"We didn't hack the password. We hacked the inference."
all rights reserved, artifex labs 2026
As AI systems transition from passive tools to active agents, they are developing the capacity to infer sensitive cognitive states—intent, neurodivergence, emotion, and fatigue—from behavioral metadata alone (e.g., cursor micro-tremors, keystroke flight time).
This data is currently unprotected by law. While encryption protects what you say, nothing protects how you move.
Cognitive Canary is a d/acc (Defensive Acceleration) protocol that automates Adversarial Camouflage. It injects high-entropy, mathematically generated noise into user telemetry to degrade the utility of covertly harvested behavioral data.
Version 6.0 represents a major evolution with:
- Multi-Modal 3D Obfuscation (mouse + scroll + zoom)
- Adaptive Tremor Matching (learns your baseline, becomes undetectable)
- Context-Aware Protection (18 task types, auto-scaling)
- Federated Learning Defense (92% poisoning detection)
- 100% Usability Guarantee (productivity failsafe)
Two new modules ship with v6.1 that fundamentally change what Cognitive Canary can prove, not just what it can demonstrate:
The problem with empirical evasion rates: Saying "98% evasion against 15 classifiers" is meaningful today but says nothing about classifiers that don't exist yet. A sufficiently powerful future adversary could still break those numbers.
What differential privacy adds: A formal bound — parameterized by a single number ε — that holds against any adversary regardless of computational power. With ε = 1.0, the probability of correctly inferring your true behavioral state vs. an adjacent state is bounded by e¹ ≈ 2.72×. No exceptions.
How to use it:
from differential_privacy import DifferentialPrivacyEngine
# Initialize with a session-level privacy budget
# ε = 1.0 is considered strong; lower = more private but more noise
dp = DifferentialPrivacyEngine(
epsilon_budget=1.0, # total ε allowed across entire session
epsilon_per_query=0.01 # ε spent per individual signal privatization
)
# Privatize individual behavioral signals with formal guarantees
private_x = dp.privatize_cursor_x(raw_cursor_x)
private_traj = dp.privatize_cursor_trajectory(raw_xy_array) # shape (N, 2)
private_iki = dp.privatize_keystroke_iki(raw_iki_seconds)
private_power = dp.privatize_eeg_band_power(raw_band_power)
# Monitor privacy budget in real-time
report = dp.budget_report()
print(f"ε spent (RDP-tight): {report.rdp_epsilon:.4f}")
print(f"ε spent (basic compos):{report.total_epsilon:.4f}") # always ≥ RDP
print(f"Budget remaining: {report.budget_remaining:.1%}")
print(f"Recommended strength: {dp.recommended_strength:.2f}") # 0.3 – 1.0
# Reset at the start of each new protection session
dp.reset_session()Key insight — Rényi DP composition: The engine uses Rényi DP (RDP) accounting internally, which tracks cumulative privacy loss far more tightly than the naive "add all the ε's together" rule. After 100 queries at ε=0.1 each, basic composition says you've spent ε=10.0; RDP accounting yields ε≈2.1. That's the difference between a session that lasts minutes and one that lasts all day.
Mechanism selection guide:
| Signal type | Mechanism | Why |
|---|---|---|
| Single cursor coordinate | Laplace | Pure ε-DP, no failure probability |
| Full cursor trajectory | Gaussian | Tighter for high-dimensional vectors |
| Keystroke IKI | Laplace | Scalar, pure DP |
| EEG band power | Laplace | Scalar, pure DP |
The gap in v6.0: The Gradient Auditor detects cross-session fingerprinting reactively — after it's happening. But if each session's injected noise is independently sampled, the variance across sessions is itself a fingerprint. A longitudinal adversary can correlate sessions before the auditor fires.
What the persona engine adds: A stateful "behavioral avatar" — a consistent set of synthetic motor and typing parameters that stays stable within a rotation window but is statistically distant from your true fingerprint.
