- Christina Hendricks reveals she was the hand model for ‘American Beauty’ 3 Years Ago
- Why can’t independent feminist websites stay afloat? 3 Years Ago
- Far-right troll Jacob Wohl scammed a Trump fan out of $25,000 3 Years Ago
- How to stream Browns vs. Buccaneers in key preseason action Today 7:02 AM
- Harness the power of sun: The best solar-powered phone charges Today 6:00 AM
- Majority of threats made since El Paso and Dayton shootings have been made online Thursday 8:00 PM
- Miley Cyrus tweets about cheating allegations and penis cake drama Thursday 6:32 PM
- ‘The Dark Crystal: Age of Resistance’ dazzles with a timely tale Thursday 6:00 PM
- The DOJ emailed a white nationalist blog post to immigration judges Thursday 5:31 PM
- The Amazon rainforest is on fire–and people are using memes to cope Thursday 4:11 PM
- Microsoft contractors listened in on Xbox users Thursday 2:15 PM
- Anti-vaxxer assaults pro-vaccine lawmaker on Facebook Live (updated) Thursday 2:15 PM
- Oreos licked by singer Lewis Capaldi are being auctioned off on eBay Thursday 1:54 PM
- Zach Braff predicted Sean Spicer would be on ‘Dancing With the Stars’ 2 years ago Thursday 1:38 PM
- NYPD sergeant who watched Eric Garner die punished with lost vacation days Thursday 1:27 PM
The light surrounding you this very second may be used to expose how much money you make, where you live, when you’re home, and much more.
That’s the big takeaway from a new analysis of ambient light sensors by Lukasz Olejnik, a London-based security and privacy consultant and a researcher at University College London. He warns that the data created by device light sensors may betray user privacy far more than anyone previously imagined.
“Lighting conditions in the user’s surrounding convey rich and sensitive data describing users and their behavior,” writes Olejnik. “This information could be hijacked and abused, applied to profile the users and perhaps discriminate them.”
Found in smartphones and many laptops, like Apple‘s array of MacBooks, light sensors are generally used do simple things, such as adjust screen brightness. “Ambient Light has already received considerable adoption,” Olejnik tells the Daily Dot in an email. “It is present under Firefox and soon will be provided on Chrome.”
The expanding adoption means ambient light data will be available to virtually any website you visit thanks to the rollout of the Ambient Light Sensors API.
When the API is incorporated into all web browsers, Olejnik says, a couple of things will happen. On a positive note, he writes, “web designers will be enabled to unleash their creativity” by utilizing the data created by your device’s ambient light sensor. More worrisome, Olejnik notes, is that this data “conveys information about the user, the user’s environment, the user’s behavior and life patterns.”
Ambient light sensors work by turning the nature of the light surrounding a device into a specific number value called lux (lx). Using Firefox Mobile on an Android device, Olejnik found the data collected represented in this way:
Because these values are so specific, a website or a hacker could use this data to identify specific users. More troubling, writes Olejnik, this data could be used to “map the user’s home arrangement,” and “discover its size, number or rooms” or more about the user’s environment, including the time of day a user is working, how frequently a user moves around the house or leaves altogether, or simply the type of lighting a particular person prefers.
“Such information is related to the user’s financial situation, and consequently it would lead to a profile the user—allowing to assign him to a particular category such as ‘this user has a large house, he is wealthy,’” writes Olejnik. “Why not target web content based on this information?”
Wealth data is already widely used by online retailers. If you use Apple products to buy a plane ticket online, for example, you may be charged a higher price than someone buying the same ticket from a low-end Chromebook.
Another concern Olejnik identifies is cross-device tracking. If a person uses their phone and MacBook in the same room, for example, someone with access to the ambient light data could compare the values delivered from one device to the values of other devices to figure out whether the same person is using two separate devices. This problem may be enhanced by Internet of Things devices, which could also utilize ambient light sensors and transmit that data over to third parties.
Olejnik, whose research previously exposed the ways battery life could be used to identify and track users, has launched a new research project, SensorsPrivacy, which allows volunteers to share with him their ambient light sensor data so that he can further delve into the subject.
Despite the potential privacy risks, Olejnik tells the Daily Dot that internet users should not overreact.
“I am not arguing that users should be wearing any form of tinfoil hat. Technology should be friendly and with safe defaults,” Olejnik says. “This is one of the aims of SensorsPrivacy.com,” which he says has “a number of different aims.”
“One of them is to understand the data differences between various configurations and architectures,” he says. “The project will be gradually expanding, trying to identify and study new issues.”
In the meantime, Olejnik suggests any web browsers that utilize the Ambient Light Sensors API limit the lux values they transmit to a lesser degree of precision, which would make the data more generic and less revealing about users.
Update 1:43pm CT, Aug. 31: Added additional comment from Olejnik.
Contact the author: Andrew Couts, [email protected]
Andrew Couts is the former editor of Layer 8, a section dedicated to the intersection of the Internet and the state—and the gaps in between. Prior to the Daily Dot, Couts served as features editor and features writer for Digital Trends, associate editor of TheWeek.com, and associate editor at Maxim magazine. When he’s not working, Couts can be found hiking with his German shepherds or blasting around on motorcycles.