- Skillshare is offering new users one month of premium for free 3 Years Ago
- Report: Facebook is punishing Black people for talking about racism (updated) Today 10:15 AM
- Biden brings tepid language to the healthcare debate Today 9:52 AM
- TikTok’s ‘chin on palm’ challenge has people scratching their heads Today 9:01 AM
- How to stream the 2019 NFL Draft for free Today 9:00 AM
- How to watch every movie in the MCU before ‘Avengers: Endgame’ Today 8:00 AM
- Review: The apocalypse has never been more aimless than in Days Gone Today 7:00 AM
- ‘Boston bomber voting’ discourse is America at its dumbest Today 6:30 AM
- How to watch ‘Top Gear’ for free Today 6:30 AM
- How to watch Real Madrid vs. Getafe online for free Today 6:00 AM
- How safe is the ‘safest’ place in Winterfell? Today 5:00 AM
- Gynecologist explains why garlic shouldn’t go in vaginas Wednesday 7:08 PM
- People on Twitter are posting the 5 weirdest jobs they’ve had for this meme Wednesday 6:48 PM
- Mortal Kombat 11’s Jax ends slavery—and gamers are pissed Wednesday 5:46 PM
- GPS app gave hacker ability to remotely shut off car engines Wednesday 3:58 PM
Right now, there’s nothing you can do about it.
Your battery life is betraying your identity all across the internet, potentially allowing companies to take advantage of you—even if you’ve tried to protect your privacy.
The Battery Status API is a standard used by modern web browsers on mobile devices and laptops alike. It tells websites how much battery life your device has left. On the surface, this benefits users by allowing sites to serve versions that use less power, thus preserving battery life.
As a group of researchers discovered in 2015, however, the data conveyed by the Battery Status API—battery life as a percentage and the amount of time it would take to drain or charge a device’s specific battery—creates a “fingerprintable surface” that can be used to single out users and track them online.
By combining battery life percentage and battery capacity data, the Battery Status API effectively creates this nearly unique identifier because, as researchers found, this combination only repeats itself about one out of every 14 million instances. The uniqueness of this “fingerprint” is particularly pronounced in older devices with degraded batteries, according to the 2015 research.
The existence of this battery life fingerprint means websites can track you not only across the web but also across different web browsers—yes, even in incognito mode.
Building upon the 2015 findings, Princeton researchers Steve Engelhard and Arvind Narayanan created a privacy-tracking tool called OpenWPM, which led them to discover the existence of two tracking scripts—or automated programs—that use the Battery Status API data to track devices.
“Battery Status API is currently provided with no permissions, so any script and website can assess this information,” Lukasz Olejnik, a security and privacy consultant and University College London researcher and one of the four original researchers behind the 2015 study, told the Daily Dot in an email.
Tracking is possible even when users take steps to protect their privacy. Engelhard and Narayanan found that “existing privacy tools are not effective at detecting these newer and more obscure fingerprinting techniques.” That means privacy tools like Ghostery or uBlock Origin or even a virtual private network (VPN) do not currently stop websites from tracking you through your battery life ID, though the risk is not the same for all users.
As Olejnik points out in a recent blog post on the subject, it’s not simply your privacy that’s at stake. In May, an Uber executive revealed that the company’s app knows when your phone is nearly dead—the exact point when you might be willing to pay more for a ride.
Andrew Couts is the former editor of Layer 8, a section dedicated to the intersection of the Internet and the state—and the gaps in between. Prior to the Daily Dot, Couts served as features editor and features writer for Digital Trends, associate editor of TheWeek.com, and associate editor at Maxim magazine. When he’s not working, Couts can be found hiking with his German shepherds or blasting around on motorcycles.