
Your battery status may be used to track you online - randomname2
https://www.theguardian.com/technology/2016/aug/02/battery-status-indicators-tracking-online
======
zaroth
This was a terrible idea from the start. In the best case scenario, what is
supposed to happen? The sites I visit suddenly start being served as shells of
their former selves in order to save the compute cost of rendering them? Web
designers are supposed to figure out an entirely new design mode for the whole
site to cater to visitors with low batteries?

Now back to the real world, where many sites I visit peg my desktop CPU trying
to serve so many ads and so much tracking to squeeze every possible cent of
profitability from my visit. If there's a war against ad-blockers, did we
think these sites would relent and say, oh, OK, I see you might be low on
battery, I'll serve just the content you want _this time_?!

No, this is a purely client-side concern, with plenty of purely client-side
mitigation which can be put into place. That the protocol actually specified
14m degrees of granularity -- from what at the very least ought to have been a
binary setting -- makes me wonder if the point wasn't user tracking all along.

Missing from the article: Do all user agents actually provide this information
in request headers? Is there a way to shut it off?

~~~
DougWebb
As a web application developer, one idea that comes to mind is that, if I were
writing an app that supports offline usage, I'd probably want to be aware of a
low battery situation so that I can save my state and warn the user that the
app needs to shut down to avoid data loss. I might also switch from online
mode to offline mode, again letting the user know (and letting them override
the choice, maybe.)

I can't see any reason to make use of the battery status server-side. But,
there's also no way to prevent the information from being sent, once you make
it available to javascript code on the device. If the standard api didn't send
it, then you'd just see ad-hoc apis gathering the data locally and sending it.

~~~
DashRattlesnake
However, I don't think the battery state needs to be as granular as it is to
support those use-cases. A simple boolean hasLowBattery or a much coarser
0%-25%-50%-75%-100% enumeration seems like it would have been sufficient.

~~~
zaroth
If anything, I would propose the mode should be a user-controlled bit called
simply: "LOW"

Maybe I request low mode because...

    
    
      I hope you serve me less crappy ads
      I haven't bought a new phone in 3 years
      I am running other apps which need more CPU
      I find too much interactivity distracting or confusing
      I just want to read black text on a white background
      I hate your website, but need to visit it for some reason anyway
      ...
      I have full battery, but I need to conserve it
      I have low battery
    

EDIT: Fuck, I just realized, this already exists, and it's called NOSCRIPT.
Wait, we could call this LOWSCRIPT!

~~~
vmateixeira
So much truth in here... this proposal would be very welcome!

------
milliams
Surely the answer here is for the browser to not give such fine-grained
information. For example always give the charge level to the nearest 10
percent and the battery life to the nearest 10 seconds.

~~~
dkx
Or just Green (high), Amber (medium) and Red (low). There's no need for more
granularity than that.

~~~
josho
Or take the iOS approach. The phone is either in a low power mode or not.

The benefit is that the user doesn't need an additional setting for each
potential web app to set the threshold for a low power mode, it's all done
once at the OS level.

------
guelo
Because web developers have this dream of replacing native apps, the industry
has been busy removing piece by piece the sandbox that browser apps live in.
They want to have all the power and features of native apps except one: app
store review and approval. But if you have all the power of native without any
moderation, plus the wild west of user-hostile ad-networks... actually i don't
know where it leads but it's not good.

~~~
brlewis
I have that dream but didn't ask for the sandbox to be removed. Having users
approve use of location data is quite fine by me, and clearly superior to the
way it works with native Android apps, where the user has to approve a bunch
of permissions at install time, not knowing for sure which ones are actually
necessary.

------
brlewis
Wow, I'm surprised how much info is available in desktop chrome. Events get
fired when I unplug my laptop and plug it back in:
[https://www.audero.it/demo/battery-status-api-
demo.html](https://www.audero.it/demo/battery-status-api-demo.html)

I searched Chrome settings for "battery" and found nothing. I did find this
article with instructions for turning it off in Firefox:
[https://www.hackread.com/smartphone-laptop-battery-
invading-...](https://www.hackread.com/smartphone-laptop-battery-invading-
privacy/)

I'm not opposed to the concept of a battery API, but as others have commented,
it would be just as useful with a lot less granularity.

~~~
battre
Chrome has fixed the granularity a long time ago
[https://chromium.googlesource.com/chromium/src/+/637776d1183...](https://chromium.googlesource.com/chromium/src/+/637776d1183dd286f040349341e1881023851ef9)
and I guess most other browsers have fixed it as well.

~~~
brlewis
They've closed the window but left the door open. See the link I posted. When
the page knows "Battery will be discharged in 18365 seconds" it doesn't matter
that the battery percentage is only two digits.

------
erdevs
Mobile device fingerprinting has been a big deal for a long time. Multiple
startups have been created to do it and some have been acquired. And many
adtech companies incorporate this functionality.

I hope some day soon your mobile OS let's you choose to restrict the device
information available to sites and apps. It really ought to be a user's choice
whether to make the tradeoff between providing more info in exchange for
supposedly better functionality or not.

------
etatoby
about:config, dom.battery.enabled = false

Plus ad blocking and "social button" blocking, as a preventive measure for
this kind of issue.

The Web is the new Wild West.

~~~
yAnonymous
You are now one of 10 people with that flag disabled. Not sure that makes you
less trackable.

~~~
denzil_correa
This has always been an interesting question. What is anonymity (less trace-
ability) - hiding in the crowd or uniqueness?

