In 2015, a battery status API was introduced to HTML5 and had already been packaged in Firefox, Opera and Chrome by the end that year. Security researchers were concerned with the potential privacy invasion the API could lead to, but their warning went without raising many eyebrows. A year later, though, an in-depth analysis has proven the battery tracking API can do just that – aggressively track users.
The API was released with the aim of helping websites know when to display a ‘low-power-mode’ version of the site or web-app and then disable unnecessary features that drain the most battery. The World Wide Web Consortium (W3C), the organization that oversees the development of the web’s standards, introduced the API in 2012 – but it wasn’t until finalized until 2015.
When the W3C initially introduced the HTML5 specification, there were immediate concerns as to the possible blow-back it could have. Since it would allow sites to grab visitor’s battery data without the user’s explicit permission, Lukasz Olejnik published a paper on how much of an invasion this could be.
The W3C responded by saying “the information disclosed has minimal impact on privacy or fingerprinting, and therefore is exposed without permission grants.”