Websites can track your online activity via your battery status

Researchers find HTML 5 feature betrays your online habits

Websites can track people acros the internet by checking your device battery life - and may even be hoping to panic you into spending money. 

This is according to researchers at Princeton University in the US, who crawled across the top million websites to see what type of tracking they used. 

Advertisement - Article continues below

The idea of "fingerprinting" a user via battery status was first mooted last year, the report notes. This time around, researcher Steve Engelhard and Arvind Narayanan found websites are actually using the technique, with scripts combining charge level status, time to recharge and more with other identifying features including IP address.

The data is leaked via an API released as part of HTML5 in 2015, which was created to let developers serve a version of an app or site that is less of a drain on batteries for users whose charge is running low. 

The research also uncovered the use of audio, WebRTC (real-time communications) and fonts for "fingerprinting", alongside the battery API. 

The report notes that existing tracking-protection tools - such as Ghostery - are effective at battling standard tracking techniques, they "are not effective at detecting these newer and more obscure finterprinting techniques."

Lukasz Olejnik was one of the researchers who looked into the idea of tracking via the battery status API last year. He said in a blog post that the research highlights how security and privacy flaws can arise in "seemingly innocuous mechanisms". 

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

He pointed out that companies may already be "monetising" the information that your battery is running out. "When battery is running low, people might be prone to some - otherwise different - decisions," he noted in the post. "In such circumstances, users will agree to pay more for a service."

Reports suggest some companies are already considering the idea, with Uber's head of economic research saying earlier this year that customers of the taxi-hailing service were more likely to accept higher "surge" prices if their battery was low. 

Uber said at the time that it does not do that, however. "And we absolutely don't use that to kind of like push you a higher surge price, but it's an interesting kind of psychological fact of human behaviour," said Keith Chen at the time

Olejnik said some browsers are considering removing support for the battery readout APIs, while the Princeton researchers said they were examining the use of machine learning to better detect and classify trackers. 

Featured Resources

Top 5 challenges of migrating applications to the cloud

Explore how VMware Cloud on AWS helps to address common cloud migration challenges

Download now

3 reasons why now is the time to rethink your network

Changing requirements call for new solutions

Download now

All-flash buyer’s guide

Tips for evaluating Solid-State Arrays

Download now

Enabling enterprise machine and deep learning with intelligent storage

The power of AI can only be realised through efficient and performant delivery of data

Download now
Advertisement

Recommended

Visit/security/355013/10-quick-tips-to-identifying-phishing-emails
Security

10 quick tips to identifying phishing emails

16 Mar 2020
Visit/business-strategy/mergers-and-acquisitions/354941/panda-security-to-be-acquired-by-watchguard
mergers and acquisitions

Panda Security to be acquired by WatchGuard

9 Mar 2020
Visit/security/internet-security/354417/avast-and-avg-extensions-pulled-from-chrome
internet security

Avast and AVG extensions pulled from Chrome

19 Dec 2019
Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

Visit/mobile/mobile-phones/355088/apple-lifts-iphone-purchase-restrictions
Mobile Phones

Apple lifts iPhone purchase restrictions

23 Mar 2020
Visit/software/operating-systems/355080/internal-docs-show-apple-is-aware-of-ios-13-hotspot-disconnect
operating systems

Report: Apple is aware of iOS 13 hotspot disconnect issue

23 Mar 2020
Visit/security/data-breaches/355097/ge-employees-hit-by-canon-data-breach
data breaches

General Electric employees hit by Canon data breach

24 Mar 2020
Visit/security/cyber-security/355089/hackers-hit-windows-with-another-bug
cyber security

Hackers expose yet another Windows 10 vulnerability

23 Mar 2020