cancel
Showing results for 
Search instead for 
Did you mean: 

HTML5 is an invasion of your privacy

VileReynard
Seasoned Pro
Posts: 10,583
Thanks: 192
Fixes: 9
Registered: 01-09-2007

HTML5 is an invasion of your privacy

Quote
A little-known feature of the HTML5 specification means that websites can find out how much battery power a visitor has left on their laptop or smartphone – and now, security researchers have warned that that information can be used to track browsers online.
The battery status API is currently supported in the Firefox, Opera and Chrome browsers, and was introduced by the World Wide Web Consortium (W3C, the organisation that oversees the development of the web’s standards) in 2012, with the aim of helping websites conserve users’ energy. Ideally, a website or web-app can notice when the visitor has little battery power left, and switch to a low-power mode by disabling extraneous features to eke out the most usage.
W3C’s specification explicitly frees sites from needing to ask user permission to discover they remaining battery life, arguing that “the information disclosed has minimal impact on privacy or fingerprinting, and therefore is exposed without permission grants”. But in a new paper from four French and Belgian security researchers, that assertion is questioned.....

Quote
For instance, if a user visits a website in Chrome’s private browsing mode using a VPN, the website should not be able to link them to a subsequent visit with private browsing and the VPN off. But the researchers warn that that may no longer work: “Users who try to revisit a website with a new identity may use browsers’ private mode or clear cookies and other client side identifiers. When consecutive visits are made within a short interval, the website can link users’ new and old identities by exploiting battery level and charge/discharge times. The website can then reinstantiate users’ cookies and other client side identifiers, a method known as respawning.”

http://www.theguardian.com/technology/2015/aug/03/privacy-smartphones-battery-life

9 REPLIES
Community Veteran
Posts: 3,274
Thanks: 339
Fixes: 12
Registered: 24-10-2013

Re: HTML5 is an invasion of your privacy

non-issue.
why is it a problem if a website knows how much battery power a device has?
Moderator
Moderator
Posts: 25,773
Thanks: 1,127
Fixes: 47
Registered: 14-04-2007

Re: HTML5 is an invasion of your privacy

Surely you wouldn't be happy that the world and it's grandmother can find out the charge state of your laptop battery.
Where will it all end Shocked
Customer and Forum Moderator.
Product of the Tyrell Corporation
Community Veteran
Posts: 3,274
Thanks: 339
Fixes: 12
Registered: 24-10-2013

Re: HTML5 is an invasion of your privacy

it's currently 55%  Cool
Community Veteran
Posts: 6,586
Thanks: 206
Fixes: 14
Registered: 16-02-2009

Re: HTML5 is an invasion of your privacy

Mine is at 0, been switched off for about 6 months. Now power state on my pc.
VileReynard
Seasoned Pro
Posts: 10,583
Thanks: 192
Fixes: 9
Registered: 01-09-2007

Re: HTML5 is an invasion of your privacy

The state of your battery in a laptop or mobile, especially if several values can be obtained and effectively sends a unique identifier back to the server.
So despite strenuous efforts by the user, they can't avoid being tracked.

Community Veteran
Posts: 4,766
Thanks: 1,051
Fixes: 27
Registered: 16-10-2014

Re: HTML5 is an invasion of your privacy

There are only 8 distinct properties available via the API, and the values could easily be duplicate across site visitors making unique tracking harder but as it's not supported on Safari Desktop or Mobile, I'm not bothered  Grin
Community Veteran
Posts: 6,307
Thanks: 86
Fixes: 3
Registered: 08-01-2008

Re: HTML5 is an invasion of your privacy

Anyone deciding to wrap their mobile device battery in tinfoil to avoid being identified by HTML5 is strongly advised to ensure that the tinfoil does not come in contact with the electrical contacts (a good few mm of clearance is recommended) or your Lithium battery might get shorted causing fire or explosion and a risk of injury or death (as well as a cloud of smoke with a uniquely identifiable 'signature' potentially allowing you to be traced), best keep your tinfoil for traditional hat-making purposes TBH.
Call me 'w23'
At any given moment in the universe many things happen. Coincidence is a matter of how close these events are in space, time and relationship.
Opinions expressed in forum posts are those of the poster, others may have different views.
Community Veteran
Posts: 16,836
Thanks: 1,124
Fixes: 13
Registered: 06-11-2007

Re: HTML5 is an invasion of your privacy

Of course.....  You can`t be tracked via the mobile phone GPS can you..............  ?  ? Huh Huh  probably more reliable than when your battery is running low....  Cheesy
nanotm
Pro
Posts: 5,671
Thanks: 108
Fixes: 1
Registered: 11-02-2013

Re: HTML5 is an invasion of your privacy

given that the vast majority of websites try to interrogate your device's location tracking software begin id'd via the battery api isn't worth the bother of mentioning, I get far more concerned about the fact I used a supposedly private mode on a system to check something and 10 minutes later has cross platform add's for the very same thing I had just been checking all because both systems utilised the location tracking without asking ......makes a mockery of privacy altogether and is bloody annoying when you share hardware assets with a partner but are trying to browse for a gift ......
just because your paranoid doesn't mean they aren't out to get you