- Pete Davidson is OK and at work following alarming Instagram post Saturday 7:26 PM
- Wisconsin Governor Scott Walker doesn’t know how to use a Venn diagram Saturday 5:38 PM
- This college student made a movie trailer to tease her boyfriend, and Twitter can’t get enough (updated) Saturday 3:13 PM
- ‘Kappa Delta Crypto’ aims to break stereotypes in five-minute Snapchat episodes Saturday 2:29 PM
- Two iPhone X customers are suing Apple over screen size Saturday 1:18 PM
- Secretary Ryan Zinke is out at the Department of the Interior Saturday 12:03 PM
- How to watch the New Orleans Bowl online for free Saturday 10:25 AM
- Prada’s racist toys pulled from shelves after social media backlash (updated) Saturday 10:22 AM
- How to watch the Camellia Bowl online for free Saturday 10:00 AM
- How to watch the Las Vegas Bowl online for free Saturday 8:30 AM
- How to watch Real Madrid vs. Rayo Vallecano online for free Saturday 7:30 AM
- ‘Runaways’ season 2 expands its universe and mysteries Saturday 7:30 AM
- How to watch the Cure Bowl online for free Saturday 7:05 AM
- How to watch Canelo Alvarez vs. Rocky Fielding for free Saturday 7:00 AM
- Politicians who inspired the internet in 2018 Saturday 6:30 AM
Right now, there’s nothing you can do about it.
Your battery life is betraying your identity all across the internet, potentially allowing companies to take advantage of you—even if you’ve tried to protect your privacy.
The Battery Status API is a standard used by modern web browsers on mobile devices and laptops alike. It tells websites how much battery life your device has left. On the surface, this benefits users by allowing sites to serve versions that use less power, thus preserving battery life.
As a group of researchers discovered in 2015, however, the data conveyed by the Battery Status API—battery life as a percentage and the amount of time it would take to drain or charge a device’s specific battery—creates a “fingerprintable surface” that can be used to single out users and track them online.
By combining battery life percentage and battery capacity data, the Battery Status API effectively creates this nearly unique identifier because, as researchers found, this combination only repeats itself about one out of every 14 million instances. The uniqueness of this “fingerprint” is particularly pronounced in older devices with degraded batteries, according to the 2015 research.
The existence of this battery life fingerprint means websites can track you not only across the web but also across different web browsers—yes, even in incognito mode.
Building upon the 2015 findings, Princeton researchers Steve Engelhard and Arvind Narayanan created a privacy-tracking tool called OpenWPM, which led them to discover the existence of two tracking scripts—or automated programs—that use the Battery Status API data to track devices.
“Battery Status API is currently provided with no permissions, so any script and website can assess this information,” Lukasz Olejnik, a security and privacy consultant and University College London researcher and one of the four original researchers behind the 2015 study, told the Daily Dot in an email.
Tracking is possible even when users take steps to protect their privacy. Engelhard and Narayanan found that “existing privacy tools are not effective at detecting these newer and more obscure fingerprinting techniques.” That means privacy tools like Ghostery or uBlock Origin or even a virtual private network (VPN) do not currently stop websites from tracking you through your battery life ID, though the risk is not the same for all users.
As Olejnik points out in a recent blog post on the subject, it’s not simply your privacy that’s at stake. In May, an Uber executive revealed that the company’s app knows when your phone is nearly dead—the exact point when you might be willing to pay more for a ride.
Andrew Couts is the former editor of Layer 8, a section dedicated to the intersection of the Internet and the state—and the gaps in between. Prior to the Daily Dot, Couts served as features editor and features writer for Digital Trends, associate editor of TheWeek.com, and associate editor at Maxim magazine. When he’s not working, Couts can be found hiking with his German shepherds or blasting around on motorcycles.