Idea for low-powered HTML adjustments abandoned after security implications explored
Apple and Mozilla are leading the charge away from a W3C standard, because it’s too much of a privacy risk.
The Register reported the battery-snitching capability in August 2015.
The W3C’s idea was that if HTML included properties to look at the state of user’s batteries, it could de-cruft the Web pages it served if your phone was on the last 20 per cent of charge.
However, the 2015 paper (PDF) published at the International Association for Cryptologic Research (IACR) highlighted the privacy implications of battery-snitching.
The paper pointed out that the Battery Status API provided an effective way to fingerprint users.
A paper (PDF) presented at late October’s Association of Computing Machinery’s Conference on Computer and Communications Security conference bore that out, with the authors demonstrating that simple scripts can exploit the API.
One of the authors of the 2015 IACR paper, Lukasz Olejnik (whose work includes highlighting the serious privacy risks posed by the Bluetooth Web API) has now blogged that the Battery Status API is being pulled from Firefox.
The change will be effective as of Firefox 52.
It might not stop there.
As Olejnik also notes, it looks like it will be removed from WebKit as well – even before it was fully-implemented in Safari. ®
Sponsored: Customer Identity and Access Management