Your battery status is being used to track you online

20 replies [Last post]
Legimet
Offline
Joined: 12/10/2013

https://www.theguardian.com/technology/2016/aug/02/battery-status-indicators-tracking-online

To disable the HTML5 battery status API in Firefox/Abrowser/IceCat, change dom.battery.enabled to false.

hack and hack
Offline
Joined: 04/02/2015

Um, Since there are so many things to disable, the question I'm asking myself not-so-sarcastically is: what's to leave enabled?

Like, the minimum functional stuff?
Of course, there's still the problem of having too much of a specific footprint and thus standing out.

SuperTramp83

I am a translator!

Offline
Joined: 10/31/2014

> Um, Since there are so many things to disable, the question I'm asking myself not-so-sarcastically is: what's to leave enabled?

A lot. The list is huge. In the attachment my prefs.js to give you the idea. I purged the irrelevant lines. There is an addon to disable the main crap though -> https://addons.mozilla.org/en-US/firefox/addon/privacy-settings/

AttachmentSize
prefs.js_.tar.bz2 2.14 KB
root_vegetable
Offline
Joined: 10/27/2015

Bad Firefox :-(
Use Lynx! :-)
But on a more serious note, this was warned of many months ago by security researchers. Unfortunately people don't understand just how prevalent online tracking is and how sophisticated it has become. I think even the people who make up the standard probably aren't aware of how seemingly-harmless functions can be used maliciously. I think at this point we should just assume that any function that is able to provide a pseudo-unique method of identification will be used in this way. I don't think this is unique to Firefox at any rate.

Legimet
Offline
Joined: 12/10/2013

At least Firefox seems to round to the nearest tenth. Still, I would disable this API.

CalmStorm

I am a member!

Offline
Joined: 12/31/2014

Stunning, but privacy settings addon may be useful yes?

Stunning due to the sheer insanity of the amount of sophisticated yet nasty tracking methods...

onpon4
Offline
Joined: 05/30/2012

Frankly, Web browsers are too powerful. It's gotten to the point where they can basically function (and, in some cases, do function) like entire operating systems. Total madness.

Question: does this have any relevance if JavaScript is disabled?

root_vegetable
Offline
Joined: 10/27/2015

You couldn't disable JS on Firefox OS.
Otherwise it wouldn't work at all!
So probably no. Otherwise they are just a glorified PDF reader.

onpon4
Offline
Joined: 05/30/2012

I was talking about the battery status option, not Firefox OS... I wanted to know if JavaScript is needed to access this information.

SuperTramp83

I am a translator!

Offline
Joined: 10/31/2014

> Frankly, Web browsers are too powerful. It's gotten to the point where they can basically function (and, in some cases, do function) like entire operating systems. Total madness.

Could not agree more.

It requires js to work if I understand it correctly. In any case 95 % give or take and afaik of tracking techniques (not to mention remote exploits of the browser) **require** js to function.
Here, some info ->

https://developer.mozilla.org/en-US/Apps/Fundamentals/gather_and_modify_data/retrieving_battery_status_information

Mangy Dog

I am a member!

I am a translator!

Offline
Joined: 03/15/2015

SuperTramps addon works well meaning its quite easy to use
& set's about:config
dom.battery.enable user set false

coyote
Offline
Joined: 08/06/2016

Is this not already disabled in Icecat? I "duckduckgoed" it (duckduckwent?) and found this:
"Changes since v31.8.0-gnu2"
"- Disabled battery handling in dom"
Link: https://savannah.gnu.org/forum/forum.php?forum_id=8376

Mangy Dog

I am a member!

I am a translator!

Offline
Joined: 03/15/2015

coyote totally correct ;-) ... and is also in Abrowser

Seeing i install that addon & do xtra configs in about : config i had not noticed that it was by default disabled.
My first action usually is to emmediatly disable the WebRTC leaking DNS

https://trisquel.info/en/wiki/tweak-your-browser-enhance-security-and-privacy

hack and hack
Offline
Joined: 04/02/2015

In my Abrowser it was set to "true" by default.

calebhc
Offline
Joined: 10/12/2016

Yeah me too. :/ My browser version is 49.0.2.

SuperTramp83

I am a translator!

Offline
Joined: 10/31/2014

Icecat is by far the browser with the best "privacy settings" by default. If I remember correctly it even disables by default the weak ciphers like say rc4

You can easily test it by writing about:config in the address field and then "rc4"
All the entries should have the values set to "false".

No other browser does this by default..

Legimet
Offline
Joined: 12/10/2013

Mozilla removed the API from Firefox 52 (more precisely, only extensions can access it): https://www.theguardian.com/technology/2016/nov/01/firefox-disable-battery-status-api-tracking. Before that version comes out (or if you're using ESR), just set dom.battery.enabled to false.

Misty
Offline
Joined: 03/22/2016

In Tor it's set to false.

Fenderbassist
Offline
Joined: 03/24/2015

Thank you for all the information, made adjustments to about:config and installed Privacy Settings / Policy Control add-ons, much appreciated!

stas730 (not verified)
stas730

My battery is broken.

CalmStorm

I am a member!

Offline
Joined: 12/31/2014

I thought you were going to say something about destroying all nonfree software and taking over the world to make it libre...

;p