- Why did the Israeli military tweet this thirst trap? 3 Years Ago
- Jake Paul wants you to have financial freedom… by paying him a monthly fee 3 Years Ago
- Tweets from Sanders supporters are terrifying the establishment 3 Years Ago
- Zuckerberg says he supports 1 bill in Congress that would regulate Facebook 3 Years Ago
- Uncanny ‘Back to the Future’ deepfake transports Tom Holland and Robert Downey, Jr. to 1985 Today 10:04 AM
- Everyone is doing the Renegade. Including the teen who started it Today 9:23 AM
- Reality Winner is asking for clemency—will she get it? Today 7:59 AM
- There’s a Baby Yoda mod for ‘Star Wars: Battlefront II’ Today 7:38 AM
- ‘Bachelor’ contestant apologizes for ‘White Lives Matter’ photo shoot Today 12:13 AM
- ‘Sonic The Hedgehog’ sets box office record for video game movies Sunday 8:15 PM
- Truck driver allegedly watching porn kills teen driver in a car crash Sunday 6:44 PM
- Is the Buttigieg campaign behind this pro-Pete Nigerian Twitter account? Sunday 4:58 PM
- Mask that has your face printed on it allows you to unlock your phone during viral epidemics Sunday 3:52 PM
- Justin Bieber slid into the DMs of someone who hated his new album Sunday 1:05 PM
- HQ Trivia host and co-founder in Twitter feud amid shutdown Sunday 12:10 PM
The light surrounding you this very second may be used to expose how much money you make, where you live, when you’re home, and much more.
That’s the big takeaway from a new analysis of ambient light sensors by Lukasz Olejnik, a London-based security and privacy consultant and a researcher at University College London. He warns that the data created by device light sensors may betray user privacy far more than anyone previously imagined.
“Lighting conditions in the user’s surrounding convey rich and sensitive data describing users and their behavior,” writes Olejnik. “This information could be hijacked and abused, applied to profile the users and perhaps discriminate them.”
Found in smartphones and many laptops, like Apple‘s array of MacBooks, light sensors are generally used do simple things, such as adjust screen brightness. “Ambient Light has already received considerable adoption,” Olejnik tells the Daily Dot in an email. “It is present under Firefox and soon will be provided on Chrome.”
The expanding adoption means ambient light data will be available to virtually any website you visit thanks to the rollout of the Ambient Light Sensors API.
When the API is incorporated into all web browsers, Olejnik says, a couple of things will happen. On a positive note, he writes, “web designers will be enabled to unleash their creativity” by utilizing the data created by your device’s ambient light sensor. More worrisome, Olejnik notes, is that this data “conveys information about the user, the user’s environment, the user’s behavior and life patterns.”
Ambient light sensors work by turning the nature of the light surrounding a device into a specific number value called lux (lx). Using Firefox Mobile on an Android device, Olejnik found the data collected represented in this way:
Because these values are so specific, a website or a hacker could use this data to identify specific users. More troubling, writes Olejnik, this data could be used to “map the user’s home arrangement,” and “discover its size, number or rooms” or more about the user’s environment, including the time of day a user is working, how frequently a user moves around the house or leaves altogether, or simply the type of lighting a particular person prefers.
“Such information is related to the user’s financial situation, and consequently it would lead to a profile the user—allowing to assign him to a particular category such as ‘this user has a large house, he is wealthy,’” writes Olejnik. “Why not target web content based on this information?”
Wealth data is already widely used by online retailers. If you use Apple products to buy a plane ticket online, for example, you may be charged a higher price than someone buying the same ticket from a low-end Chromebook.
Another concern Olejnik identifies is cross-device tracking. If a person uses their phone and MacBook in the same room, for example, someone with access to the ambient light data could compare the values delivered from one device to the values of other devices to figure out whether the same person is using two separate devices. This problem may be enhanced by Internet of Things devices, which could also utilize ambient light sensors and transmit that data over to third parties.
Olejnik, whose research previously exposed the ways battery life could be used to identify and track users, has launched a new research project, SensorsPrivacy, which allows volunteers to share with him their ambient light sensor data so that he can further delve into the subject.
Despite the potential privacy risks, Olejnik tells the Daily Dot that internet users should not overreact.
“I am not arguing that users should be wearing any form of tinfoil hat. Technology should be friendly and with safe defaults,” Olejnik says. “This is one of the aims of SensorsPrivacy.com,” which he says has “a number of different aims.”
“One of them is to understand the data differences between various configurations and architectures,” he says. “The project will be gradually expanding, trying to identify and study new issues.”
In the meantime, Olejnik suggests any web browsers that utilize the Ambient Light Sensors API limit the lux values they transmit to a lesser degree of precision, which would make the data more generic and less revealing about users.
Update 1:43pm CT, Aug. 31: Added additional comment from Olejnik.
Contact the author: Andrew Couts, [email protected]
Andrew Couts is the former editor of Layer 8, a section dedicated to the intersection of the Internet and the state—and the gaps in between. Prior to the Daily Dot, Couts served as features editor and features writer for Digital Trends, associate editor of TheWeek.com, and associate editor at Maxim magazine. When he’s not working, Couts can be found hiking with his German shepherds or blasting around on motorcycles.