Security

Apple, Mozilla kill API to deplete W3C battery-snitching standard

Idea for low-powered HTML adjustments abandoned after security implications explored

By Richard Chirgwin

21 SHARE

Apple and Mozilla are leading the charge away from a W3C standard, because it's too much of a privacy risk.

The Register reported the battery-snitching capability in August 2015.

The W3C's idea was that if HTML included properties to look at the state of user's batteries, it could de-cruft the Web pages it served if your phone was on the last 20 per cent of charge.

However, the 2015 paper (PDF) published at the International Association for Cryptologic Research (IACR) highlighted the privacy implications of battery-snitching. The paper pointed out that the Battery Status API provided an effective way to fingerprint users.

A paper (PDF) presented at late October's Association of Computing Machinery's Conference on Computer and Communications Security conference bore that out, with the authors demonstrating that simple scripts can exploit the API.

One of the authors of the 2015 IACR paper, Lukasz Olejnik (whose work includes highlighting the serious privacy risks posed by the Bluetooth Web API) has now blogged that the Battery Status API is being pulled from Firefox.

The change will be effective as of Firefox 52.

It might not stop there. As Olejnik also notes, it looks like it will be removed from WebKit as well – even before it was fully-implemented in Safari. ®

Sign up to our NewsletterGet IT in your inbox daily

21 Comments

More from The Register

Google leaps on the platform formerly known as Firefox with $22m splurge for KaiOS

The great feature phone revival rolls on

Go away, kid, you bother me: Apple, Google, Microsoft, Mozilla kick W3C nerds to the curb

Web standards body dressed down in spec spat

Chrome, Firefox pull very unstylish Stylish invasive browser plugin

Add-on made sites look pretty while getting away with ugly data slurpage

Get the FTP outta here, says Firefox

Apparently someone still uses src to suck content into web pages from FTP servers

Another W3C API exposing users to browser snitching

Web Payments API bugs, or perhaps features, can be abused: Lukasz Olejnik

Firefox to feature sponsored content as of next week

Mozilla thinks you won’t mind analytical action on the client

Mozilla wants to seduce BOFHs with button-down Firefox

Control. Control. Control

Unsanitary Firefox gets fix for critical HTML-handling hijack flaw

Versions 56 through 58 need patching, pronto

The Quantum of Firefox: Why is this one unlike any other Firefox?

Interview 57: Mozilla's big bid for relevance

Firefox hooks up with HaveIBeenPwned for account pwnage probe

For now, let's ponder browser version 61 adding code that lets extensions close tabs