~~~
softawre
What is the argument for uniqueness?

~~~
denzil_correa
Example - Satoshi Nakamoto of Bitcoin fame

~~~
mikeash
Not really anonymous. People have a pretty good idea of which bitcoins are
his. He just never does anything with them, so that knowledge doesn't serve
much of a purpose.

It would be sort of like setting your browser's user-agent to a unique
identifier that you never change, but then never actually using the browser
for anything. It's not the unique ID that hides you, it's the fact that you
never use it.

------
gbl08ma
As someone building a cross-platform battery monitor that depends on APIs like
this being available, I think the best solution would be to treat battery
status like the location information, where the user is asked on a case-by-
case basis whether to provide the information.

You might argue that this sort of stuff should only be available to native
applications, that browsers should not attempt to replace native apps or even
recreate an OS within themselves (something Chrome is often criticized for).
The thing is, my battery monitor has native apps and yet users have been
asking for web-based clients, be it browser extensions or plain web pages. And
with some platforms loading a website or installing an extension has much less
friction than installing a native app.

Sure, extensions can have access to a lot of stuff webpages don't have. But I
would rather use standardized APIs that work across all browsers and are well
documented in more than one website, than have to rewrite my extension for
each browser and not have it work on plain old pages.

If the battery API was made to work like the location one I think everyone
would be happy - users are informed and in control, developers can still offer
features based on it, and it raises red flags when it needs to ("why is this
advert asking about my battery status?").

------
aaronbrager
Worth noting that Safari on iOS doesn't support this API.

~~~
kalleboo
I guess sometimes I'm happy using "the IE6 of 2016"

------
aftbit
How do I disable this in Chromium? I feel like I ask this question at least
once a month, by the way. Last time, it was for WebRTC information leakage...

------
y0ghur7_xxx
why is this even available to websites?

    
    
        navigator.getBattery().then(function(a) {console.log(a);})
    

[https://developer.mozilla.org/en/docs/Web/API/Battery_Status...](https://developer.mozilla.org/en/docs/Web/API/Battery_Status_API)

~~~
axlee
To be able to load a less resource intensive version (i.e. disable animations,
reduce refresh rate, remove canvas elements etc...) of a website if the
battery is low.

~~~
Globz
Yea ok...but who does that really ? lets face it, this is just some extra
signals so they can track you more easily. I know it was never intended to be
used as tracking information but the least they could do is be less precise
about your battery percentage.

~~~
TeMPOraL
This is ridiculous IMO. Instead of providing false (or "less precise") data
let's not provide that data in the first place.

My guess is this is just another part of the attempt to move desktop features
to the web browsers so that people don't have to write actual applications.
Personally, I don't like this trend.

~~~
braythwayt
As I noted elsewhere, it’s about more than “so that people don’t have to write
actual applications” (although I grant you that you have identified a real
thing).

For the ideologically inclined, it’s also about disintermediating the
relationship between users and developers. Web sites don’t need an app store.

------
mkagenius
Uber had done some data science on battery levels too:
[http://www.huffingtonpost.in/entry/uber-surge-pricing-
batter...](http://www.huffingtonpost.in/entry/uber-surge-pricing-battery-
life_us_573f2057e4b0613b512a0130)

------
tjpaudio
These types of articles are silly in that they leave out the context that
nearly every variable that is pseudo-unique to you is already being used and
that this is a common practice known as fingerprinting that has been done
since forever. Headline: "New variable x can be used to track you". Well, yea.
Add that to the size your browser window is, what plugins you have installed,
your IP address, and many more ways a website can use to surmise a
relationship between two disjoint events.

------
Cpoll
It's just another data point to add to a long list for fingerprinting.

See: [https://panopticlick.eff.org/](https://panopticlick.eff.org/)

~~~
barefootcoder
I was about to post the same link in another response, but then I saw you'd
already posted it. It's quite scary, really.

Here's my result:

Your browser fingerprint appears to be unique among the 119,205 tested so far.

Privacy is great...

------
dolzenko
Every time these new user tracking hacks come up (like the one based on Audio
API etc.) I wonder why in the world this is not handled in a manner similar to
Android where it prompts you to give permissions to the any specific API its
going to use.

------
wtbob
Not mine, since I have JavaScript turned off (how do you know I have
JavaScript turned off? Don't worry, I'll let you know every time there's a
browser exploit or privacy hole due to JavaScript — so at least thrice
weekly).

------
amelius
Shouldn't things like this be illegal? I mean, you are not allowed to use TV
cameras anywhere, unless strict rules are obeyed (closed circuit, etc).

Why should we allow companies recording other features that can identify us?

~~~
mdrzn
But this is more like saying "I'm walking in a shop, the shop shouldn't record
what tipe of shirt I'm wearing". It's not something hidden if the phone is
giving the info out. The only thing we could do is stop the phone from sending
the information in the first place.

~~~
amelius
But your shirt is also radiating information :)

(btw, I don't think this should be a technical debate)

------
cimnine
This, and certain other capabilities, should be guarded like access to
location data: Available upon user agreement only and just on secure
connections (i.e. TLS).

------
frgewut
Such abuse of technology was the main target of the "EU cookie law", not the
use of session cookies that all sites are warning about now.

------
amga_
Bullshit..

