Apple, Mozilla kill API to deplete W3C battery-snitching standard

Idea for low-powered HTML adjustments abandoned after security implications explored

By Richard Chirgwin


Apple and Mozilla are leading the charge away from a W3C standard, because it's too much of a privacy risk.

The Register reported the battery-snitching capability in August 2015.

The W3C's idea was that if HTML included properties to look at the state of user's batteries, it could de-cruft the Web pages it served if your phone was on the last 20 per cent of charge.

However, the 2015 paper (PDF) published at the International Association for Cryptologic Research (IACR) highlighted the privacy implications of battery-snitching. The paper pointed out that the Battery Status API provided an effective way to fingerprint users.

A paper (PDF) presented at late October's Association of Computing Machinery's Conference on Computer and Communications Security conference bore that out, with the authors demonstrating that simple scripts can exploit the API.

One of the authors of the 2015 IACR paper, Lukasz Olejnik (whose work includes highlighting the serious privacy risks posed by the Bluetooth Web API) has now blogged that the Battery Status API is being pulled from Firefox.

The change will be effective as of Firefox 52.

It might not stop there. As Olejnik also notes, it looks like it will be removed from WebKit as well – even before it was fully-implemented in Safari. ®

Sign up to our NewsletterGet IT in your inbox daily


More from The Register

Google leaps on the platform formerly known as Firefox with $22m splurge for KaiOS

The great feature phone revival rolls on

Go away, kid, you bother me: Apple, Google, Microsoft, Mozilla kick W3C nerds to the curb

Web standards body dressed down in spec spat

Your RSS is grass: Mozilla euthanizes feed reader, Atom code in Firefox browser, claims it's old and unloved

The Live bookmarks, preview features, that is

Another W3C API exposing users to browser snitching

Web Payments API bugs, or perhaps features, can be abused: Lukasz Olejnik

Chrome, Firefox pull very unstylish Stylish invasive browser plugin

Add-on made sites look pretty while getting away with ugly data slurpage

Mozilla changes Firefox policy from ‘do not track’ to ‘will not track’

Browser will stop asking nicely for privacy protections

Get the FTP outta here, says Firefox

Apparently someone still uses src to suck content into web pages from FTP servers

Firefox to feature sponsored content as of next week

Mozilla thinks you won’t mind analytical action on the client

Have I been pwned, Firefox? OK, let's ask its Have I Been Pwned tool

Mozilla's Firefox Monitor makes a hash of email queries

Mozilla wants to seduce BOFHs with button-down Firefox

Control. Control. Control