium-devel, libevdev, libevdev-devel (Fedora); devscripts, mk-build-deps (Debian). Requires root privileges to access device files.
• Setup: Compile and run as root (sudo ./kloak). Device files (/dev/input/eventX for input, /dev/uinput for output) may need to be specified.
• Docs: Whonix Kloak

Highlighted Details

• Obfuscates key press/release intervals to counter keystroke biometrics.
• Can be run as an application or a Linux service.
• Includes a rescue key combination (default: RShift + LShift + Esc) to exit if the keyboard becomes unresponsive.
• Offers a trade-off between privacy (delay) and application responsiveness.

Maintenance & Community

• Note: The original vmonaco/kloak repository is not actively maintained. The recommended and supported fork is by the Whonix team: Whonix/kloak.
• Support and development are primarily associated with Whonix.

Licensing & Compatibility

• The README does not explicitly state a license. However, the association with Whonix suggests a FOSS license, likely GPL-compatible, but verification is recommended.

Limitations & Caveats

• The project is not actively maintained by the original author.
• Does not protect against all forms of keystroke biometrics, particularly if the delay is too small, or if system-level key repeat rates are unique. Stylometry and higher-level cognitive behaviors (editing, application usage) are not addressed.