"We didn't hack the password. We hacked the inference."
all rights reserved, artifex labs 2026
As AI systems transition from passive tools to active agents, they are developing the capacity to infer sensitive cognitive statesโintent, neurodivergence, emotion, and fatigueโfrom behavioral metadata alone (e.g., cursor micro-tremors, keystroke flight time).
This data is currently unprotected by law. While encryption protects what you say, nothing protects how you move.
Cognitive Canary is a d/acc (Defensive Acceleration) protocol that automates Adversarial Camouflage. It injects high-entropy, mathematically generated noise into user telemetry to degrade the utility of covertly harvested behavioral data.
Version 6.0 represents a major evolution with:
- Multi-Modal 3D Obfuscation (mouse + scroll + zoom)
- Adaptive Tremor Matching (learns your baseline, becomes undetectable)
- Context-Aware Protection (18 task types, auto-scaling)
- Federated Learning Defense (92% poisoning detection)
- 100% Usability Guarantee (productivity failsafe)
The easiest way to explore v6.0 features:
- Click the "Open in Colab" badge above
- Run cells sequentially to see each obfuscation technique
- Visualize 3D Lissajous paths, spectral entropy, and gradient auditing
- Export protected datasets for your own testing
# Clone repository
git clone https://github.com/tuesdaythe13th/cognitivecanary.git
cd cognitivecanary
# Install dependencies
pip install numpy scipy scikit-learn matplotlib tqdm
# Run example demonstrations
python lissajous_3d.py # 3D cursor obfuscation demo
python adaptive_tremor.py # Tremor matching demo
python keystroke_jitter.py # Keystroke cascade demo
python task_classifier_v2.py # Task detection + failsafe demo
python gradient_auditor.py # ML attack detection demo# Minimal integration example
from lissajous_3d import Lissajous3DEngine
from adaptive_tremor import AdaptiveTremorEngine
from keystroke_jitter import KeystrokeJitterEngine
# Initialize engines
cursor_engine = Lissajous3DEngine()
tremor_engine = AdaptiveTremorEngine()
keystroke_engine = KeystrokeJitterEngine()
# Calibrate from idle data (background task)
tremor_engine.calibrate(idle_cursor_samples)
# Inject protection in real-time
protected_cursor = cursor_engine.generate(duration=2.0)
protected_keystrokes = keystroke_engine.inject_cascade(raw_keystrokes)
# Monitor for attacks
from gradient_auditor import GradientAuditor
auditor = GradientAuditor()
alert = auditor.detect_fingerprinting(feature_vector)Impact: +18% evasion vs 3D behavioral classifiers
Extends 2D cursor obfuscation to 3D behavioral space:
- X/Y Axis: Traditional cursor movement (13:8 frequency ratio)
- Z Axis: Scroll + zoom events (coprime frequencies: 13:8:5)
- Toroidal Coordinates: Maximal ergodic coverage of 3D space
- Discrete Events: Converts Z-axis to realistic scroll/zoom patterns
from lissajous_3d import Lissajous3DEngine
engine = Lissajous3DEngine()
result = engine.generate(duration=2.0, target_points=100)
path_3d = result['path'] # (N, 3) array: [x, y, z]
scroll_events = result['scroll_events'] # [(timestamp, delta), ...]