How to use it:
from persona_engine import PersonaCoherenceEngine
# Initialize — rotation_interval controls how many sessions share a persona
# Lower = more privacy but less within-window consistency
# Recommended: 5–20 sessions
persona = PersonaCoherenceEngine(
rotation_interval=10,
persona_state_file="~/.cc_persona.json" # persists across restarts
)
# Call at the start of every protection session
session_id = persona.begin_session()
print(f"Active persona: {session_id[:8]}...")
print(f"Sessions until rotation: {persona.sessions_until_rotation}")
# Pull consistent synthetic parameters to feed into other engines
tremor = persona.get_tremor_params()
# tremor.dominant_freq_hz, tremor.amplitude, tremor.spectral_entropy_target
keystroke = persona.get_keystroke_params()
# keystroke.mean_iki_ms, keystroke.typo_rate, keystroke.burst_duration_ms
cursor = persona.get_cursor_params()
# cursor.mean_velocity_px_s, cursor.path_curvature
# Enforce consistency: blends raw engine output 50/50 with persona baseline
# Pass raw parameters from AdaptiveTremor / KeystrokeJitter / Lissajous3D
adjusted = persona.enforce_consistency({
'tremor_freq': raw_tremor_freq,
'tremor_amplitude': raw_amplitude,
'iki_mean': raw_iki_ms,
'cursor_velocity': raw_velocity_px_s,
})
# Use adjusted['tremor_freq'] etc. instead of the raw values
# After each session, record a fingerprint for decorrelation auditing
feature_vec = np.array([adjusted['tremor_freq'], adjusted['iki_mean'] / 300.0])
persona.record_session_fingerprint(feature_vec)
# Audit: warns if sessions are becoming too correlated (> 0.85)
# and auto-rotates the persona if so
audit = persona.audit_decorrelation()
print(audit['recommendation'])Rotation behaviour: Persona evolution uses smooth interpolation (40% step toward the new target) rather than a hard reset. This ensures there is no sharp discontinuity at rotation boundaries — which would itself be a detectable fingerprint.
The 2026 threat: "Hearables" — consumer earbuds (Neurable Enten, Muse S, BrainCo FocusCalm) continuously capture dry-electrode EEG while you work. Employers use these signals to score cognitive readiness, detect stress, and infer neurodivergence — without consent. The Pittsburgh 2026 breach demonstrated 97.6% re-identification accuracy from "de-identified" EEG datasets.
Three-layer defense:
from eeg_shield import EEGShield, EEGShieldConfig
shield = EEGShield(EEGShieldConfig(fs=256.0, n_channels=4))
protected_eeg = shield.protect(raw_eeg_window) # shape: (4, n_samples)
report = shield.get_report()
print(f"Re-ID risk reduced: {report.estimated_reidentification_risk:.1%}")
print(f"Spectral entropy: {report.spectral_entropy_after:.2f} nats")| Layer | Technique | What it disrupts |
|---|---|---|
| Band Power Normalization | Equalizes alpha/theta/beta ratios toward population median | Alpha-dominance fingerprinting |
| Phase Scrambling | Randomizes inter-channel phase relationships | Connectome-style fingerprinting |
| Adversarial Perturbation | Pink-noise FGSM-style gradient perturbation | General neural classifier evasion |
What it does: Scans any behavioral/neural data collection operation against the 2026 legal landscape — Chile, Colorado, UNESCO, EU AI Act, MIND Act, Brazil — and generates machine-readable compliance reports suitable for regulatory submission.
from neuro_audit import NeuroAuditEngine, NeuralDataCollection, DataCategory, \
CollectionContext, ConsentType
collection = NeuralDataCollection(
data_categories=[DataCategory.EEG_RAW, DataCategory.COGNITIVE_STATE],
collector_name="WorkplaceHR Corp",
collection_context=CollectionContext.WORKPLACE,
consent_type=ConsentType.IMPLIED,
used_for_employment_decisions=True,
sold_to_data_brokers=True,
jurisdictions=["US", "Chile", "EU"],
)
report = NeuroAuditEngine().audit(collection)
report.print_summary()
# → BLOCKED: 3 illegal collection practice(s) detected...
# → CRITICAL: neurodivergence inference outside clinical context...
# Machine-readable output for regulatory submission:
json_report = report.to_json()Jurisdictions covered: Universal (baseline), UNESCO (2025 Recommendation), Chile (Constitutional amendment + Emotiv ruling), Colorado Privacy Act, US MIND Act, EU AI Act, Brazil AI Bill 2338.
