Sure, and what we show is this technology specifically, not everything else.

Yeah, implementations do not operate with FAR/FRR rates, they focus on giving a confidence score to you, the operator. Based on that you decide what to do. Typically you won't deny access to anyone punch drunk typing in username + password correctly, but you will flag all transactions for manual control as an example. Coursera, an online training provider uses it when you signup for an account, and when you hand in any tests you've done for scoring.

the source code is right there, in front of your closed eyes.

True & not true. The plugin randomizes (delays) the keypress inputs into the dom, you can change the values. We did consider doing everything constant as well as randomization. Difficult tradeoff. The main point is to lower/remove the risk of a profile being built and used.

Java & Javascript. NOT the same thing!

Everybody does it, so why not be part of the movement?

UK banks, large online training site in the US, as just 2 examples known to use this today.

Correct. There are also so many websites around where Javascript is required for the site to work. I wouldn't be surprised if quite a few Tor users allowed Javascript here and there. And it doesn't have to be done using Javascript either.

Valid points, lots of other features from your way of typing may aid in building an anonymous profile. Keystroke dynamics is just an addition to that, and the plugin blocks keystroke dynamics from being used to build & identify people (not browsers).

martas is correct.

Doesn't have to be Javascript, but being a very common thing around, its obviously the easy choice. Anything that can & will record & process your typing inside the DOM could to this afaik.

Lots of companies have products that allows you to do keystroke dynamics on their websites, and we've heard of several UK banks as an example actively using this today. Browsers are fairly uniquely fingerprinted. Keystroke dynamics fingerprints the HUMAN, so if you wipe all your cookies, change browser, change computer and change (IP) location, keystroke dynamics will still identify you.