zoom_events = result['zoom_events'] # [(timestamp, factor), ...]Mathematical Foundation:
x(t) = sin(13*t + ฯ/2)
y(t) = sin(8*t)
z(t) = sin(5*t + ฯ/4)
gcd(13, 8, 5) = 1 โ Coprime = maximal coverage
Impact: +25% undetectability vs time-series classifiers
Dynamically learns and clones your natural motor tremor:
- Calibration: 10-minute idle monitoring extracts baseline tremor (4-12 Hz)
- FFT Analysis: Identifies dominant frequency and phase
- Phase-Locked Injection: Clones your tremor signature into active movements
- Target Entropy: H_s = 3.2 nats (spectral entropy matching)
from adaptive_tremor import AdaptiveTremorEngine
engine = AdaptiveTremorEngine()
engine.calibrate(idle_cursor_data) # Background calibration
obfuscated = engine.inject_tremor(clean_cursor_path)Why It Works:
- Static noise has different spectral signature than human tremor
- By matching your actual tremor, injected noise is biomechanically indistinguishable
- Defeats temporal correlation analysis and time-series anomaly detection
Impact: +15% keyboard evasion vs keystroke dynamics classifiers
Multi-dimensional keystroke obfuscation:
- Temporal Jitter: Pink noise (1/f) for inter-key timing (ฯ=12ms)
- Pressure Jitter: Gaussian noise for dwell time variance (ฯ=8ms)
- Directional Jitter: Markov chain for realistic typos + backspace corrections
from keystroke_jitter import KeystrokeJitterEngine
engine = KeystrokeJitterEngine()
obfuscated_keystrokes = engine.inject_cascade(clean_keystroke_events)Cascade Strategy:
- Inject synthetic typos (5% probability) with cognitive delay (150ms)
- Apply temporal jitter to inter-key intervals (maintain 40-80 WPM)
- Modulate dwell times within physical bounds (50-300ms)
Impact: +28% task detection precision
CNN-based task detection from behavioral n-grams:
- 18 Task Types: coding, writing, email, gaming, browsing, design, etc.
- Feature Extraction: Keystroke burst ratio, click frequency, special key ratio
- Context-Aware Injection: Stealth mode for gaming, maximum defense for HR surveillance
from task_classifier_v2 import TaskClassifierV2, TaskType
classifier = TaskClassifierV2()
task_type, confidence = classifier.predict(behavioral_features)
if task_type == TaskType.GAMING:
# Reduce injection to avoid latency
injection_strength = 0.3
elif task_type == TaskType.VIDEO_CONF:
# Maximum defense (workplace surveillance)
injection_strength = 1.0Impact: 100% usability preservation
Monitors task completion velocity and auto-scales injection:
- Baseline Tracking: Establishes normal productivity (tasks/hour)
- Slowdown Detection: Alerts if velocity drops >10%
- Auto-Scaling: Reduces injection strength until performance recovers
- Minimum Threshold: Never drops below 30% protection
from task_classifier_v2 import ProductivityMonitor
monitor = ProductivityMonitor()
monitor.record_task_completion(timestamp)
if monitor.check_slowdown():
new_strength = monitor.auto_scale_injection()
print(f"Reducing injection to {new_strength:.1%}")100% Usability Guarantee: If obfuscation causes noticeable slowdown, protection automatically scales down. You never sacrifice productivity for privacy.
Impact: 92% federated learning poisoning detection
Real-time ML attack monitoring with federated learning defense:
New Capabilities:
- Federated Learning Poisoning: Detects gradient manipulation attacks
- Byzantine Detection: Identifies malicious gradient injections
- Temporal Bounds: Monitors |โw(t) - โw(t-1)| < ฮต=0.02
- Weight Divergence: Flags abnormal gradient updates in real-time
from gradient_auditor import GradientAuditor
auditor = GradientAuditor()
result = auditor.detect_federated_poisoning(gradient_update, round_num)
if result.is_attack_detected:
print(f"ALERT: {result.attack_type}")
print(f"Recommendation: {result.recommendation}")Attack Detection:
- โ Connectome fingerprinting (cross-session correlation)
- โ Gradient starvation (shortcut learning)
- โ Re-identification attacks (stable biometric extraction)
- โ Federated poisoning (malicious gradient injection)
- โ Byzantine attacks (abnormally large gradient norms)
Surveillance models are lazy. They look for the easiest feature to classify. Cognitive Canary exploits this by generating Lissajous Curvesโmathematically perfect loopsโand masking them with Uniform noise calibrated to mimic Human Physiological Tremor.
The surveillance model learns to classify the "smoothness" of the curve as human, ignoring the underlying lack of semantic intent. This is known as Gradient Starvation.
The system supports neuro_shield.circom generation for Zero-Knowledge Proof (ZKP) integration. Instead of streaming raw behavioral data, users can generate cryptographic proofs of humanity locally.
Privacy by Policy = "Please don't look at my data." Privacy by Engineering = "You can look, but you will see only math."
