
Battery Endangers Privacy
We live in an era in which privacy is a double-edged subject. You can practically do whatever you want without anybody knowing that you are doing it. But if somebody really wants to find out what you are doing, they will.
The incognito session is over because web users can be tracked via batteries. A team of European security experts published a paper in which they show how the battery life of a mobile device can be used to see web browsing habits of Firefox users on Linux. It can be easily done if one uses the HTML5 Battery Status API.
In the paper The Leaking Battery: A Privacy Analysis of The HTML5 Battery Status API researchers identified that API allows websites to check the users’ battery life without gaining their consent. There is no evil intention here. The process is only aiming at improving web browsing experience depending on battery life.
The main purpose of API is to notify websites to switch from high-power to energy-saving versions if they see that your battery is running low. The main concern researchers had was related to how the API was implemented: it could be used as a tracking device, allowing sites to check browsing history over different sessions and even after cookies were deleted.
So how could this even happen? The source of the issue was the precision with which it tracked battery life percentage through Firefox. The value “64 bit double precision floating point format and multipl[ying] it by 0.01 to obtain the battery level” could track a mobile device, be it a laptop or smartphone. The researchers stated the following:
“A third-party script that is present across multiple websites can link users’ visits in a short time interval by exploiting the battery information […] scripts can use the values of battery level, dischargingTime and chargingTime. The readings will be consistent on each of the sites, because of the fact that the update intervals (and their times) are identical.”
The issue was identified only for the Firefox browser and has been fixed on June this year. But solving the problem does not account for the fact that all Firefox users have their data stored on scripts from different sites.
It is yet another example as to how ambiguous the entire privacy subject is. We can only hope that specialists and producers only have to learn from this situation so that they keep our data safe.
Photo Credits bitrebels.com