Categories: Security

A Firefox Loophole Allowed Websites to Track Users

Until recently, Firefox allowed websites to track users through their device’s battery status. This includes smartphones, PCs, laptops, and tablets. The loophole allowed for users’ browser activity to be tracked. Thankfully, the loophole has since been disabled. Read on to find out more about how the feature allowed users to be tracked, and whether or not this feature is exclusive to Firefox.

Battery Status API

Firefox used this feature to allow websites to receive information about a user’s device. This information includes whether or not the item is charging, the battery percentage, and how much time (in seconds) the device has left before it needs to be charged. This feature was intended to provide websites with information on how they could make their sites battery-friendly. They could then adjust a website’s features to suit the battery level of a person’s device.

Last year, the Guardian reported that battery API had the ability to track users. For example, if you opened a website in Firefox, and then a website in Chrome under private browsing mode, the battery API would be able to associate the two pages as being on the same phone due to their battery status. Once the web pages are recognized as being from the same device, a website can then use battery API to identify someone and further enable cookie-tracking of online activities. Even if you clear cookie-tracking, the battery API can help websites to identify the device so that cookie-tracking can be re-enabled.

The Issue with Chrome and Opera

Firefox is not the only browser to use battery status API: Chrome and Opera also use this feature. Before Firefox removed the feature, they allowed users to easily disable it. Unfortunately, that doesn’t seem to be an option with Chrome or Opera. If you’re concerned about your online behavior being tracked through the battery status of your smartphone or PC, it might be best to avoid Chrome and Opera.

Currently, it’s unclear if Chrome or Opera will start allowing users to disable the feature, or if they’ll follow Firefox’s lead and remove it. Although Firefox has disabled this feature, you can still access it as a Firefox add-on. Chrome and Opera could, potentially, follow this move as well. However, considering Facebook and Google’s habit of excessively tracking users, it’s unlikely this will change any time soon.

PSafe Newsroom

The dfndr blog is an informative channel that presents exclusive content on security and privacy in the mobile and business world, with tips to keep users protected. Populated by a select group of expert reporters, the channel has a partnership with dfndr lab's security team. Together they bring you, first-notice news about attacks, scams, internet vulnerabilities, malware and everything affecting cybersecurity.