Now You Can Be Tracked By Websites you visit via Your Device Battery Status

battery-iconsIn one of the newest development in the IT Industry, Website owners keen on tracking internet users have yet another means of doing so by simply requesting for it from the browser. This is courtesy of a feature the W3C added to HTML5 that lets a website interrogate the state of a visitor’s battery.
According to the research paper by International Association for Cryptologic Research, “all the information exposed by the Battery Status API is available without users’ permission or awareness.” The original rationale behind the spec was that if a server could access a user’s battery state, it could send out a lighter and less resource demanding version of a page for someone with low battery remaining, and heavier versions for people with full battery life. “Although the potential privacy problems … were discussed by Mozilla and Tor Browser developers as early as 2012 [when the API was introduced], neither the API nor the Firefox implementation has undergone a major revision,” the paper states.

Battery properties available to websites include the level, chargingTime, and dischargingTime by calling the navigator.getBattery() method in JavaScript. “When consecutive visits are made within a short interval, the website can link users’ new and old identities by exploiting battery level and charge/discharge times. The website can then reinstantiate users’ cookies and other client side identifiers, a method known as respawning,” the paper claims.
“Note that, although this method of exploiting battery data as a linking identifier would only work for short time intervals, it may be used against power users who can not only clear their cookies but can go to great lengths to clear their evercookies.” The API is only implemented in Firefox, Chrome, and Opera at the moment.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: