A team from Princeton University found that websites could use battery information to monitor people as they surf the web. Your battery status may now provide a way for websites to track you online. Originally intended to allow websites to serve you a “low power” version when your battery is low, researchers now say it’s being used for more.
HTML5 added functionality that takes information of your battery life percentage and time to discharge, as well as how long it would take to charge your phone, usable by website developers. Security researchers warned last year that it could also be used to write code to track your online activity, and now a Princeton University research team was able to confirm that this is actually happening.
Steve Engelhard and Arvind Narayanan – academics from Stanford University, found two instances where code used the combination of the above information to track users across the site where it was found. Now we should mention that HTML5 is not sending a unique identifier with the information it’s sending about your battery, however the unique combinations of the numbers would give websites a way to match your battery information with your IP with fairly good certainty.
The worst part of this attack is that it’s hard to mitigate against it. You can’t deal with it as easily as you would wipe your browser cookies. VPNs and AdBlockers won’t help either. The only option is to plug the device into the mains.
While there isn’t an easy way to disable the Battery Status feature right now (unless you use FireFox), there are rumors that browser vendors are looking to introduce features that will allow them to disable this, as they have with HTML5’s notifications and location features.