Baterry API and fingerprinting

Hi,

An interesting paper on how a seemingly innocuous API (battery level 
reading) ends up providing exploitable fingerprinting surface:
   A privacy analysis of the HTML5 Battery Status API
   http://eprint.iacr.org/2015/616.pdf

Some of the risks highlighted are specific to an implementation 
(providing arguably too detailed information), some are probably more 
generic to any API that bridges with hardware. It might be interesting 
to look if the self-review questionnaire would have helped mitigating 
these risks at the spec level.

Dom

Received on Wednesday, 8 July 2015 18:11:19 UTC