Mozilla cuts website access to Battery API in Firefox 52

Mozilla has made the decision to cut website access to the Battery Status API in Firefox 52 to improve user privacy while using the browser.

Battery Status API was introduced back in 2012 to allow sites, apps and extensions to retrieve information about the device's battery charge and discharge time, and batter level.

You can check out this test site to see this in action. Please note that the API is only supported in Firefox (prior to version 52), Chrome and several Chromium-based browsers such as Opera currently, but not in Edge, Internet Explorer or Safari.

Sites can access the information directly, there is no permission request that prevents them from doing so as per the Battery API specifications:

The API defined in this specification is used to determine the battery status of the hosting device. The information disclosed has minimal impact on privacy or fingerprinting, and therefore is exposed without permission grants. For example, authors cannot directly know if there is a battery or not in the hosting device.

firefox battery status api

The research paper "The leaking battery. A privacy analysis of the HTML5 Battery Status API" indicates however that the API can be abused for fingerprinting and thus online tracking (PDF version)

In short time intervals, Battery Status API can be used to reinstantiate tracking identifiers of users, similar to evercookies. Moreover, battery information can be used in cases where a user can go to great lenghts to clear her evercookies. In a corporate setting, where devices share similar characteristics and IP addresses, the battery information can be used to distinguish devices behind a NAT, of traditional tracking mechanisms do not work.



Firefox users can disable the Battery Status API in the browser by flipping the Boolean value of dom.battery.enabled to false on about:config (this is one of then many privacy and security preferences of Firefox covered here)

  1. Type about:config in the Firefox address bar.
  2. Confirm that you will be careful if the warning prompt appears.
  3. Search for dom.battery.enabled.
  4. Double-click the preference to set it to false.
Read also:  Mozilla postpones Firefox 49 release

Starting with Firefox 52, websites may no longer access the API so that it can no longer be used for tracking purposes. Mozilla will keep the API open to extensions and Firefox itself however.

The change affects desktop and Android versions of the Firefox web browser. This means that only Chrome and Chromium-based browsers may be tracked using the API.

It is rather interesting to note that Mozilla is not aware of a legitimate use case of the API on Internet sites. (via Sören Hentzschel)

Now Read: The ultimate Online Privacy Test Resource List

Summary
Article Name
Mozilla cuts website access to Battery API in Firefox 52
Description
Mozilla has made the decision to cut website access to the Battery Status API in Firefox 52 to improve user privacy while using the browser.
Author
Publisher
Ghacks Technology News
Logo

Please share this article

Facebooktwittergoogle_plusredditlinkedinmail



Responses to Mozilla cuts website access to Battery API in Firefox 52

  1. anon October 31, 2016 at 9:21 am #

    Nice move, Mozilla. Now remove Pocket add-on, WebRTC, Network Information API, Navigation Timing API, make WebGL as a click-to-play, trim referer by default and let IndexedDB be emptied with "Clear private data" dialog.

    • ivanabanana123 October 31, 2016 at 10:12 am #

      And lose 99% of your income. Good idea.

  2. Sören Hentzschel October 31, 2016 at 9:37 am #

    > Now remove Pocket add-on, WebRTC, Network Information API, Navigation Timing API, make WebGL as a click-to-play, trim referer by default […]

    WTF? Click-to-Play for using Google Maps? Remove WebRTC so that video chats are no longer possible without Flash? Trim referer by default and make website analytics a lot harder? Remove pocket only because you don't need it, but don't remove the features you like, right? Pocket is really easy to disable, so it can't hurt you. Crazy suggestions… Please Mozilla, don't do anything of these suggestions!

    • anon October 31, 2016 at 10:37 am #

      >Pocket
      Why Mozilla started including add-ons to the Firefox by default? Isn't it against their philosophy? Users should decide what extension to add.

      >website analytics
      Are you serious?

      >video chats
      Firefox is web browser, not Skype. Again, this should be handled by add-on that users can install.

      >Google Maps
      Google uses WebGL for their maps? lol It's like Facebook still uses Flash for videos. Funny.
      Enjoy your bloated slow browser full of security holes.

      • Parker Lewis October 31, 2016 at 11:18 am #

        1/ Weakening referrers by default would likely just push tracking companies to rely more on alternatives that are harder to get rid off. Firefox already gives very granular control over referrers, the only thing that could be improved is access to these controls. (TB's Privacy slider, will you ever reach Firefox ?)

        2/ Google Maps doesn't need WebGL; it uses it when available but works without. I agree that there should be an option to make WebGL and even Canvas click to play.

        3/ WebRTC requires user permission, it doesn't need to be removed. It needs to be improved privacy wise, and slowly, it is being improved. e.g. https://bugzilla.mozilla.org/show_bug.cgi?id=959893

        4/ Pocket I have no opinion since I never bothered evaluating its usefulness to Firefox, I just disable it.

        5/ IndexedDB should be deletable under "Offline data" and since it's permanent storage, I guess only when the time interval is set to "Everything" instead of X hours. Still, IndexedDB can store gigabytes of game assets, along with compiled asm.js code, and so far I've never seen it being used for tracking. So users may not want to delete IndexedDB along with regular cookies, cache and history...

  3. Parker Lewis October 31, 2016 at 11:46 am #

    Fun fact:

    Uber has noticed that people with low battery are much more likely to pay for "surge prices", which are normal prices increased by a multiplier, like x2 or x3. Surge prices occur when there's rain or an event or something that makes demand for vehicles too high for the amount of Uber drivers in the area.

    How long until Uber indulge in charging people with low battery higher than people with high battery ? :)

    • PantsHunts42 October 31, 2016 at 9:16 pm #

      I wonder if they also scrape and utilize info on OS/phone specs etc ,, like detecting combustible phones and charging an excess xD

  4. Graham October 31, 2016 at 12:22 pm #

    Meh. Laptops and cell phones have a battery icon, anyway.

    • Decent60 October 31, 2016 at 4:56 pm #

      That's missing the whole point and yet hitting it on the head to begin with: System that ran off of a battery had a battery icon anyways, thus there was no point in creating this API in the first place....except for tracking

  5. stupid November 2, 2016 at 7:19 am #

    Why does Firefox even have access to the battery status?

    • Parker Lewis November 2, 2016 at 1:14 pm #

      Firefox gives (gave) battery status because the Battery API is on the verge of becoming a web standard. Now it's back to "Candidate recommendation" status because of these privacy issues.

      So now the question is, who makes web standards exactly ? Whose interests are weighting the most over there ?

Leave a Reply