It Is Now Possible To Track You Using Your Smartphone's Battery Life

The field of big data and its usage for the purpose of marketing is no secret. The advertisements or suggestions that we see based on our browsing history is pretty evident. One of the ways that we think of (or atleast I do) to evade such promotions is to go incognito so that we are not recognized by our browsing history. But now, it has come to light that even going incognito or installing AdBlock Plus for that matter doesn’t prevent the website from recognizing you. The visitor’s battery too can be used for the purpose of distinguishing users and recognizing them.

The HTML5 Battery Status API was introduced 3 years ago. The purpose of the API was to find out the remaining battery life of the device, mobile or smartphone, that the user is using and if the battery is too low, then the irrelevant part of the webpage i.e. the advertisements, the animations etc. are reduced to save the user’s battery. Sounds good, right? It is. But there is a catch here. The information exposed by the Battery Status API can be extracted without the user’s awareness or permission and according to the writers of a #-Link-Snipped-# who are the members of the International Association for Cryptographic Research (IACR), the API enables the fingerprinting and tracking of devices with batteries within short time intervals.

battery_life

Using the API, the battery properties available to websites include the level, chargingTime, and dischargingTime by calling the navigator.getBattery() method in JavaScript. If you as a user keeps multiple web pages open in multiple tabs of a browser, then a third-party script present on these websites can read the level, discharging time etc. of your device. These readings will be consistent, because the update intervals of the battery will be same on all the websites. This enables the third-party to link these concurrent visits. So essentially, the sites that you are visiting now is known to the third party.

If you visit a single website consecutively, you probably do so in ‘private browsing’ or by clearing the cookies to avoid being recognized. But when consecutive visits are made in short time intervals, the website can form a link between the new and old identities of user through the battery level and charge/discharge times. Once the identity of user is established, the website can then reopen user cookies and other identifiers which is known as respawning.

Naturally, its huge concern for the users and violation of their right to privacy. The paper written by the IACR members suggests ways to W3C to overcome this invasion meanwhile providing them with the battery information they require to function efficiently. Hopefully, W3C will take a note of this and implement the solution.

Via: #-Link-Snipped-#

Replies

You are reading an archived discussion.

Related Posts

Can Somebody tell me doing course from Vector india is good.tell me more about recuritment?
Hello, All I'm a 2015 ECE batch passout. I am planning to join Software manual testing and automation course as I can't afford to join any ECE core courses. I...
In which stream can we explore better in present scenario of IT field..Can anyone give a clear idea about SAP, JAVA, .NET, ORACLE, BIPM, UNIX CPP, ASSURANCE, MAINFRAMES ETC..
my groupmates come up with an idea of innovating the wireless mouse with scanner and a memory for storing the scanned image. but our professor required us to program an...
Hi friends i m really booring about my life what to do i m not getting . whats my mistake also i m not getting .