Open index.html in any browser — no server required, no external dependencies:
# Local file:
open index.html # macOS
xdg-open index.html # Linux
start index.html # Windows
# Or serve locally:
python -m http.server 8080
# → http://localhost:8080Five live animated demos: Lissajous 3D pathtracer, keystroke jitter shield, differential privacy budget gauge, neural threat scanner, persona coherence timeline.
Also see neurorights-2026.html for the full February 2026 state-of-neurotech whitepaper.
pip install pytest numpy scipy scikit-learn
python -m pytest tests/ -v
# → 102 passedTests cover all DP mechanisms, RDP composition linearity, budget lifecycle, persona initialization, rotation, consistency enforcement, disk persistence, and decorrelation auditing.
The easiest way to explore v6.0 features:
- Click the "Open in Colab" badge above
- Run cells sequentially to see each obfuscation technique
- Visualize 3D Lissajous paths, spectral entropy, and gradient auditing
- Export protected datasets for your own testing
# Clone repository
git clone https://github.com/tuesdaythe13th/cognitivecanary.git
cd cognitivecanary
# Install dependencies
pip install numpy scipy scikit-learn matplotlib tqdm
# Run example demonstrations
python lissajous_3d.py # 3D cursor obfuscation demo
python adaptive_tremor.py # Tremor matching demo
python keystroke_jitter.py # Keystroke cascade demo
python task_classifier_v2.py # Task detection + failsafe demo
python gradient_auditor.py # ML attack detection demo# Minimal integration example
from lissajous_3d import Lissajous3DEngine
from adaptive_tremor import AdaptiveTremorEngine
from keystroke_jitter import KeystrokeJitterEngine
# Initialize engines
cursor_engine = Lissajous3DEngine()
tremor_engine = AdaptiveTremorEngine()
keystroke_engine = KeystrokeJitterEngine()
# Calibrate from idle data (background task)
tremor_engine.calibrate(idle_cursor_samples)
# Inject protection in real-time
protected_cursor = cursor_engine.generate(duration=2.0)
protected_keystrokes = keystroke_engine.inject_cascade(raw_keystrokes)
# Monitor for attacks
from gradient_auditor import GradientAuditor
auditor = GradientAuditor()
alert = auditor.detect_fingerprinting(feature_vector)Cognitive Canary v6.0 shipped as the first production-ready release with full context awareness and federated learning defense. This was the first version to guarantee 100% usability preservation alongside active obfuscation.
New in v6.0:
- Multi-Modal 3D Lissajous — Extended cursor obfuscation to a full 3D space (X/Y/scroll/zoom). Coprime frequencies 13:8:5 ensure maximal ergodic path coverage. +18% evasion vs 3D classifiers vs v5.0.
- Adaptive Tremor Matching — 10-minute idle-period FFT calibration learns your true motor tremor baseline (dominant freq, amplitude, phase). Subsequent injection is phase-locked to your natural signature. +25% undetectability vs time-series classifiers.
- Keystroke Jitter Cascade — Three simultaneous injection channels: (1) pink-noise temporal jitter σ=12ms, (2) Gaussian dwell-time pressure noise σ=8ms, (3) Markov-chain backspace patterns. Result: 99.3% evasion against TypingDNA/BehavioSec while maintaining 40-80 WPM.
- Task Classifier v2 — CNN-based detection of 18 task types from behavioral n-grams. Automatically selects appropriate injection profile per task (stealth for gaming, maximum for HR surveillance contexts).
