SECURITY ALERT: YOUR PHONE BATTERY IS not your friend and could actually be used to trace your journeys through the internet and around the cyber streets.
Your phone battery is probably complaining about this association. Mobile phones have location services which do a pretty good job of tracking people, and users often enable GPS, which ... well you can probably work that one out.
But batteries? Batteries have always been our friends. We say: 'Cool it on the batteries, guys.' HTML5 is the real thing to point fingers at, along with APIs and the practice of security research.
A paper called The leaking battery: A privacy analysis of the HTML5 Battery Status API (PDF) proffers the power source privacy problem.
Written by Lukasz Olejnik, Gunes Acar, Claude Castelluccia and Claudia Diaz, the report suggests that users really ought to be given more information about the batteries that come in their devices, explaining that the problems that they found are of concern.
These problems include the battery status APIs found in Firefox, Opera and Chrome software and the relaying of information to web pages. Taken as a package these things represent the painting of a virtual target on your virtual backside and the insertion of a tracker up your wazoo.
The problem is worst felt on old phones, and thus old batteries, and it is battery capacity that is the privacy blabbermouth.
The research offers a study into the Battery Status API as found on incarnations of Firefox on GNU/Linux. The researchers warned that the "seemingly innocuous information" that the API produces could be used as a tracking identifier.
"The capacity of the battery, as well as its level, expose a fingerprintable surface that can be used to track web users in short time intervals," said the paper.
"Our analysis shows that the risk is much higher for old or used batteries with reduced capacities, as the battery capacity may potentially serve as a tracking identifier.
"The fingerprintable surface of the API could be drastically reduced without any loss in the API's functionality by reducing the precision of the readings."
The researchers have proposed the necessary "minor modifications" to the battery API to Mozilla and Firefox and said that a fix has been made and deployed.
The report added that the feature could expose users even when they deploy precautionary methods such as a VPN-protected connection.
This could enable profile matching - the comparison of available information to identify a handset and user - and the potential of exploitation by bad eggs. µ
What could possibly go wrong...
Committee clams firm failed to implement 'adequate security'
Meme Ban means Meme Ban
It's anonymous data at first but the NYT figured out how to make it personal