Re: CfC: Battery Last Call from Mounir Lamouri on 2011-11-17 (public-device-status@w3.org from November 2011)

From: Mounir Lamouri <mounir@lamouri.fr>
Date: Thu, 17 Nov 2011 16:57:42 +0100
To: public-device-status@w3.org
Message-ID: <4EC52EF6.8000000@lamouri.fr>

On 11/16/2011 04:49 PM, Robin Berjon wrote:
> Hi all,
>
> this is a call for consensus to see if there are any objections to releasing the Battery Status API as a Last Call Working Draft. There seems to be consensus that the current design is the right one, and objections on some aspects have been withdrawn (to be re-examined in v2). What's more, an implementation of this draft has been committed to Firefox Aurora, and a patch is being worked on for WebKit.
>
> The draft can be read at:
>
>     http://dev.w3.org/2009/dap/system-info/battery-status.html
>
> Where CfCs are concerned, silence is considered to be assent, but positive support is preferred (even if simply with a +1).

Currently, there is only one problem I would like to be discussed: the 
leaking of information Battery Status API is creating.

There are two kind of information that are leaked:
  1. Insensitive information like current level of battery, whether the 
battery is charging or not and when the battery is going to be 
charged/discharged. There is only one way to use these information 
against the user: having a malicious website trying to drain your 
battery that would now know if it's worth trying. We can then consider 
this information as not sensitive because the website could just try to 
drain your battery every time and not care about you have or not a 
battery. I don't think we should care that much about this.
  2. A bit more sensitive information like whether the device has a 
battery or not. We do not expose clearly this information but you can 
get it by doing (battery.chargingTime == battery.dischargingTime) both 
will be Infinity if the device is battery-less. This information can't 
be used to attack the user but can help fingerprinting her/him: it's 
adding one bit of entropy (as far as I understand it). I believe this 
bit of entropy is not a big deal given that there are far more than one [1].
However, do we care about that? do we want to make it impossible for any 
consumer of Battery Status API to know if the device has a battery? If 
we don't, we should probably add an attribute that makes this more 
obvious like navigator.battery.hasBattery.

[1] https://panopticlick.eff.org/browser-uniqueness.pdf

--
Mounir

Received on Thursday, 17 November 2011 15:58:42 UTC