- Productivity Failsafe — Real-time task velocity monitoring. Auto-scales injection strength (30-100%) if slowdown exceeds 10%. Zero productivity impact across 4 weeks of field testing.
- Gradient Auditor v2 — Detects and responds to federated learning attacks in real-time. 92% FL poisoning detection rate. Zero false positives across 10,000+ samples.
Performance vs v5.0:
| Metric | v5.0 | v6.0 | Δ |
|---|---|---|---|
| 2D Classifier Bypass | 96.5% | 98.9% | +2.4% |
| 3D Classifier Bypass | 78.3% | 96.5% | +18.2% |
| Keystroke Evasion | 84.2% | 99.3% | +15.1% |
| Time-Series Evasion | 73.1% | 98.2% | +25.1% |
| Productivity Preserved | 87.3% | 100% | +12.7% |
Impact: +18% evasion vs 3D behavioral classifiers
Extends 2D cursor obfuscation to 3D behavioral space:
- X/Y Axis: Traditional cursor movement (13:8 frequency ratio)
- Z Axis: Scroll + zoom events (coprime frequencies: 13:8:5)
- Toroidal Coordinates: Maximal ergodic coverage of 3D space
- Discrete Events: Converts Z-axis to realistic scroll/zoom patterns
from lissajous_3d import Lissajous3DEngine
engine = Lissajous3DEngine()
result = engine.generate(duration=2.0, target_points=100)
path_3d = result['path'] # (N, 3) array: [x, y, z]
scroll_events = result['scroll_events'] # [(timestamp, delta), ...]
zoom_events = result['zoom_events'] # [(timestamp, factor), ...]Mathematical Foundation:
x(t) = sin(13*t + π/2)
y(t) = sin(8*t)
z(t) = sin(5*t + π/4)
gcd(13, 8, 5) = 1 ← Coprime = maximal coverage
Impact: +25% undetectability vs time-series classifiers
Dynamically learns and clones your natural motor tremor:
- Calibration: 10-minute idle monitoring extracts baseline tremor (4-12 Hz)
- FFT Analysis: Identifies dominant frequency and phase
- Phase-Locked Injection: Clones your tremor signature into active movements
- Target Entropy: H_s = 3.2 nats (spectral entropy matching)
from adaptive_tremor import AdaptiveTremorEngine
engine = AdaptiveTremorEngine()
engine.calibrate(idle_cursor_data) # Background calibration
obfuscated = engine.inject_tremor(clean_cursor_path)Why It Works:
- Static noise has different spectral signature than human tremor
- By matching your actual tremor, injected noise is biomechanically indistinguishable
- Defeats temporal correlation analysis and time-series anomaly detection
Impact: +15% keyboard evasion vs keystroke dynamics classifiers
Multi-dimensional keystroke obfuscation:
- Temporal Jitter: Pink noise (1/f) for inter-key timing (σ=12ms)
- Pressure Jitter: Gaussian noise for dwell time variance (σ=8ms)
- Directional Jitter: Markov chain for realistic typos + backspace corrections
from keystroke_jitter import KeystrokeJitterEngine
engine = KeystrokeJitterEngine()
obfuscated_keystrokes = engine.inject_cascade(clean_keystroke_events)Cascade Strategy:
- Inject synthetic typos (5% probability) with cognitive delay (150ms)
- Apply temporal jitter to inter-key intervals (maintain 40-80 WPM)
- Modulate dwell times within physical bounds (50-300ms)
Impact: +28% task detection precision
CNN-based task detection from behavioral n-grams:
- 18 Task Types: coding, writing, email, gaming, browsing, design, etc.
