Pencil Banner

# The Bot That Cried Wolf: Battery tracking poses no real privacy threat

| Aug. 12, 2015
IT's relationship with privacy is delicate. Corporate IT needs to take privacy fears very seriously, but if IT jumps and shouts at every tiny possible privacy invasion, we'll have the Bot That Cried Wolf. Put another way, the best way to weaken privacy protections is to embrace so many privacy problems that none have any significance.

The report says, for example, "we can also assume that users seeing a near-drained battery generally connect their notebooks to AC power." First, having a phone or laptop battery that is nearly drained is not the same as having a user notice it. Who is to say what "nearly-drained" is? Just as different car drivers interpret an "almost-empty tank" differently -- I drive my wife crazy because I don't consider getting gas to be urgent until the empty tank light has been on for at least 10 miles, whereas she considers it mandatory at one-quarter full -- so do people react to low batteries differently.

Also, is the user perhaps in a crowded airport or in a car or somewhere else where plugging in is not practical?

But can it be used to identify site visitors in a very short time frame? The time frame suggested in the report was 30 seconds. How many site visitors do you guess your site has who visit, leave and then return 30 seconds later? How valuable is a technique that will positively identify only a small percentage of those visitors?

Shortness of time frame notwithstanding, will it work? Quite possibly. Here's the report's scenario (be forewarned: These guys love numbers): "In our test setting, the lowest indication of dischargeTime we observed was 355 (in seconds) and highest 40277 s. Assuming all the values spanning a range (355; 40277) are possible, this gives 39,922 numbers. Assuming users start to charge their devices when the battery level is 0:1, this leaves 90 available battery level states (0:11 to 1:0). The number of potential levels denoted by a tuple (level; dischargeTime) would then be a simple multiplication 355 _ 40277 and the number of possible states would be 14172310, which only accounts for the discharging state. Using the information about the battery charge (chargingTime) could effectively double the number of possible states. The probability of a (level; dischargeTime) collision (between different users, and assuming a uniform distribution) is therefore low and for a short time frame this would effectively be a unique identifier. However, we emphasize that the dischargeTime levels can be subject to frequent changes, in response to change in the users' computer use patterns. This means that, in practice, the risk of long-term tracking with this information may be negligible. But it could be used to distinguish visits of corporate users behind a NAT (Network Address Translation). In such a setting, the computers may have similar fingerprints and often identical public IP addresses. The readouts from the battery may allow distinguishing these users."

A key part of the uniqueness is that batteries with the same capacity when they are manufactured degrade at different rates, based on tasks and other variables.