Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

The Bot That Cried Wolf: Battery tracking poses no real privacy threat

Evan Schuman | Aug. 12, 2015
IT's relationship with privacy is delicate. Corporate IT needs to take privacy fears very seriously, but if IT jumps and shouts at every tiny possible privacy invasion, we'll have the Bot That Cried Wolf. Put another way, the best way to weaken privacy protections is to embrace so many privacy problems that none have any significance.

boy who cried wolf barlow
Credit: Francis Barlow, 1687

IT's relationship with privacy is delicate. Corporate IT needs to take privacy fears very seriously, but if IT jumps and shouts at every tiny possible privacy invasion, we'll have the Bot That Cried Wolf. Put another way, the best way to weaken privacy protections is to embrace so many privacy problems that none have any significance.

Am I suggesting that manufactured privacy issues are obscuring real ones? Absolutely. For proof, one needs look no further than last week's battery brouhaha from a report that noted that websites can track people based on their batteries, skirting opt-in privacy rules that allow battery strength reports to be shared without site visitor permission. For those who bother to read the full report, its details do a wonderful job of establishing that if a site manager wants to invade someone's privacy, that manager could do far better than peeking at energy levels.

The researchers' argument is that battery levels -- both current power levels and battery capacity -- are being reported so precisely that it would function as a poor admin's cookie, albeit an unerasable cookie. The problem is that, in this situation, precision cuts both ways. A tracking system needs to have a static element, so that the user can be recognized the next time the user shows up, even anonymously. But given that battery levels change constantly, it will often not work. The researchers counter that this could be useful in a very short time frame. Possibly, but even so, it would sharply limit how valuable a tracking mechanism it is.

Also, this tactic does not consistently work, the researchers found, across all operating systems nor for all browsers. I tend to worry about privacy threats. On this one, I feel positively Zen-like.

How precise did those readings prove to be? In one instance, bizarrely precise. "In our exploratory survey of the Battery Status API implementations, we observed that the battery level reported by the Firefox browser on GNU/Linux was presented to Web scripts with double precision. An example battery level value observed in our study was 0:9301929625425652," the report said, adding that such ludicrous precision was not the norm: "We found that on Windows, Mac OS X and Android, the battery level reported by Firefox has just two significant digits." 

To be clear, there is almost no room here for extrapolating patterns and projecting where a particular user's numbers will be, for example, an hour from now. Is the user plugged into a wall outlet or a different source of consistent power? Will the user turn off Wi-Fi and shut down the machine -- or stream an hour of video?

 

1  2  3  Next Page 

Sign up for MIS Asia eNewsletters.