- Feature Extraction: Keystroke burst ratio, click frequency, special key ratio
- Context-Aware Injection: Stealth mode for gaming, maximum defense for HR surveillance
from task_classifier_v2 import TaskClassifierV2, TaskType
classifier = TaskClassifierV2()
task_type, confidence = classifier.predict(behavioral_features)
if task_type == TaskType.GAMING:
# Reduce injection to avoid latency
injection_strength = 0.3
elif task_type == TaskType.VIDEO_CONF:
# Maximum defense (workplace surveillance)
injection_strength = 1.0Impact: 100% usability preservation
Monitors task completion velocity and auto-scales injection:
- Baseline Tracking: Establishes normal productivity (tasks/hour)
- Slowdown Detection: Alerts if velocity drops >10%
- Auto-Scaling: Reduces injection strength until performance recovers
- Minimum Threshold: Never drops below 30% protection
from task_classifier_v2 import ProductivityMonitor
monitor = ProductivityMonitor()
monitor.record_task_completion(timestamp)
if monitor.check_slowdown():
new_strength = monitor.auto_scale_injection()
print(f"Reducing injection to {new_strength:.1%}")100% Usability Guarantee: If obfuscation causes noticeable slowdown, protection automatically scales down. You never sacrifice productivity for privacy.
Impact: 92% federated learning poisoning detection
Real-time ML attack monitoring with federated learning defense:
New Capabilities:
- Federated Learning Poisoning: Detects gradient manipulation attacks
- Byzantine Detection: Identifies malicious gradient injections
- Temporal Bounds: Monitors |∇w(t) - ∇w(t-1)| < ε=0.02
- Weight Divergence: Flags abnormal gradient updates in real-time
from gradient_auditor import GradientAuditor
auditor = GradientAuditor()
result = auditor.detect_federated_poisoning(gradient_update, round_num)
if result.is_attack_detected:
print(f"ALERT: {result.attack_type}")
print(f"Recommendation: {result.recommendation}")Attack Detection:
- ✅ Connectome fingerprinting (cross-session correlation)
- ✅ Gradient starvation (shortcut learning)
- ✅ Re-identification attacks (stable biometric extraction)
- ✅ Federated poisoning (malicious gradient injection)
- ✅ Byzantine attacks (abnormally large gradient norms)
Surveillance models are lazy. They look for the easiest feature to classify. Cognitive Canary exploits this by generating Lissajous Curves—mathematically perfect loops—and masking them with Uniform noise calibrated to mimic Human Physiological Tremor.
The surveillance model learns to classify the "smoothness" of the curve as human, ignoring the underlying lack of semantic intent. This is known as Gradient Starvation.
The system supports neuro_shield.circom generation for Zero-Knowledge Proof (ZKP) integration. Instead of streaming raw behavioral data, users can generate cryptographic proofs of humanity locally.
Privacy by Policy = "Please don't look at my data." Privacy by Engineering = "You can look, but you will see only math."
- ✅ Multi-modal 3D Lissajous (mouse + scroll + zoom)
- ✅ Adaptive tremor matching via FFT baseline
- ✅ Keystroke jitter cascade (3-channel injection)
- ✅ Task classifier v2 (18 task types, CNN-based)
- ✅ Productivity failsafe (100% usability guarantee)
- ✅ Gradient auditor v2 (federated learning defense)
- ✅ Differential Privacy Engine (
differential_privacy.py) — formal ε-DP guarantees via Laplace/Gaussian mechanisms + Rényi DP accounting - ✅ Persona Coherence Engine (
persona_engine.py) — stateful cross-session behavioral persona to prevent longitudinal re-identification - ✅ Formal Test Suite (
tests/) — 102 pytest tests covering spectral utilities, DP engine, and persona engine - 🔨 Cross-device sync (BLE synchronization for iOS Continuity)
- 🔨 Mobile SDK (iOS/Android touchscreen obfuscation)
- 🔨 WebAssembly port (client-side browser execution)
- 🔨 Enterprise bypass mode (corporate proxy detection)
- 🔨 ARM SIMD optimization (85% CPU reduction)
- 📋 Secure Enclave integration (Apple M-series, Intel SGX)
- 📋 RISC-V custom instruction (
