Jason Estibeiro
Jason Estibeiro
Branch Unspecified

It Is Now Possible To Track You Using Your Smartphone's Battery Life

The field of big data and its usage for the purpose of marketing is no secret. The advertisements or suggestions that we see based on our browsing history is pretty evident. One of the ways that we think of (or atleast I do) to evade such promotions is to go incognito so that we are not recognized by our browsing history. But now, it has come to light that even going incognito or installing AdBlock Plus for that matter doesn’t prevent the website from recognizing you. The visitor’s battery too can be used for the purpose of distinguishing users and recognizing them.

The HTML5 Battery Status API was introduced 3 years ago. The purpose of the API was to find out the remaining battery life of the device, mobile or smartphone, that the user is using and if the battery is too low, then the irrelevant part of the webpage i.e. the advertisements, the animations etc. are reduced to save the user’s battery. Sounds good, right? It is. But there is a catch here. The information exposed by the Battery Status API can be extracted without the user’s awareness or permission and according to the writers of a paper who are the members of the International Association for Cryptographic Research (IACR), the API enables the fingerprinting and tracking of devices with batteries within short time intervals.

battery_life

Using the API, the battery properties available to websites include the level, chargingTime, and dischargingTime by calling the navigator.getBattery() method in JavaScript. If you as a user keeps multiple web pages open in multiple tabs of a browser, then a third-party script present on these websites can read the level, discharging time etc. of your device. These readings will be consistent, because the update intervals of the battery will be same on all the websites. This enables the third-party to link these concurrent visits. So essentially, the sites that you are visiting now is known to the third party.

If you visit a single website consecutively, you probably do so in ‘private browsing’ or by clearing the cookies to avoid being recognized. But when consecutive visits are made in short time intervals, the website can form a link between the new and old identities of user through the battery level and charge/discharge times. Once the identity of user is established, the website can then reopen user cookies and other identifiers which is known as respawning.

Naturally, its huge concern for the users and violation of their right to privacy. The paper written by the IACR members suggests ways to W3C to overcome this invasion meanwhile providing them with the battery information they require to function efficiently. Hopefully, W3C will take a note of this and implement the solution.

Via: The Register

Be the first one to reply

Share this content on your social channels -

Only logged in users can reply.