With all the talk about various devices being able to track you for different purposes – the hottest privacy-related topic in town concerns Windows 10 at the moment – you’ll may still be surprised to learn of one other unexpected way websites can track visitors: Smartphone battery life.
DON’T MISS: Windows 10 is spying on almost everything you do – here’s how to opt out
Many smartphone users complain about their phone’s battery life, but it turns out that websites can also identify a user by looking at battery levels on a phone, The Guardian reports. That’s all perfectly legal and it’s supposed to happen in the background, without the user giving a site explicit access to the information.
The method isn’t necessarily as dangerous as it sounds, as certain conditions have to be met for a user to be tracked across sites, but it would still allow a third party to identify a smartphone user using battery life parameters.
What happens is that the battery status API is accessible to websites or web-apps. When battery life is low, the site can switch to a low-power mode by disabling certain power-draining features. But the sites also receive specific information about a smartphone’s battery, including how much charge is left (in seconds), and the remaining battery capacity expressed as a percentage.
According to researchers from four French and Belgian security researchers, this information can be used to track a person across sites.
There is a problem with the method though: The values only update around every 30 seconds, which means that the individual can be tracked for just around half a minute before parameters change.
This out-of-the-box way of tracking smartphone users may allow services to find correlations between the browsing habits of a person who uses VPNs and private browsing modes simultaneously with regular browsing modes on their smartphones, and even to track users who try to manually remove cookies to cover their tracks.
Finally, on some platforms, users can also determine the maximum battery capacity of the device with enough queries, and thus create a semi-permanent metric to compare devices.