New Delhi: The latest to spill the beans about your online activity is your smartphone’s battery life!
Security researchers have discovered that a feature of the HTML5 specification allows websites to find out how much battery power a user has left on their browsing device and the information could then be used to snoop on their online activity.
Whenever your smartphone or your laptop goes low on battery, you hit the power saver mode by disabling features or apps that take up extra battery.
However, the battery status API (currently supported in Firefox, Opera, and Chrome browsers) explicitly frees sites from needing to ask user permission to discover the remaining battery life.
Researchers have pointed out the information a website receives is specific and even contains the estimated time in seconds the battery will take to fully discharge along with the exact battery percentage remaining.
The two numbers could be in any one of around 14 million combinations, meaning that they operate as a potential ID number. As the values update every 30 seconds, the battery status API could be used to identify users across websites, The Guardian reports.
The World Wide Web Consortium, W3C, the organization that introduced the API, argues that the information “the information disclosed has minimal impact on privacy or fingerprinting, and therefore is exposed without permission grants.”
However, researchers warn that “Users who try to revisit a website with a new identity may use browsers’ private mode or clear cookies and other client side identifiers. When consecutive visits are made within a short interval, the website can link users’ new and old identities by exploiting battery level and charge/discharge times. The website can then reinstantiate users’ cookies and other client side identifiers, a method known as respawning.”