The API was implemented in Firefox, Safari, Chrome but it returned too precise data, so by reading battery status on two different pages and seeing the same very precise value, it was like having a tracking cookie.
Firefox and Safari decided to pull the API altogether.
An obvious fix while keeping the API would be to make the data less precise, i.e. round to nearest 10% or so. Still there's potential to abuse, and around the time there were news from Uber study that people with low battery could pay more for taxi, which was the nail to the coffin.
Since then, there was quite a change in how new web APIs are shipped, they all come through privacy design review.
Which went a bit ridiculous into the other extreme, like detecting if user uses dark mode reveals a whole one bit of information (darkmode = true | false) so it's not sent automatically, you need to ask for this info via a specific header, which means you can't know that on the first visit of the user on the website (and not on the first visit in incognito mode), only on subsequent visits. Duh.
Chromium still supports the Battery API, with some rounding implemented.
Note: Google's goal is to basically have all kinds of native APIs available on the web, to make the web rival with native apps, so they are very unlikely to remove things from the web in Chromium.
> news from Uber study that people with low battery could pay more for taxi, which was the nail to the coffin.
Yet people still claim "I have nothing to hide" when it comes to concerns about privacy. When your battery level can be weaponised against you by multi-billion dollar companies, everything can be.
People still would have to agree to the price. If it is too high they will not accept. By having more information Uber would be able to make better offers. Hiding information for financial gain, getting a better deal, is fraud.
Wild. Uber isn’t telling people that their battery level impacts the price. So aren’t they the ones hiding information?
Also a better offer for who? Uber obviously.
This is a level of corporate apologism I can’t understand. If Uber is the only one to gain by using this information (and they are), this is purely a negative for consumers. Not sure why anyone would defend this practice and hand waving that people still have to accept the price is absurd.
If Uber put up a line item on your transaction that said “Low battery fee” then fine. They’re not. They didn’t want people to know.
>Uber isn’t telling people that their battery level impacts the price. So aren’t they the ones hiding information?
I would support them disclosing it, but the circumstances are not the same as one party is submitting information for a quote and another party is providing the quote. In this exchange, fraud on uber's side would be lying about what the quote is.
>this is purely a negative for consumers
That doesn't mean it is right. Shoplifting being illegal is pure a negative for consumers too.
No, fraud would be if Uber asked for your battery level to determine price and you (or your browser perhaps) lied. Not wanting someone selling you something to know you are desperate -- in this case because your battery is about to die -- is just a rational decision to avoid them taking advantage of your situation. There's a difference between not showing your cards and lying about the cards you are holding.
> "People still would have to agree to the price. If it is too high they will not accept"
Such bullshit. If I have to go somewhere and my battery is about to die, I don't really have much of a choice.
> "Hiding information for financial gain, getting a better deal, is fraud."
Doesn't this goes both ways? "Hiding information" is precisely what Uber is doing, when they don't transparently disclose 100% of the information used to determine price with a customer.
And no, not disclosing whether I have good battery percentage or not is not "hiding information", except in the most uncharitable interpretation possible. Uber doesn't have the right to know everything about me just because they're potentially providing a service.
You can walk, bike, find somewhere to charge your phone, call a friend, use another ride sharing app, use a car you own, etc.
>Doesn't this goes both ways?
I do not believe hiding the algolithm to arrive at a price is fraud. Most business are not transparent why the things they sell cost what they do. It is up to buyers to evaluate whether they value the good or service more than the money they
have.
>Uber doesn't have the right to know everything about me just because they're potentially providing a service.
I agree, but when submitting information to them shouldn't be tampered with to get a better deal. There is a difference between just using a privacy feature that always reports your battery to be 100%, and using that feature to deliberately get a better deal from Uber. Not providing information is fine, but the intent behind not giving away the information should not be to get a better deal.
> "You can walk, bike, find somewhere to charge your phone, call a friend, use another ride sharing app, use a car you own, etc"
"Another ride sharing app" without battery? If you're without battery this is the exact point where you won't be doing price comparison. This is malicious as fuck.
The rest of those are not available during emergencies where people are far away, without transportation and with low battery. If Uber is really doing it, it clearly is doing that to force people to pay more during those kinds of emergencies, and if they're doing it is because they have data on it.
