Firefox Removes Battery Status API Used To Track Users
Battery Status API was found to be a privacy concern.
Mozilla has announced that future versions of Firefox will remove the Battery Status API due to privacy problems.
The Battery Status API allowed websites to get information about the battery level of the user’s device via their web browser. It was intended to be a helpful way for sites to know when they should converse power usage.
But researchers from France and Belgium quickly found that it was very easy to misuse this functionality to identify and track users. While their paper was published over a year ago, increased interest in internet privacy and new evidence that the feature was not being used legitimately has now led Mozilla to axe the feature.
The Battery Status API posed a specific danger because the data identified the computer itself, not the browser. Researchers found that users could actually be tracked across browsers.
The Battery Status API is being removed in Firefox 52, which is due out in March of next year. The feature has been implemented in Firefox since 2012, and Chrome since 2014.
Privacy Risks
The Battery Status API, which was originally designed by the W3C, has four main functions. It can measure the current battery level, if the battery is currently charging, and how long the battery is to being fully charged and completely empty.
When investigating if removing the API was the right choice, Mozilla’s engineers looked at how the API was being used. They found multiple cases where it was being used to collect data and track users. But they were not able to find any “legitimate use cases of the API.”
The feature was intended to tell websites when a user’s battery was low. The idea was that a site could use this information to slow down or stop power-hungry features, such as auto-playing videos; or take the opportunity to save the user’s work automatically. However, there was little evidence any websites were doing this.
Instead, there seemed to be more value in using the reported battery status to “fingerprint” users. Fingerprinting is when multiple data points are used to uniquely identify you, or your computer.
That data may not reveal your real-world identity, like your name. But it often gives enough information to identify your device and assign a unique identifier, like “User1005.” Pervasive tracking can then make it possible to then track User1005’s activity across the internet.
Fingerprinting is easier than you may think. The Electronic Frontier Foundation (EFF)’s Panopticlick project shows just how much data can be collected from your internet browser. Even seemingly harmless things like what fonts are installed on your computer can contribute significantly to a unique digital fingerprint.
Google’s Chrome browser still supports the Battery Status API and you can see it in action here. It can get realtime updates on the batteries’ activity. The W3C has been discussing what can be done to improve the AP
5 Ways to Determine if a Website is Fake, Fraudulent, or a Scam – 2018
in Hashing Out Cyber SecurityHow to Fix ‘ERR_SSL_PROTOCOL_ERROR’ on Google Chrome
in Everything EncryptionRe-Hashed: How to Fix SSL Connection Errors on Android Phones
in Everything EncryptionCloud Security: 5 Serious Emerging Cloud Computing Threats to Avoid
in ssl certificatesThis is what happens when your SSL certificate expires
in Everything EncryptionRe-Hashed: Troubleshoot Firefox’s “Performing TLS Handshake” Message
in Hashing Out Cyber SecurityReport it Right: AMCA got hacked – Not Quest and LabCorp
in Hashing Out Cyber SecurityRe-Hashed: How to clear HSTS settings in Chrome and Firefox
in Everything EncryptionRe-Hashed: The Difference Between SHA-1, SHA-2 and SHA-256 Hash Algorithms
in Everything EncryptionThe Difference Between Root Certificates and Intermediate Certificates
in Everything EncryptionThe difference between Encryption, Hashing and Salting
in Everything EncryptionRe-Hashed: How To Disable Firefox Insecure Password Warnings
in Hashing Out Cyber SecurityCipher Suites: Ciphers, Algorithms and Negotiating Security Settings
in Everything EncryptionThe Ultimate Hacker Movies List for December 2020
in Hashing Out Cyber Security Monthly DigestAnatomy of a Scam: Work from home for Amazon
in Hashing Out Cyber SecurityThe Top 9 Cyber Security Threats That Will Ruin Your Day
in Hashing Out Cyber SecurityHow strong is 256-bit Encryption?
in Everything EncryptionRe-Hashed: How to Trust Manually Installed Root Certificates in iOS 10.3
in Everything EncryptionHow to View SSL Certificate Details in Chrome 56
in Industry LowdownPayPal Phishing Certificates Far More Prevalent Than Previously Thought
in Industry Lowdown