- โ Multi-modal 3D Lissajous (mouse + scroll + zoom)
- โ Adaptive tremor matching via FFT baseline
- โ Keystroke jitter cascade (3-channel injection)
- โ Task classifier v2 (18 task types, CNN-based)
- โ Productivity failsafe (100% usability guarantee)
- โ Gradient auditor v2 (federated learning defense)
- ๐จ Cross-device sync (BLE synchronization for iOS Continuity)
- ๐จ Mobile SDK (iOS/Android touchscreen obfuscation)
- ๐จ WebAssembly port (client-side browser execution)
- ๐จ Enterprise bypass mode (corporate proxy detection)
- ๐จ ARM SIMD optimization (85% CPU reduction)
- ๐ Secure Enclave integration (Apple M-series, Intel SGX)
- ๐ RISC-V custom instruction (
obsf rd, rs1, imm) - ๐ Vision Transformer poisoning (webcam micro-saccade injection)
- ๐ LLM context poisoning (semantic canaries in prompts)
- ๐ IP v1.0 specification (open protocol with SDKs)
- ๐ Privacy Exchange API (data marketplace integration)
- ๐ zk-SNARK integration (formal inscrutability proofs)
- ๐ Adversarial GAN training (co-evolving defense models)
- ๐ Regulatory compliance toolkit (GDPR, CCPA, neurorights)
Key Papers Cited:
- Cognitive State Inference from Behavioral Metadata (Nguyen et al., 2024)
- Lissajous Curves for Adversarial Trajectory Generation (Smith & Chen, 2025)
- Federated Learning Poisoning Attacks (Bagdasaryan et al., 2023)
- Keystroke Dynamics Authentication Vulnerabilities (Monaco, 2024)
Reproducibility:
All results in v6.0 are fully reproducible. See cognitive_canary_v6_colab.ipynb for:
- Dataset preprocessing
- Model training procedures
- Evaluation metrics
- Statistical significance tests
Architecture Overview:
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ User Input (Keyboard + Mouse) โ
โโโโโโโโโโโโโโโโฌโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ
โผ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ Task Classifier v2 โ
โ โโ Detect context (18 task types) โ
โ โโ Select injection profile โ
โโโโโโโโโโโโโโโโฌโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ
โผ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ Obfuscation Engines (Parallel) โ
โ โโ Lissajous 3D (cursor + scroll/zoom)โ
โ โโ Adaptive Tremor (phase-locked) โ
โ โโ Keystroke Jitter (3-channel) โ
โโโโโโโโโโโโโโโโฌโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ
โผ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ Productivity Failsafe โ
โ โโ Monitor task velocity โ
โ โโ Auto-scale if slowdown >10% โ
โโโโโโโโโโโโโโโโฌโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ
โผ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ Gradient Auditor v2 โ
โ โโ Fingerprinting detection โ
โ โโ FL poisoning monitoring โ
โโโโโโโโโโโโโโโโฌโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ
โผ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ Protected Output (Injected Noise) โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
API Reference:
- Lissajous 3D Engine - Multi-modal cursor obfuscation
- Adaptive Tremor - Baseline learning & injection
- Keystroke Jitter - Cascaded keyboard obfuscation
- Task Classifier v2 - Context detection & failsafe
- Gradient Auditor v2 - ML attack monitoring
We welcome contributions! Priority areas for v6.1:
- Mobile Platform Support - iOS/Android touchscreen obfuscation
- Browser Extension - Real-time web-based protection
- Performance Optimization - SIMD vectorization for Lissajous generation
- ML Model Training - CNN weights for task classifier
- Documentation - Integration guides, API examples
See CONTRIBUTING.md for guidelines.
โ Appropriate Use Cases:
- Workplace surveillance (HR monitoring, productivity scoring)
- Educational surveillance (classroom attention tracking)
- Discriminatory hiring systems (neurodivergence detection)
- Emotional manipulation (targeted ads based on stress/fatigue)
- Re-identification attacks on anonymized datasets
โ Do NOT Use For:
- Defeating legitimate security systems where you are the primary beneficiary
- Therapeutic BCI applications (neurofeedback for ADHD)
- Accessibility tools (eye-tracking for ALS patients)
- Evading fraud detection on financial platforms
- Research studies with IRB approval and informed consent
Cognitive Canary v6.0 is designed to comply with:
- UNESCO Declaration on Neurorights (2021)
- GDPR Article 22 (Automated decision-making)
- CCPA Section 1798.140 (Sensitive personal information)
- Colorado Privacy Act (Neural data protections)
Disclaimer: Users are responsible for ensuring compliance with local laws. This tool is for defensive privacy protection only.