> "I do not believe hiding the algolithm to arrive at a price is fraud."
I never said anything about an algorithm, I said about collecting data. If Uber is not being transparent about the data it collects during the process of calling a ride, it is spying on me. Period.
"I agree, but when submitting information to them shouldn't be tampered with to get a better deal."
Who is "submitting information"? Uber spying on a customer is not "submitting information.
How long until computer people understand that the existence of an API is not a permission for billion-dollar companies to spy on users and use that to fuck customers?
"If someone is in an emergency and have no other option then they will likely value getting an Uber more and would be willing to pay for one."
You just repeated what I said.
"The app."
If an app is the one submitting information without knowledge and consent of the user, then there's no fraud from the user part. But there might be illegal behavior from the app maker's part in some jurisdictions.
Only if that restaurant tells you that they will charge you based off how hungry you are and you know that if you refuse to answer you will get a better deal than if you answered.
For what it’s worth, there is no indication Uber has ever used battery information for pricing, and they seem to agree with all reasonable people that it would be wrong for them to do so.
Having an opinion that is not the mainstream opinion does not make me a contrarian. For the past few years I would say that my opinions have been the same and have not changed to be the opposite of what is popular. I am not a clown or joker either. I do not make jokes on this website.
It depends on the reason why someone has the opinion. A contrarian takes an opinion because it is the opposite of the mainstream. It is describing the reasoning of taking an opinion and not about the opinion itself being contrary to the mainstream.
For example. Person A is selling a car that is severely cosmetically damaged. To get a better deal they hide the appearance of the car for privacy reasons. When the buyer finally gets the car they realize that they overpayed because they didn't know how bad it was.
This to me would be a case of fraud. Whether commiting fraud like this is illegal is a legal question.
If you want another example with the buyer withholding information then imagine a place where kids 5 or under get a discount. Someone brings their child who is 6, but is small for their age. An employee applies the discount thinking the child is 5 and the parent says nothing. Revealing someone's age is a privacy issue they may think to themselves.
I just don't understand what legitimate use a web page has for knowing the device battery level. This feels very much like information harvesting for the sake of information harvesting.
- Whatsapp mobile native app warns the user (and the other party of the call) when your battery level gets very low, to expect the end of the call. One could image similar webapps could do the same.
- Warn the user to save their data when the battery level is too low (or automatically save) etc.
(Of course, there's is 0.1% of webapps/websites who'd need this).
That would be a reasonable UX. But I suppose it goes against the frictionless, non-interactive approach.
I do agree that battery levels should not be available to fingerprint. And brave browser blocks the posted site from reading my battery level. So I'm not really sure how the research, which is also from brave, could co-exist with their browser implementation.
Let's say you are showing something performance intensive like a 3D model. If the user is known to be on battery / low battery, the user could be asked or that feature disabled to save on battery life, allowing the user to reenable it.
It comes down to the idea that web apps could behave more natively, yet most people are not trained to think of websites as hostile by default. I agree with you mostly.
> The benign uses of the API
were primarily from two third parties: YouTube, where the API was used in performance metrics for embedded videos, and Boomerang, a performance measurement library
Google of all companies has simulators (probably down to the cycle level on their own phones) and will know exactly how much processing power they're using. There's no reason for them to know the battery level for performance metrics. I fail to see it as benign, even if the stated reason is notionally benign.
Because analytic collection is often ridiculous. The YouTube video player should use the standard video player, but they want to shove all their nonsense on top of it
You fine with YT downloading all of an hours-long video on mobile and draining your data plan, even if you're paused after a few seconds? Or not being able to jump forward until whole MPEG is downloaded? That's what "standard" HTML video player does.
Also tap to move 10 sec forward is nice, isn't it?
Works as expected, the same way there are APIs for the device orientation, etc.
Eventually these get placed behind permissions if they become too much widely abused.
As explained in the standards:
"This can be used to adjust your app's resource usage to reduce battery drain when the battery is low, or to save changes before the battery runs out in order to prevent data loss".
Doesn't seem to work on Safari (desktop or mobile) - I just get the continuous blue animation. Chrome on macOS did report the correct battery level though.
