- Disney+ now allows users to resume and restart content Today 11:42 AM
- New York sues JUUL for marketing to teenagers Today 11:34 AM
- The new ‘Discworld’ TV series just gender-flipped several major characters Today 10:54 AM
- David Fincher is doing a ‘Chinatown’ prequel series, naturally Today 10:43 AM
- Congress thinks Facebook is misleading you about its location tracking Today 10:36 AM
- The cast and crew of ‘The Rise of Skywalker’ offer more teases on ‘Star Wars’ conclusion Today 10:34 AM
- #FartGate takes over Twitter after lawmaker appears to pass gas on live television Today 10:24 AM
- Cop was playing YouTube video when he crashed into woman’s car at 70 mph Today 10:10 AM
- 5 last-minute gift ideas people actually want Today 9:51 AM
- South Dakota anti-meth campaign goes viral—and officials love it Today 9:38 AM
- Jeffrey Epstein guards arrested, to be charged Today 9:05 AM
- TikTok teens are savaging Mayor Pete’s ‘High Hopes’ dance Today 8:41 AM
- The coolest Easter eggs in HBO’s ‘Watchmen’ Today 8:13 AM
- Billie Eilish hit herself in the face with a mic—and reminded us why we love her Today 8:01 AM
- Review: Wyze’s budget security cams easily compete with big-name brands Today 7:16 AM
The light surrounding you this very second may be used to expose how much money you make, where you live, when you’re home, and much more.
That’s the big takeaway from a new analysis of ambient light sensors by Lukasz Olejnik, a London-based security and privacy consultant and a researcher at University College London. He warns that the data created by device light sensors may betray user privacy far more than anyone previously imagined.
“Lighting conditions in the user’s surrounding convey rich and sensitive data describing users and their behavior,” writes Olejnik. “This information could be hijacked and abused, applied to profile the users and perhaps discriminate them.”
Found in smartphones and many laptops, like Apple‘s array of MacBooks, light sensors are generally used do simple things, such as adjust screen brightness. “Ambient Light has already received considerable adoption,” Olejnik tells the Daily Dot in an email. “It is present under Firefox and soon will be provided on Chrome.”
The expanding adoption means ambient light data will be available to virtually any website you visit thanks to the rollout of the Ambient Light Sensors API.
When the API is incorporated into all web browsers, Olejnik says, a couple of things will happen. On a positive note, he writes, “web designers will be enabled to unleash their creativity” by utilizing the data created by your device’s ambient light sensor. More worrisome, Olejnik notes, is that this data “conveys information about the user, the user’s environment, the user’s behavior and life patterns.”
Ambient light sensors work by turning the nature of the light surrounding a device into a specific number value called lux (lx). Using Firefox Mobile on an Android device, Olejnik found the data collected represented in this way:
Because these values are so specific, a website or a hacker could use this data to identify specific users. More troubling, writes Olejnik, this data could be used to “map the user’s home arrangement,” and “discover its size, number or rooms” or more about the user’s environment, including the time of day a user is working, how frequently a user moves around the house or leaves altogether, or simply the type of lighting a particular person prefers.
“Such information is related to the user’s financial situation, and consequently it would lead to a profile the user—allowing to assign him to a particular category such as ‘this user has a large house, he is wealthy,’” writes Olejnik. “Why not target web content based on this information?”
Wealth data is already widely used by online retailers. If you use Apple products to buy a plane ticket online, for example, you may be charged a higher price than someone buying the same ticket from a low-end Chromebook.
Another concern Olejnik identifies is cross-device tracking. If a person uses their phone and MacBook in the same room, for example, someone with access to the ambient light data could compare the values delivered from one device to the values of other devices to figure out whether the same person is using two separate devices. This problem may be enhanced by Internet of Things devices, which could also utilize ambient light sensors and transmit that data over to third parties.
Olejnik, whose research previously exposed the ways battery life could be used to identify and track users, has launched a new research project, SensorsPrivacy, which allows volunteers to share with him their ambient light sensor data so that he can further delve into the subject.
Despite the potential privacy risks, Olejnik tells the Daily Dot that internet users should not overreact.
“I am not arguing that users should be wearing any form of tinfoil hat. Technology should be friendly and with safe defaults,” Olejnik says. “This is one of the aims of SensorsPrivacy.com,” which he says has “a number of different aims.”
“One of them is to understand the data differences between various configurations and architectures,” he says. “The project will be gradually expanding, trying to identify and study new issues.”
In the meantime, Olejnik suggests any web browsers that utilize the Ambient Light Sensors API limit the lux values they transmit to a lesser degree of precision, which would make the data more generic and less revealing about users.
Update 1:43pm CT, Aug. 31: Added additional comment from Olejnik.
Contact the author: Andrew Couts, [email protected]
Andrew Couts is the former editor of Layer 8, a section dedicated to the intersection of the Internet and the state—and the gaps in between. Prior to the Daily Dot, Couts served as features editor and features writer for Digital Trends, associate editor of TheWeek.com, and associate editor at Maxim magazine. When he’s not working, Couts can be found hiking with his German shepherds or blasting around on motorcycles.