Firefox Removing Battery Status API
Firefox is removing the battery status API, citing privacy concerns. Here’s the paper that described those concerns:
Abstract. We highlight privacy risks associated with the HTML5 Battery Status API. We put special focus on its implementation in the Firefox browser. Our study shows that websites can discover the capacity of users’ batteries by exploiting the high precision readouts provided by Firefox on Linux. The capacity of the battery, as well as its level, expose a fingerprintable surface that can be used to track web users in short time intervals. Our analysis shows that the risk is much higher for old or used batteries with reduced capacities, as the battery capacity may potentially serve as a tracking identifier. The fingerprintable surface of the API could be drastically reduced without any loss in the API’s functionality by reducing the precision of the readings. We propose minor modifications to Battery Status API and its implementation in the Firefox browser to address the privacy issues presented in the study. Our bug report for Firefox was accepted and a fix is deployed.
W3C is updating the spec. Here’s a battery tracker found in the wild.
aconrad • November 7, 2016 3:08 PM
Privacy-invading features manage to get into browsers all the time, but this one surprises me. Someone thought it was a good idea for a website to be able to query my battery level? And this isn’t some forgotten decade-old thing, it was added in the last year!
The justification? “Without knowing the battery status of a device, a web developer must design the web application with an assumption of sufficient battery level for the task at hand. This means the battery of a device may exhaust faster than desired because web developers are unable to make decisions based on the battery status. Given knowledge of the battery status, web developers are able to craft web content and applications which are power-efficient” [only when they detect the battery is dying, presumably–because if they were efficient before that, they wouldn’t need to know the battery state, would they?].
So, they decided people should be able to query your battery level and charging/discharging times/status to make, basically, a binary decision. I’d be curious to know whether anyone’s using this, and if so, is the high-battery-drain version something I’d actually want? Or should we just program our browsers to report a battery in its death throes, to get a more pleasant experience. (We used to just disable Javascript when we wanted web sites to stop wasting CPU, but “modern” sites seem intent on forcing everyone to enable scripts.)
By the way, the spec papers over the idea of privacy: “The user agent SHOULD not expose high precision readouts of battery status information as that can introduce a new fingerprinting vector.” But really, you can tell they don’t care because they defined chargingTime and dischargingTime in seconds. And because a lot of “MUST” requirements conflict with “The user agent MAY obfuscate the exposed value”.