Phone Dying? Prices Rising? Battery Status Tracking.

Ever have your phone or laptop about to die? Try to buy something at the last minute? Notice prices rise?

There may be a reason for that…sites on ordinary browsers can access your battery status and dynamically adjust prices based on it or otherwise use it to track you. Not just “can” track you. They are. Unless you’re using Epic.

https://blog.lukaszolejnik.com/battery-status-readout-as-a-privacy-risk/

Here’s what tracking scripts that have been found are doing according to investigators:

“One script, https://go.lynxbroker.de/eat heartbeat.js, retrieves the current charge level of the host device and combines it with several other identifying features. These features include the canvas fingerprint and the user’s local IP address retrieved with WebRTC as described in Section 6.1 and Section 6.3. The second script, http://js.ad-score.com/ score.min.js, queries all properties of the BatteryManager interface, retrieving the current charging status, the charge level, and the time remaining to discharge or recharge. As with the previous script, these features are combined with other identifying features used to fingerprint a device.”

http://randomwalker.info/publications/OpenWPM_1_million_site_tracking_measurement.pdf

Don’t worry…Epic blocks ALL of that.

We owe thanks to researcher Lukasz Olejnik who we believe was the first to discover this and make it public.  Excellent work!