Comments (10)
There is now a paper out on this, The leaking battery: A privacy analysis of the HTML5 Battery Status API. Glancing over their research it seems the changes are not “happening all the time” as @mhuisman remarks, but rather about once every 30 seconds. While still short, it is long enough to track someone going from one site to the next.
from fingerprintjs.
just for your info. I implemented this and this in my opinion can only be used server-side to distinguish devices with the same fingerprint under certain circumstances. So my suggestion would be to split the fingerprint in two parts - a more or less stable one and a highly dynamic one containing the battery fingerprint.
from fingerprintjs.
Excellent idea, thanks
from fingerprintjs.
I looked into this and it seems like the constantly-changing nature of the properties would imperil our ability to generate a consistent fingerprint.
same issue as browser plugin update up-revs, but happening all the time instead of infrequently.
from fingerprintjs.
Hey @Zegnat,
My point was grounded in an attempt to try and distinguish between fingerprint features that should be static or unlikely to change with any great frequency - screen resolution/bit depth, operating system, installed fonts, etc and those fingerprint features that seem likely to change with greater frequency - plugin list, battery life, etc.
One of the nice features of fpjs2 is that it allows the end user to select which features they choose to use. My interest - high fidelity, low mutation frequency device fingerprinting - leads me away from using the battery API.
That said, fpjs2 could well support it. I'm just not convinced of the utility of a fingerprint that changes every 30 seconds. Could you take a crack at convincing me? I am genuinely curious.
from fingerprintjs.
Oh, I fully agree with you and am not even going to try and convince you. I mostly thought to clarify its rate of change and link to the paper. Personally I don’t think battery status will turn into a viable datapoint for creating a fingerprint.
My interest - high fidelity, low mutation frequency device fingerprinting - leads me away from using the battery API.
Note that the paper agrees with you and focusses on figuring out the total capacity of the device’s battery. This is a somewhat more unique and slightly less-often-to-change data point especially for “old or used batteries with reduced capacities” and “may potentially serve as a tracking identifier”. (Quoting the paper I linked.)
The paper also mentions that it is a viable way for “reinstantiating identifiers”, which they call respawning. If a device has lost their tracking cookie, but you recognise the battery fingerprint, put it back in place. While this doesn’t work well as a fingerprint by itself it can be used to sustain super cookies.
from fingerprintjs.
Thanks for the reply, @Zegnat. I'll read the paper over lunch today. Definitely agree that total battery capacity is a potentially interesting low-mutation datapoint.
from fingerprintjs.
I would definitely recommend reading it, @mhuisman. It gives an interesting insight on how academics view security in browsers. The paper also stands in stark contrast to almost every newspaper article it has sparked. (E.g. The Guardian talked about how people are tracking you through your mobile battery, while the paper focussed on Firefox for Linux…)
from fingerprintjs.
I'd like this as an option, as I can see use cases where the battery API is stable enough to be useful.
from fingerprintjs.
I'm sorry for closing, but we'll be concentrating on stabilizing the library, not on adding new features in the foreseeable future. Closing as a non-feature.
from fingerprintjs.
Related Issues (20)
- Can you fingerprint out whose device it is regardless of browser in a mobile environment?
- Unstable 'canvas' entropy source when runs in a cross-origin iframe HOT 10
- FingerPrint VisitorId In Chrome And Edge IS SAME HOT 1
- Getting net::ERR_BLOCKED_BY_CLIENT with Adblocker extension HOT 1
- How to get the city, ip and other information in fingerprntjs v4, how to write the code HOT 1
- I'm not sure if FingerprintJS V4 excludes the component according to the code I wrote. HOT 2
- The identifier is the same on two different devices HOT 1
- iOS: Pro Version Fingerprint changes after device reset HOT 5
- tokenpocket webview crash HOT 1
- 有时候为什么会报这个错? HOT 2
- Empty Notification 4.2.0 HOT 1
- same visitor id on two different device in iphone 13 HOT 3
- GDPR compliance: Provide instructions on how to clear stored state of the pro version HOT 3
- Getting Uncaught (in promise) TypeError error in firefox HOT 3
- CORS errros when accessing openfpcdn.io from Firefox HOT 1
- An error will be reported in IE8/9/10 because they do not have navigator.vendor HOT 1
- Attested Fingerprint IDs: Ensuring Authenticity HOT 1
- `yarn build` doesn't work on Windows HOT 5
- Remove 'npm-monitoring' analytics. HOT 2
- deviceid changed in mac os HOT 5
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from fingerprintjs.