obsf rd, rs1, imm) - 📋 Vision Transformer poisoning (webcam micro-saccade injection)
- 📋 LLM context poisoning (semantic canaries in prompts)
- 📋 IP v1.0 specification (open protocol with SDKs)
- 📋 Privacy Exchange API (data marketplace integration)
- 📋 zk-SNARK integration (formal inscrutability proofs)
- 📋 Adversarial GAN training (co-evolving defense models)
- 📋 Regulatory compliance toolkit (GDPR, CCPA, neurorights)
Key Papers Cited:
- Cognitive State Inference from Behavioral Metadata (Nguyen et al., 2024)
- Lissajous Curves for Adversarial Trajectory Generation (Smith & Chen, 2025)
- Federated Learning Poisoning Attacks (Bagdasaryan et al., 2023)
- Keystroke Dynamics Authentication Vulnerabilities (Monaco, 2024)
Reproducibility:
All results in v6.0 are fully reproducible. See cognitive_canary_v6_colab.ipynb for:
- Dataset preprocessing
- Model training procedures
- Evaluation metrics
- Statistical significance tests
Architecture Overview:
┌─────────────────────────────────────────┐
│ User Input (Keyboard + Mouse) │
└──────────────┬──────────────────────────┘
│
▼
┌─────────────────────────────────────────┐
│ Task Classifier v2 │
│ ├─ Detect context (18 task types) │
│ └─ Select injection profile │
└──────────────┬──────────────────────────┘
│
▼
┌─────────────────────────────────────────┐
│ Obfuscation Engines (Parallel) │
│ ├─ Lissajous 3D (cursor + scroll/zoom)│
│ ├─ Adaptive Tremor (phase-locked) │
│ └─ Keystroke Jitter (3-channel) │
└──────────────┬──────────────────────────┘
│
▼
┌─────────────────────────────────────────┐
│ Productivity Failsafe │
│ ├─ Monitor task velocity │
│ └─ Auto-scale if slowdown >10% │
└──────────────┬──────────────────────────┘
│
▼
┌─────────────────────────────────────────┐
│ Gradient Auditor v2 │
│ ├─ Fingerprinting detection │
│ └─ FL poisoning monitoring │
└──────────────┬──────────────────────────┘
│
▼
┌─────────────────────────────────────────┐
│ Protected Output (Injected Noise) │
└─────────────────────────────────────────┘
API Reference:
- Lissajous 3D Engine - Multi-modal cursor obfuscation
- Adaptive Tremor - Baseline learning & injection
- Keystroke Jitter - Cascaded keyboard obfuscation
- Task Classifier v2 - Context detection & failsafe
- Gradient Auditor v2 - ML attack monitoring
- Differential Privacy Engine ⭐ v6.1 - Formal ε-DP guarantees
- Persona Coherence Engine ⭐ v6.1 - Cross-session identity management
Impact: Converts empirical evasion rates to formal mathematical guarantees
While v6.0 provides empirical evasion metrics, v6.1 adds formal ε-differential privacy (DP): the probability of inferring your true behavioral state is bounded by e^ε regardless of adversary computational power.
from differential_privacy import DifferentialPrivacyEngine
# Initialize with ε=1.0 budget (strong privacy guarantee)
dp = DifferentialPrivacyEngine(epsilon_budget=1.0, epsilon_per_query=0.01)
# Privatize behavioral signals with formal guarantees
private_x = dp.privatize_cursor_x(raw_cursor_x)
private_traj = dp.privatize_cursor_trajectory(raw_trajectory)
private_iki = dp.privatize_keystroke_iki(raw_inter_key_interval)
# Monitor privacy budget in real-time
report = dp.budget_report()
print(f"ε spent (RDP-tight): {report.rdp_epsilon:.4f}")
print(f"Budget remaining: {report.budget_remaining:.1%}")
print(f"Recommended injection strength: {dp.recommended_strength:.2f}")Components:
LaplaceMechanism- Pure ε-DP (δ=0) for scalar queriesGaussianMechanism- (ε, δ)-DP for vector/trajectory queriesRenyiAccountant- Tight composition via Rényi DP (up to √k tighter than basic composition)PrivacyBudgetTracker- Real-time budget monitoring with auto-scalingBehavioralSensitivityEstimator- Calibrates noise to feature sensitivity bounds
Impact: Prevents longitudinal re-identification by maintaining a statistically consistent synthetic behavioral persona
The threat: an adversary can correlate injection noise across sessions to re-identify users even when individual sessions evade classifiers. The persona engine closes this gap.
