A team of researchers has demonstrated that the battery status indicator—you know, that seemingly harmless web standard telling you to hurry the heck up and find an outlet for your mobile device—has the potential to track you.
API, the battery status introduced in HTML5 (the fifth version of the code that currently lays out most of the web and is supported by Firefox, Opera, and Chrome browsers), enables site owners to see the percentage of battery power left in their device, as well as the time it will take to charge once connected to a power source.
The intentions behind the indicator are all well and good: websites can “read” the power state of a device, both in terms of time and percentage, automatically disabling certain power-hungry web features in an effort to conserve energy for users.
However, the researchers have proven that this information (specifically, battery life as a percentage and battery life in seconds) yields 14 million combinations that create a unique identifier for each device, affecting even those who delete cookies, browse incognito, or utilize firewalls.
But don’t go burning your phones just yet.
For one, the study was conducted only with Firefox in Linux, and the team has since filed a bug report with Mozilla to fix the issue:
“We filed a bug report for Mozilla Firefox to communicate the problem and the proposed solution,” the paper states. “The fix was quickly implemented and deployed by Mozilla engineers in response to our bug report.”
The researchers conclude with a series of possible defenses against the API (insofar as it can be used for online tracking). User permission, for example, should be required by browser vendors before deploying the API. “In this way, software could allow the users to learn and be aware about the use of the battery information on devices they own.”
Secondly, the API should avoid providing high-precision values, which would minimize the privacy threat without compromising the API’s function.
The team ends with a call to action to privacy researchers and engineers, whose ongoing analysis of web standards (and their effect on privacy) will, if nothing else, improve user transparency around these developing technologies.
All that being said, however: perhaps it is simply impossible to remain truly anonymous in this increasingly connected world.