At some point you need to have a level of trust which is viable for daily life.
If your device is locked, you need to authenticate to trust to said device.
Power starvation / observation attacks are passive attacks in a sense. They get their results by observing only.
In these types of attacks, you don't transfer any actual information, but guess something from observation.
There are more exotic attacks  which exploit the heat computers generate to exfiltrate data or time power starvation attacks.
There is always an endless stream of vulnerabilities for every piece of tech you use: software, OS, router, etc. This fact is not a good reason to embrace security nihilism, for consumer devices, routers, or servers. When any vulnerability is found, it should be remediated within reason (likelihood of exploitation, severity of exploit) and life should go on until the next one is found. That's one of the persistent costs of using technology.
School teachers able to determine which students have been using their phones in class by looking at battery charge before and after.
"Zero trust security model"
> The main concept behind zero trust is that devices should not be trusted by default, even if they are connected to a managed corporate network such as the corporate LAN and even if they were previously verified.
If that's correct then what's the actual real world problem here?
If they can predict which site you're on, they can also possibly detect an unsecured secure algorithm's state.
SSL or PGP had a similar "power starvation" attack: reducing the power to the power supply and watching power drainage allowed one to predict private keys.
The attack has been patched, then.
Summary is here , and paper is here .
iOS does a lot of thing during charging. Face recognition, backups, mail checks, software updates, another applications' background stuff.
It might as well interact with your home or car over BT (cars have wireless charging these days). There's a myriad of opportunities there.
Or just offer free wi-fi and watch people’s traffic.
And this ‘leak’ assumes a user has his phone on a charger while it is already full, there is no guarantee it works.
I initially thought this is easily fixable (for example, by always request full power), but then I realized it isn't, since the extra power would then have to be dissipated as heat, which is a bad cellphone UX as well.
> When you think about how a digital product or website creates an environmental impact, you can think of it creating it in three main ways - through the Packets of data it sends to users, the Platform the product runs on, and the Process used to make the product itself.
From https://sustainableux.com/talks/2018/how-to-build-a-planet-f... :
> SustainableUX: design vs. climate change. Online, Worldwide, Free. The online event for UX, front-end, and product people who want to make a positive impact—on climate-change, social equality, and inclusion
If you want to try it, a power meter is a good thing to have anyhow, or someone could lend you one. Plug it in and load different websites a few times, then look how many joules you used. Not every site can be told apart with a limited measurement like this, especially on the lighter end of the spectrum, but if you want to know if Tor Browser mitigates this then you can confirm it this way.
Also, wasn't there some kind of WebRTC which allowed a remote website to get battery readings?
I imagine sitting in an airport, charging my phone and using the free WiFi. I see a friend showing their new Nikes on Instagram, then start browsing the Nike website myself. After a few minutes I look up and see the information screen opposite me showing an advert, "20% off Nike today".