Webmasters are known to try to identify Internet users but are blocked by AdBlock or similar services. However, according to W3C, they can still track users using countermeasures from their battery charging data!
How come? A feature that added W3C to HTML5 allows websites to read the visitor's battery status.
According to security researchers at the International Association for Cryptologic Research, “all information exposed by the Battery Status API are available without users' permission or notification.”
The W3C's brilliant idea was that if a server could access a user's battery status, it could serve a lighter version of the page for someone with low battery levels, so tracking would provide an "improved web experience" . ”
This API is only applicable to Firefox, Chrome, Opera at this time as Internet Explorer and Safari browsers do not support it.
Battery properties exposed by web pages include the fields chargingTime and dischargingTime by calling the navigator.getBattery() method with JavaScript.
Researchers report that they have already detected about 14 million possible combinations of API battery properties: 40.000 probable discharge times and 90 possible battery charging states.
“Note that although this method utilizes battery data as an identifier connections could only work for short periods of time, it can be used against users who can only delete their cookies.”
Sounds like the W3C could do with a lengthy consultation with the IETF, which last year ruled that "diffuse surveillance is considered an attack."
