Ok, most of us are familiar with some ways companies use to track us; GPS coordinates, IP address, pedometers, cookies, position of the rear-faced camera in order to find the direction we’re headed are just some of the examples how we can be tracked every minute, every second of the day. But now, researchers found out that you can be tracked even with your battery status and percentage. Sounds impossible? It isn’t.
Since mobile devices are already taking over the world, site owners needed a tool which would help them in finding out your battery percentage in order to know when to show you a low-power version of sites. This isn’t problematic at all at the first glance since, basically, they want to make sure that your device doesn’t go off while visiting a certain site. Battery status API saw the light of day in HTML5 and is already built in Firefox, Chrome, and Opera. Browsers introduced the API around one year ago, but as soon as it was presented researchers stated that, although it’s primary use is finding out battery percentage in order to show you low-power site version, it can be used to track on users (or to spy on users, if that sounds better).
Basically, it combines your battery percentage and battery life in seconds in order to provide 14m (million) combination, a pseudo-unique identifier for each and every device. For instance, when you go to Rotten Tomatoes to find out score for some movie, and after visit IMDB via private browsing option so you can look for an actress/actor without your girlfriend/boyfriend seeing it (which pipes your IP through a secure VPN) it is very difficult to associate those two visits to the same device. But, since there are the same ads showed on both sites, you can be tracked via battery status we mentioned earlier, providing one in 14 million chance devices aren’t the same. So basically, ad providers are pretty sure that device was yours in both cases.
Steve Engelhard and Arvind Narayanan, two researchers from Princeton University proved that this happens in real world. They’ve run a specially modified browser and found out that battery data (through two tracking scripts) is used in order to mark users (or better to say their devices), allowing the browsers to track you across multiple visits. So, basically, private browsing mode on mobile devices doesn’t mean a thing, you’ll be tracked one way or another, but at least your history won’t be saved so others can see it.