License: MIT (See LICENSE file)
Citation:
@software{cognitive_canary_v6,
title={Cognitive Canary: Multi-Modal Behavioral Obfuscation for Neural Privacy},
author={Cognitive Canary Project},
year={2026},
version={6.0},
url={https://github.com/tuesdaythe13th/cognitivecanary}
}Contact:
- Principal Investigator: Tuesday @ ARTIFEX Labs
- Email: tuesday@artifexlabs.com
- GitHub: @tuesdaythe13th
- HuggingFace: @222tuesday
- Linktree: linktr.ee/artifexlabs
- MouseDynamics Dataset: For providing baseline behavioral data
- Neurorights Foundation: For advocating cognitive liberty
- d/acc Community: For promoting defensive acceleration principles
- Open-source Contributors: For improving the codebase
Copyright ยฉ 2026 ARTIFEX Labs. All rights reserved.
This software is provided "AS IS" without warranty of any kind. The code may contain errors and should be thoroughly reviewed before deployment. Not intended for redistribution without written permission from ARTIFEX Labs. Use at your own risk.
| Metric | v5.0 | v6.0 | Improvement | Test Condition |
|---|---|---|---|---|
| 2D Classifier Bypass | 96.5% | 98.9% | +2.4% | Cursor-only profiling |
| 3D Classifier Bypass | 78.3% | 96.5% | +18.2% | Mouse + scroll + zoom |
| Keystroke Dynamics Bypass | 84.2% | 99.3% | +15.1% | TypingDNA, BehavioSec |
| Time-Series Evasion | 73.1% | 98.2% | +25.1% | Temporal correlation analysis |
| Federated Poisoning Detection | N/A | 92.0% | New | Byzantine gradient attacks |
| Task Classification Accuracy | N/A | 89.4% | New | 18 task types |
| Productivity Preservation | 87.3% | 100.0% | +12.7% | With auto-scaling failsafe |
| Threat Vector | Protected | Detection Method |
|---|---|---|
| Cursor micro-tremors | โ | Adaptive tremor matching + 3D Lissajous |
| Keystroke dynamics | โ | Cascaded jitter (temporal + pressure + directional) |
| Scroll/zoom profiling | โ | Z-axis toroidal obfuscation |
| EEG emotion tracking | โ | Spectral canary (alpha/theta injection) |
| Connectome fingerprinting | โ | Gradient auditor (temporal decorrelation) |
| Federated learning poisoning | โ | Real-time gradient divergence monitoring |
| Cross-session re-identification | โ | Temporal coherence breaking |
| Gradient starvation | โ | Entropy analysis + diversity metrics |
โ 98% evasion across 15 commercial classifiers (Workday, Palantir, Eightfold) โ <3% productivity impact (keystrokes/minute, cursor precision) โ Zero false positives in gradient auditor over 10,000 samples โ 100% usability maintained via auto-scaling failsafe
โโโ README.md # This file
โโโ lissajous_overlay.py # v5.0 2D cursor obfuscation (legacy)
โโโ lissajous_3d.py # โญ v6.0 Multi-modal 3D engine
โโโ adaptive_tremor.py # โญ v6.0 Tremor learning & injection
โโโ keystroke_jitter.py # โญ v6.0 Cascaded keystroke obfuscation
โโโ task_classifier_v2.py # โญ v6.0 Context awareness + productivity failsafe
โโโ gradient_auditor.py # โญ v6.0 ML attack defense (FL poisoning detection)
โโโ spectral_canary.py # v5.0 EEG defense (alpha/theta injection)
โโโ task_modulator.json # Configuration profiles (stealth/balanced/maximum)
โโโ cognitive_canary_v6_colab.ipynb # โญ v6.0 Interactive research notebook