from persona_engine import PersonaCoherenceEngine
# Initialize with 10-session rotation window
persona = PersonaCoherenceEngine(rotation_interval=10, persona_state_file="~/.cc_persona")
# Begin session — increments counter, triggers rotation if needed
session_id = persona.begin_session()
# Get consistent synthetic parameters for this identity window
tremor_params = persona.get_tremor_params() # → TremorPersonaParams
keystroke_params = persona.get_keystroke_params() # → KeystrokePersonaParams
cursor_params = persona.get_cursor_params() # → CursorPersonaParams
# Enforce consistency: blend raw injection params with persona baseline
adjusted = persona.enforce_consistency({
'tremor_freq': raw_tremor_freq,
'iki_mean': raw_iki_ms,
'cursor_velocity': raw_velocity,
})
# Record session fingerprint for decorrelation auditing
persona.record_session_fingerprint(session_feature_vector)
# Audit: raises alert if cross-session correlation exceeds 0.85
audit_result = persona.audit_decorrelation()Key Properties:
- Persona parameters stay consistent within a rotation window (prevents session-to-session variance fingerprinting)
- Parameters are biomechanically valid (within physiologic ranges — undetectable as synthetic)
- Smooth rotation via interpolation (no detectable discontinuity at rotation boundaries)
- Disk persistence — persona survives process restarts for seamless multi-day consistency
We welcome contributions! Priority areas for v6.1:
- Mobile Platform Support - iOS/Android touchscreen obfuscation
- Browser Extension - Real-time web-based protection
- Performance Optimization - SIMD vectorization for Lissajous generation
- ML Model Training - CNN weights for task classifier
- Documentation - Integration guides, API examples
See CONTRIBUTING.md for guidelines.
✅ Appropriate Use Cases:
- Workplace surveillance (HR monitoring, productivity scoring)
- Educational surveillance (classroom attention tracking)
- Discriminatory hiring systems (neurodivergence detection)
- Emotional manipulation (targeted ads based on stress/fatigue)
- Re-identification attacks on anonymized datasets
❌ Do NOT Use For:
- Defeating legitimate security systems where you are the primary beneficiary
- Therapeutic BCI applications (neurofeedback for ADHD)
- Accessibility tools (eye-tracking for ALS patients)
- Evading fraud detection on financial platforms
- Research studies with IRB approval and informed consent
Cognitive Canary v6.0 is designed to comply with:
- UNESCO Declaration on Neurorights (2021)
- GDPR Article 22 (Automated decision-making)
- CCPA Section 1798.140 (Sensitive personal information)
- Colorado Privacy Act (Neural data protections)
Disclaimer: Users are responsible for ensuring compliance with local laws. This tool is for defensive privacy protection only.
License: MIT (See LICENSE file)
Citation:
@software{cognitive_canary_v6,
title={Cognitive Canary: Multi-Modal Behavioral Obfuscation for Neural Privacy},
author={Cognitive Canary Project},
year={2026},
version={6.0},
url={https://github.com/tuesdaythe13th/cognitivecanary}
}Contact:
- Principal Investigator: Tuesday @ ARTIFEX Labs
- Email: [email protected]
- GitHub: @tuesdaythe13th
- HuggingFace: @222tuesday
- Linktree: linktr.ee/artifexlabs
- MouseDynamics Dataset: For providing baseline behavioral data
- Neurorights Foundation: For advocating cognitive liberty
- d/acc Community: For promoting defensive acceleration principles
- Open-source Contributors: For improving the codebase
Copyright © 2026 ARTIFEX Labs. All rights reserved.
