Mobile users may rely on their phones' battery indicators to know when it's time to find an electrical outlet, but some ad tech companies have come up with a different use for the indicators: Tracking visitors across sites.
That's according to Princeton University's Steven Englehardt and Arvind Narayanan, who recently wrote a paper examining online tracking by ad tech companies. The authors discuss a variety of privacy-related issues, including how companies can now incorporate details about visitors' remaining battery life into device fingerprints.
Companies can combine the percentage of remaining battery life with the number of seconds left in the battery to arrive at a "pseudo-unique identifier for each device," according to The Guardian, which first reported on the paper. The technique apparently only works when people visit more than one site in a short time frame.
Ad tech companies reportedly gained broader access to information about consumers' battery status with the recent rollout of HTML5 -- the current version of code used for Web content.
Battery charge is just one factor of many that companies use to compile device fingerprints. Others include information about devices' operating system, IP addresses, installed fonts and the like. Companies are able to use these fingerprints to track people even when they try to prevent tracking by deleting their cookies.
While no law or self-regulatory principle prevents companies from doing so, the self-regulatory group Network Advertising Initiative recently told its members to disclose their use of digital fingerprinting to consumers
The Internet standards group World Wide Web Consortium recently condemned digital fingerprinting as "a blatant violation of the human right to privacy."
The Princeton study comes around one year after privacy researcher Lukasz Olejnik warned in a paper, "The Leaking Battery," that information about battery status can be used for tracking.
"Battery information can be used in cases where a user can go to great lengths to clear her evercookies," he wrote. (Evercookies are tracking mechanisms that persist even when users try to delete cookies.) "In a corporate setting, where devices share similar characteristics and IP addresses, the battery information can be used to distinguish devices."
This week, Olejnik called attention to the Princeton research. "Expected or not, battery readout is actually being used by tracking scripts," he wrote.
He adds that companies can use information about battery life for purposes beyond online tracking and targeting. "When battery is running low, people might be prone to some -- otherwise different -- decisions," he writes, referencing a recent article about Uber. (Keith Chen, Uber's head of economic research, told NPR in May that people are more willing to pay higher fares for rides when their batteries are nearly drained -- but Chen also said the company doesn't take that information into account when setting prices.)
"Even most unlikely mechanisms bring unexpected consequences from privacy point of views," Olejnik writes. "That's why it is necessary to analyze new features, standards, designs, architectures -- and products with a privacy angle."
Now that the paper by Englehardt and Narayanan has come out, companies may not be able to draw on battery-life data much longer, according to Olejnik. He says some browser vendors are currently considering restricting access to data about users' batteries.