HTML5 added functionality that makes information on your battery life percentage and time to discharge, as well as how long it would take to charge your phone, usable by website developers. Security researchers warned last year that it could also be used to write code to track your online activity, and now a Princeton University research team was able to confirm that this is actually happening.
Researchers found two instances where code used the combination of the above information to track users across the site where it was found. Now we should mention that HTML5 is not sending a unique identifier with the information it’s sending about your battery, however the unique combinations of the numbers would give websites a way to match your battery information with your IP with fairly good certainty.
Why would this be important? These websites could improve targeting of their ads to you, or in the presence of an ad-blocker, even still be able to track your browsing habits through a built-in feature of your web browser. There’s a whole host of possible uses, but they all center around tracking you even if you’ve done your best to prevent it.
“Even [the] most unlikely mechanisms bring unexpected consequences from [a] privacy point of view,” wrote researcher Lukasz Olejnik, who was one of the security researchers who initially discovered the problem last year. “That’s why it is necessary to analyze new features, standards, designs, architectures, and products with a privacy angle.”
W3C, the standards body behind HTML5, is aware of the vulnerability and has been in contact with Olejnik and the other researchers. It’s less clear if the body intends to do anything about the issue, since it appears the only way to fix it would be to remove it altogether.