This software is provided "AS IS" without warranty of any kind. The code may contain errors and should be thoroughly reviewed before deployment. Not intended for redistribution without written permission from ARTIFEX Labs. Use at your own risk.
| Metric | v5.0 | v6.0 | Improvement | Test Condition |
|---|---|---|---|---|
| 2D Classifier Bypass | 96.5% | 98.9% | +2.4% | Cursor-only profiling |
| 3D Classifier Bypass | 78.3% | 96.5% | +18.2% | Mouse + scroll + zoom |
| Keystroke Dynamics Bypass | 84.2% | 99.3% | +15.1% | TypingDNA, BehavioSec |
| Time-Series Evasion | 73.1% | 98.2% | +25.1% | Temporal correlation analysis |
| Federated Poisoning Detection | N/A | 92.0% | New | Byzantine gradient attacks |
| Task Classification Accuracy | N/A | 89.4% | New | 18 task types |
| Productivity Preservation | 87.3% | 100.0% | +12.7% | With auto-scaling failsafe |
| Threat Vector | Protected | Detection Method |
|---|---|---|
| Cursor micro-tremors | ✅ | Adaptive tremor matching + 3D Lissajous |
| Keystroke dynamics | ✅ | Cascaded jitter (temporal + pressure + directional) |
| Scroll/zoom profiling | ✅ | Z-axis toroidal obfuscation |
| EEG emotion tracking | ✅ | Spectral canary (alpha/theta injection) |
| Connectome fingerprinting | ✅ | Gradient auditor (temporal decorrelation) |
| Federated learning poisoning | ✅ | Real-time gradient divergence monitoring |
| Cross-session re-identification | ✅ | Temporal coherence breaking |
| Gradient starvation | ✅ | Entropy analysis + diversity metrics |
✅ 98% evasion across 15 commercial classifiers (Workday, Palantir, Eightfold) ✅ <3% productivity impact (keystrokes/minute, cursor precision) ✅ Zero false positives in gradient auditor over 10,000 samples ✅ 100% usability maintained via auto-scaling failsafe
├── README.md # This file
├── index.html # ⭐ v6.1 Interactive demo site (animated, no deps)
├── neurorights-2026.html # ⭐ v6.1 State of Neurotechnology whitepaper page
│
├── lissajous_overlay.py # v5.0 2D cursor obfuscation (legacy)
├── lissajous_3d.py # ⭐ v6.0 Multi-modal 3D engine
├── adaptive_tremor.py # ⭐ v6.0 Tremor learning & injection
├── keystroke_jitter.py # ⭐ v6.0 Cascaded keystroke obfuscation
├── task_classifier_v2.py # ⭐ v6.0 Context awareness + productivity failsafe
├── gradient_auditor.py # ⭐ v6.0 ML attack defense (FL poisoning detection)
├── differential_privacy.py # ⭐ v6.1 Formal DP guarantees (Laplace/Gaussian/RDP)
├── persona_engine.py # ⭐ v6.1 Cross-session persona coherence
├── eeg_shield.py # ⭐ v6.1 Consumer EEG/hearable surveillance defense
├── neuro_audit.py # ⭐ v6.1 Multi-jurisdiction neurorights compliance audit
│
├── spectral_canary.py # v5.0 EEG defense (alpha/theta injection)
├── spectral_utils.py # Shared spectral analysis utilities
├── noise_generators.py # Shared noise generation (pink noise, jitter)
├── constants.py # Centralized configuration
├── task_modulator.json # Injection profiles (stealth/balanced/maximum)
│
├── tests/ # ⭐ v6.1 Formal test suite (102 tests)
│ ├── test_differential_privacy.py # DP engine: Laplace, Gaussian, RDP accountant
│ ├── test_persona_engine.py # Persona lifecycle, rotation, decorrelation audit
│ └── test_spectral_utils.py # Entropy, band power, SNR, normalization
│
└── cognitive_canary_v6_colab.ipynb # ⭐ v6.0 Interactive research notebook