Yes, I think the correct headline is "This page knows your battery charge level if you're using Chrome or most Chrome-based browsers". (I'm not sure if it works on all of them, although it does work on Arc.)
Yes, it says Shields are up for that page (the default until you say otherwise as far as I know). Fingerprint blocking is on. I disabled all cookies and it still works. I tried Safari and it is not working there. Pretty strange. v1.60.118
Somewhat disappointed in macOS for giving the information to Chrome. I'd figure that to be the kind of sensor you need a special entitlement to read (but it may well be tricky to enforce.)
That should probably come from the OS as a power management event ("low power mode: on") rather than the browser being able to read the battery state directly and making its own decisions, surely.
It was once implemented in Firefox too and then disabled outside internal pages. It's from an era of trying to standardize all the APIs needed for Firefox OS apps:
https://caniuse.com/battery-status
Since the entropy is coarse over the entire population you could debate the privacy implications (ex. Time zone is more specific and stable). Restricting it to only saved PWAs to match the privacy model of native apps seems reasonable though. Someone should propose the change to Chrome.
Time zone is also much less useful for fingerprinting because it's tightly correlated with other signals like IP location and language preference. If you already know that a user's IP is somewhere in California, the additional information that they're using the Pacific time zone adds little value.
(If a user's time zone doesn't agree with their geolocation, that's certainly a signal -- but it's going to be an uncommon one.)
I'd expect this to be pitched as a way for a site to figure out whether to try to save power, but this begs the question why not just add an API to get power saving mode state?
I thought it was going to do something really weird and clever like use some other available measurement or input as a proxy for battery level. Like measuring CPU performance over time or temperature changes or something.
So ... the default settings of most browsers? The way you phrased your sentence makes it seem as if users themselves set their browser up like that, when that is not the case.
Yup. The defaults and expectations for the commercial web are terrible. Since this is a technical forum I assume most of as aren't running our browsers that way.
I doubt most of us turn off javascript, and enable it on a case by case basis, regardless if it's a technical forum or not. I certainly don't. That would be a major inconvenience to do for very little benefit, imo.
"Most of us" probably not, but a lot of us. NoScript is one of the most popular Firefox extensions in nerd circles. Also makes a huge difference when browsing on old hardware or from a connection where data is pricey.
I used to (NoScript, then uMatrix for years), but it is a ton of work. Just blocking problem scripts with uBlock Origin gets you 95% of and way there. The last 5% is a lot of extra effort for seriously diminishing returns.
After nearly a decade of using NoScript I have developed an intuitive sense of what domains to temp whitelist, and in what orders, to get things working without letting third party scripts get involved. It you stick with it it gets much easier.
I do use uBlock Origin too with NoScript, but that's only for handling the JS of domains NoScript temp whitelists.
While I admire your dedication to privacy by disabling JavaScript, personally I’ve gone crazy and given up due to all the people around me in my life forcing me to live in a privacy nightmare
The era of being able to reasonably disable javascript by default ended about 10 years ago, maybe 15 at this point.
If you're still disabling by default in 2023, you are a fraction of a percent of a fraction of a percent of people dedicated enough to go through that pain.
The API was implemented in Firefox, Safari, Chrome but it returned too precise data, so by reading battery status on two different pages and seeing the same very precise value, it was like having a tracking cookie.
Firefox and Safari decided to pull the API altogether.
An obvious fix while keeping the API would be to make the data less precise, i.e. round to nearest 10% or so. Still there's potential to abuse, and around the time there were news from Uber study that people with low battery could pay more for taxi, which was the nail to the coffin.
Since then, there was quite a change in how new web APIs are shipped, they all come through privacy design review.
Which went a bit ridiculous into the other extreme, like detecting if user uses dark mode reveals a whole one bit of information (darkmode = true | false) so it's not sent automatically, you need to ask for this info via a specific header, which means you can't know that on the first visit of the user on the website (and not on the first visit in incognito mode), only on subsequent visits. Duh.
Chromium still supports the Battery API, with some rounding implemented.
Note: Google's goal is to basically have all kinds of native APIs available on the web, to make the web rival with native apps, so they are very unlikely to remove things from the web in Chromium.