Slashdot Mirror

← Back to Stories (view on slashdot.org)

Firefox Disables Loophole that Allows Sites To Track Users Via Battery Status (theguardian.com)

Posted by msmash on from the fixing-things dept.

New submitter xogg writes: Battery Status API allows web sites to read the battery level of user's system. The API was found to bring privacy risks and abuse potential and a number of implementation bugs. Now with apparent no legitimate use cases, Mozilla is taking the unprecedented decision to vaporize a browser API due to privacy concerns. And apparently, WebKit, powering Apple's Safari follows. Is that the first time a browser reduces functionality following research reports warning of privacy risks?

4 of 104 comments (clear)

  1. Re:Reducing Functionality? by Anonymous Coward · · Score: 3, Informative

    A website could serve up fewer video intensive ads if it detected a low battery status

    Maybe...

    even pop up an alert window and offer to sell the user a new battery

    Don't want

    It could go ahead and save the user's status or input if it thought that the battery was about to die.

    I'll hit save before I put it to sleep, no worries.

    Honestly this is a tempest in a teapot. Couldn't it just be reduced to:
    Battery level low: True/False

    Heck let the user set what level it shows low as at well.

  2. Reduce functionality for security by SeriousTube · · Score: 3, Informative

    It isn't the first time browsers reduced functionality for security. It used to be you could use a url such as http: //username:password@hostname/ but that was abused and eliminated from all major browsers. (space added after http so slashdot reformatter doesn't break comment).

  3. Re:We've gone too far by Anonymous Coward · · Score: 2, Informative

    Somebody should tell that to android phone manufacturers that put everything from model to build number in the user agent.

  4. Re:Not to worry... by Anonymous Coward · · Score: 3, Informative

    ... there will be far more egregious privacy-risking APIs in web browsers in the future....

    Indeed. I don't even want a site to know whether I'm on a "mobile" device. All I want is standards compliant HTTP, HTML, CSS, and JS. I don't want ANYTHING else in my browser - if I did want those things, I would put them there myself. The remote site should neither know nor care what system is implementing the standards-compliant browser I use. All the remote site really needs to know is that my user agent speaks HTTP. Nothing else, including OS/platform, user-agent, etc is any of its damn business.