- How to watch ‘Million Dollar Listing Los Angeles’ online free 2 Years Ago
- The trailer for the final episodes of ‘Unbreakable Kimmy Schmidt’ is here Today 1:52 AM
- Guy gets roasted for throwing razor in the toilet to protest Gillette Wednesday 9:23 PM
- Experts warn of uptick in ‘Ryuk’ ransomware after hackers net $3.7 million Wednesday 7:03 PM
- Video game composer boycotts Gillette after anti-toxic masculinity ad Wednesday 6:05 PM
- Steve Carell sitcom ‘Space Force’ heading to Netflix Wednesday 5:30 PM
- Ocasio-Cortez’s ‘run train’ phrase becomes conservative sex controversy Wednesday 5:25 PM
- ‘Into’ is a reminder that queer businesses can be hurt by straight leaders Wednesday 5:13 PM
- TSA agents are the latest tool in the government shutdown meme war Wednesday 4:22 PM
- YouTube still hosting bestiality images year after crackdown pledge Wednesday 4:13 PM
- YouTuber quits fight after Darth Vader fan film claimed by Disney Wednesday 3:26 PM
- Millions of Fortnite accounts exposed via Epic Games website exploit Wednesday 2:26 PM
- A man found a camera in his Airbnb and the company didn’t seem to care Wednesday 2:00 PM
- A redditor planted an Easter egg in Hulu’s Fyre Fest doc Wednesday 1:51 PM
- This new revelation about Woody from ‘Toy Story’ will blow your mind Wednesday 1:35 PM
Light sensor data will soon be transmitted by every web browser, which may cause serious privacy risks.
The light surrounding you this very second may be used to expose how much money you make, where you live, when you’re home, and much more.
That’s the big takeaway from a new analysis of ambient light sensors by Lukasz Olejnik, a London-based security and privacy consultant and a researcher at University College London. He warns that the data created by device light sensors may betray user privacy far more than anyone previously imagined.
“Lighting conditions in the user’s surrounding convey rich and sensitive data describing users and their behavior,” writes Olejnik. “This information could be hijacked and abused, applied to profile the users and perhaps discriminate them.”
Found in smartphones and many laptops, like Apple‘s array of MacBooks, light sensors are generally used do simple things, such as adjust screen brightness. “Ambient Light has already received considerable adoption,” Olejnik tells the Daily Dot in an email. “It is present under Firefox and soon will be provided on Chrome.”
The expanding adoption means ambient light data will be available to virtually any website you visit thanks to the rollout of the Ambient Light Sensors API.
When the API is incorporated into all web browsers, Olejnik says, a couple of things will happen. On a positive note, he writes, “web designers will be enabled to unleash their creativity” by utilizing the data created by your device’s ambient light sensor. More worrisome, Olejnik notes, is that this data “conveys information about the user, the user’s environment, the user’s behavior and life patterns.”
Ambient light sensors work by turning the nature of the light surrounding a device into a specific number value called lux (lx). Using Firefox Mobile on an Android device, Olejnik found the data collected represented in this way:
Because these values are so specific, a website or a hacker could use this data to identify specific users. More troubling, writes Olejnik, this data could be used to “map the user’s home arrangement,” and “discover its size, number or rooms” or more about the user’s environment, including the time of day a user is working, how frequently a user moves around the house or leaves altogether, or simply the type of lighting a particular person prefers.
“Such information is related to the user’s financial situation, and consequently it would lead to a profile the user—allowing to assign him to a particular category such as ‘this user has a large house, he is wealthy,’” writes Olejnik. “Why not target web content based on this information?”
Wealth data is already widely used by online retailers. If you use Apple products to buy a plane ticket online, for example, you may be charged a higher price than someone buying the same ticket from a low-end Chromebook.
Another concern Olejnik identifies is cross-device tracking. If a person uses their phone and MacBook in the same room, for example, someone with access to the ambient light data could compare the values delivered from one device to the values of other devices to figure out whether the same person is using two separate devices. This problem may be enhanced by Internet of Things devices, which could also utilize ambient light sensors and transmit that data over to third parties.
Olejnik, whose research previously exposed the ways battery life could be used to identify and track users, has launched a new research project, SensorsPrivacy, which allows volunteers to share with him their ambient light sensor data so that he can further delve into the subject.
Despite the potential privacy risks, Olejnik tells the Daily Dot that internet users should not overreact.
“I am not arguing that users should be wearing any form of tinfoil hat. Technology should be friendly and with safe defaults,” Olejnik says. “This is one of the aims of SensorsPrivacy.com,” which he says has “a number of different aims.”
“One of them is to understand the data differences between various configurations and architectures,” he says. “The project will be gradually expanding, trying to identify and study new issues.”
In the meantime, Olejnik suggests any web browsers that utilize the Ambient Light Sensors API limit the lux values they transmit to a lesser degree of precision, which would make the data more generic and less revealing about users.
Update 1:43pm CT, Aug. 31: Added additional comment from Olejnik.
Contact the author: Andrew Couts, [email protected]
Andrew Couts is the former editor of Layer 8, a section dedicated to the intersection of the Internet and the state—and the gaps in between. Prior to the Daily Dot, Couts served as features editor and features writer for Digital Trends, associate editor of TheWeek.com, and associate editor at Maxim magazine. When he’s not working, Couts can be found hiking with his German shepherds or blasting around on motorcycles.