Your battery status may be used to track you online

This was a terrible idea from the start. In the best case scenario, what is supposed to happen? The sites I visit suddenly start being served as shells of their former selves in order to save the compute cost of rendering them? Web designers are supposed to figure out an entirely new design mode for the whole site to cater to visitors with low batteries?<p>Now back to the real world, where many sites I visit peg my desktop CPU trying to serve so many ads and so much tracking to squeeze every possible cent of profitability from my visit. If there&#x27;s a war against ad-blockers, did we think these sites would relent and say, oh, OK, I see you might be low on battery, I&#x27;ll serve just the content you want <i>this time</i>?!<p>No, this is a purely client-side concern, with plenty of purely client-side mitigation which can be put into place. That the protocol actually specified 14m degrees of granularity -- from what at the very least ought to have been a binary setting -- makes me wonder if the point wasn&#x27;t user tracking all along.<p>Missing from the article: Do all user agents actually provide this information in request headers? Is there a way to shut it off?

Surely the answer here is for the browser to not give such fine-grained information. For example always give the charge level to the nearest 10 percent and the battery life to the nearest 10 seconds.

Because web developers have this dream of replacing native apps, the industry has been busy removing piece by piece the sandbox that browser apps live in. They want to have all the power and features of native apps except one: app store review and approval. But if you have all the power of native without any moderation, plus the wild west of user-hostile ad-networks... actually i don&#x27;t know where it leads but it&#x27;s not good.

Wow, I&#x27;m surprised how much info is available in desktop chrome. Events get fired when I unplug my laptop and plug it back in: <a href="https:&#x2F;&#x2F;www.audero.it&#x2F;demo&#x2F;battery-status-api-demo.html" rel="nofollow">https:&#x2F;&#x2F;www.audero.it&#x2F;demo&#x2F;battery-status-api-demo.html</a><p>I searched Chrome settings for &quot;battery&quot; and found nothing. I did find this article with instructions for turning it off in Firefox: <a href="https:&#x2F;&#x2F;www.hackread.com&#x2F;smartphone-laptop-battery-invading-privacy&#x2F;" rel="nofollow">https:&#x2F;&#x2F;www.hackread.com&#x2F;smartphone-laptop-battery-invading-...</a><p>I&#x27;m not opposed to the concept of a battery API, but as others have commented, it would be just as useful with a lot less granularity.

Mobile device fingerprinting has been a big deal for a long time. Multiple startups have been created to do it and some have been acquired. And many adtech companies incorporate this functionality.<p>I hope some day soon your mobile OS let&#x27;s you choose to restrict the device information available to sites and apps. It really ought to be a user&#x27;s choice whether to make the tradeoff between providing more info in exchange for supposedly better functionality or not.

about:config, dom.battery.enabled = false<p>Plus ad blocking and &quot;social button&quot; blocking, as a preventive measure for this kind of issue.<p>The Web is the new Wild West.

As someone building a cross-platform battery monitor that depends on APIs like this being available, I think the best solution would be to treat battery status like the location information, where the user is asked on a case-by-case basis whether to provide the information.<p>You might argue that this sort of stuff should only be available to native applications, that browsers should not attempt to replace native apps or even recreate an OS within themselves (something Chrome is often criticized for). The thing is, my battery monitor has native apps and yet users have been asking for web-based clients, be it browser extensions or plain web pages. And with some platforms loading a website or installing an extension has much less friction than installing a native app.<p>Sure, extensions can have access to a lot of stuff webpages don&#x27;t have. But I would rather use standardized APIs that work across all browsers and are well documented in more than one website, than have to rewrite my extension for each browser and not have it work on plain old pages.<p>If the battery API was made to work like the location one I think everyone would be happy - users are informed and in control, developers can still offer features based on it, and it raises red flags when it needs to (&quot;why is this advert asking about my battery status?&quot;).

Worth noting that Safari on iOS doesn&#x27;t support this API.

How do I disable this in Chromium? I feel like I ask this question at least once a month, by the way. Last time, it was for WebRTC information leakage...

why is this even available to websites?<p><pre><code> navigator.getBattery().then(function(a) {console.log(a);}) </code></pre> <a href="https:&#x2F;&#x2F;developer.mozilla.org&#x2F;en&#x2F;docs&#x2F;Web&#x2F;API&#x2F;Battery_Status_API" rel="nofollow">https:&#x2F;&#x2F;developer.mozilla.org&#x2F;en&#x2F;docs&#x2F;Web&#x2F;API&#x2F;Battery_Status...</a>

Uber had done some data science on battery levels too: <a href="http:&#x2F;&#x2F;www.huffingtonpost.in&#x2F;entry&#x2F;uber-surge-pricing-battery-life_us_573f2057e4b0613b512a0130" rel="nofollow">http:&#x2F;&#x2F;www.huffingtonpost.in&#x2F;entry&#x2F;uber-surge-pricing-batter...</a>

These types of articles are silly in that they leave out the context that nearly every variable that is pseudo-unique to you is already being used and that this is a common practice known as fingerprinting that has been done since forever. Headline: &quot;New variable x can be used to track you&quot;. Well, yea. Add that to the size your browser window is, what plugins you have installed, your IP address, and many more ways a website can use to surmise a relationship between two disjoint events.

It&#x27;s just another data point to add to a long list for fingerprinting.<p>See: <a href="https:&#x2F;&#x2F;panopticlick.eff.org&#x2F;" rel="nofollow">https:&#x2F;&#x2F;panopticlick.eff.org&#x2F;</a>

Every time these new user tracking hacks come up (like the one based on Audio API etc.) I wonder why in the world this is not handled in a manner similar to Android where it prompts you to give permissions to the any specific API its going to use.

Not mine, since I have JavaScript turned off (how do you know I have JavaScript turned off? Don&#x27;t worry, I&#x27;ll let you know every time there&#x27;s a browser exploit or privacy hole due to JavaScript — so at least thrice weekly).

Shouldn&#x27;t things like this be illegal? I mean, you are not allowed to use TV cameras anywhere, unless strict rules are obeyed (closed circuit, etc).<p>Why should we allow companies recording other features that can identify us?

This, and certain other capabilities, should be guarded like access to location data: Available upon user agreement only and just on secure connections (i.e. TLS).

Such abuse of technology was the main target of the &quot;EU cookie law&quot;, not the use of session cookies that all sites are warning about now.

Bullshit..