One Article Review
| Source |  Graham Cluley |
|---|---|
| Identifiant | 5177 |
| Date de publication | 2016-08-02 07:55:29 (vue: 2016-08-02 07:55:29) |
| Titre | Advertisers could be tracking you via your battery status |
| Texte | A legitimate reason to poll your battery's status is to stop intensive operations from executing if you're running low on juice.But it's also open to exploitation by those who want to track your online activity, writes Lukasz Olejnik:The information provided by the Battery Status API is not always changing fast. In other words, they are static for a period of time; it may give rise to a short-lived identifier. At the same time, users sometimes clear standard web identifiers (such as cookies). But a web script could analyze identifiers provided by Battery Status API, which could then possibly even lead to recreation of other identifiers. A simple sketch follows.An example web script continuously monitors the status of identifiers and the information obtained from Battery API. At some point, the user clears (e.g.) all the identifying cookies. The monitoring web script suddenly sees a new user - with no cookie - so it sets new ones. But battery level analysis could provide hints that this new user is - in fact - not a new user, but the previously known one. The script's operator could then conclude and reason that those this is a single user, and resume with tracking. This is an example scenario of identifier recreation, also known as respawning.A recent study [PDF] reported that battery status is being monitored by some tracking scripts.It sounds like it would be a positive step if browsers stopped accessing such detailed information about our battery.Aside from tracking, there are other ways that battery information could be exploited.Uber, for instance, says that it knows customers are more likely to accept a much higher price to hire a cab when their battery is running low. |
| Envoyé | Oui |
| Condensat | about accept accessing activity advertisers all also always analysis analyze api are aside battery being browsers but cab changing clear clears conclude continuously cookie cookies could customers detailed even example executing exploitation exploited fact fast follows from give higher hints hire identifier identifiers identifying information instance intensive juice known knows lead legitimate level like likely lived low lukasz may monitored monitoring monitors more much new not obtained olejnik:the one ones online open operations operator other pdf period point poll positive possibly previously price provide provided reason recent recreation reported respawning resume rise running same says scenario script scripts sees sets short simple single sketch some sometimes sounds standard static status step stop stopped study such suddenly then those time time; track tracking uber user users want ways web when which who words would writes you your |
| Tags | Guideline |
| Stories | Uber |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.