- How to stream MLB Network for free 3 Years Ago
- BTS fans at war over these divisive Mattel dolls 3 Years Ago
- ‘ReMastered: The Miami Showband Massacre’ revisits one of Ireland’s greatest tragedies Today 7:00 AM
- 12 underrated Netflix comedy specials you should watch now Today 7:00 AM
- Debunking the biggest Alexandria Ocasio-Cortez conspiracy theories Today 6:30 AM
- How to make calls on Google Home Today 6:00 AM
- We now probably know the final runtime for ‘Avengers: Endgame’ Monday 11:06 PM
- Cardi B says she drugged, robbed men in her past on Instagram Live Monday 8:03 PM
- Twitter thread roasts bathtub tray ads for women Monday 7:21 PM
- Nintendo set to release two new models of the Switch—possibly in 2019 Monday 6:45 PM
- Viral cat video ‘Dear Kitten’ finds new life in TikTok challenge Monday 5:30 PM
- Here’s every show that was announced at the Apple TV+ kickoff Monday 3:53 PM
- ‘Shazam!’ embraces the spectacle and heart of the superhero genre Monday 3:45 PM
- How to mute Twitter’s suggested tweets on your timeline Monday 3:02 PM
- What you need to know about Apple’s new streaming service Monday 2:32 PM
Light sensor data will soon be transmitted by every web browser, which may cause serious privacy risks.
The light surrounding you this very second may be used to expose how much money you make, where you live, when you’re home, and much more.
That’s the big takeaway from a new analysis of ambient light sensors by Lukasz Olejnik, a London-based security and privacy consultant and a researcher at University College London. He warns that the data created by device light sensors may betray user privacy far more than anyone previously imagined.
“Lighting conditions in the user’s surrounding convey rich and sensitive data describing users and their behavior,” writes Olejnik. “This information could be hijacked and abused, applied to profile the users and perhaps discriminate them.”
Found in smartphones and many laptops, like Apple‘s array of MacBooks, light sensors are generally used do simple things, such as adjust screen brightness. “Ambient Light has already received considerable adoption,” Olejnik tells the Daily Dot in an email. “It is present under Firefox and soon will be provided on Chrome.”
The expanding adoption means ambient light data will be available to virtually any website you visit thanks to the rollout of the Ambient Light Sensors API.
When the API is incorporated into all web browsers, Olejnik says, a couple of things will happen. On a positive note, he writes, “web designers will be enabled to unleash their creativity” by utilizing the data created by your device’s ambient light sensor. More worrisome, Olejnik notes, is that this data “conveys information about the user, the user’s environment, the user’s behavior and life patterns.”
Ambient light sensors work by turning the nature of the light surrounding a device into a specific number value called lux (lx). Using Firefox Mobile on an Android device, Olejnik found the data collected represented in this way:
Because these values are so specific, a website or a hacker could use this data to identify specific users. More troubling, writes Olejnik, this data could be used to “map the user’s home arrangement,” and “discover its size, number or rooms” or more about the user’s environment, including the time of day a user is working, how frequently a user moves around the house or leaves altogether, or simply the type of lighting a particular person prefers.
“Such information is related to the user’s financial situation, and consequently it would lead to a profile the user—allowing to assign him to a particular category such as ‘this user has a large house, he is wealthy,’” writes Olejnik. “Why not target web content based on this information?”
Wealth data is already widely used by online retailers. If you use Apple products to buy a plane ticket online, for example, you may be charged a higher price than someone buying the same ticket from a low-end Chromebook.
Another concern Olejnik identifies is cross-device tracking. If a person uses their phone and MacBook in the same room, for example, someone with access to the ambient light data could compare the values delivered from one device to the values of other devices to figure out whether the same person is using two separate devices. This problem may be enhanced by Internet of Things devices, which could also utilize ambient light sensors and transmit that data over to third parties.
Olejnik, whose research previously exposed the ways battery life could be used to identify and track users, has launched a new research project, SensorsPrivacy, which allows volunteers to share with him their ambient light sensor data so that he can further delve into the subject.
Despite the potential privacy risks, Olejnik tells the Daily Dot that internet users should not overreact.
“I am not arguing that users should be wearing any form of tinfoil hat. Technology should be friendly and with safe defaults,” Olejnik says. “This is one of the aims of SensorsPrivacy.com,” which he says has “a number of different aims.”
“One of them is to understand the data differences between various configurations and architectures,” he says. “The project will be gradually expanding, trying to identify and study new issues.”
In the meantime, Olejnik suggests any web browsers that utilize the Ambient Light Sensors API limit the lux values they transmit to a lesser degree of precision, which would make the data more generic and less revealing about users.
Update 1:43pm CT, Aug. 31: Added additional comment from Olejnik.
Contact the author: Andrew Couts, [email protected]
Andrew Couts is the former editor of Layer 8, a section dedicated to the intersection of the Internet and the state—and the gaps in between. Prior to the Daily Dot, Couts served as features editor and features writer for Digital Trends, associate editor of TheWeek.com, and associate editor at Maxim magazine. When he’s not working, Couts can be found hiking with his German shepherds or blasting around on motorcycles.