The privacy nightmare scenario that the authors paint is based on this half-minute-later return visit. Within those limited situations, it could be used to find those who want to be found the least, the authors argue: "Users who try to re-visit a website with a new identity may use browsers' private mode or clear cookies and other client side identifiers. When consecutive visits are made within a short interval, the website can link users' new and old identities by exploiting battery level and charge/discharge times. The website can then reinstate users' cookies and other client side identifiers, a method known as respawning. Note that, although this method of exploiting battery data as a linking identifier would only work for short time intervals, it may be used against power users who can not only clear their cookies but can go to great lengths to clear their evercookies."
The report also concedes why this works on so few OS/browser combinations: "We emphasize that our method only works for UPower and Firefox on Linux, and during our study we encountered some computers for which we cannot recover the capacity with our method. This can be due to the differences in how processors handle floating point calculations or measurement errors in UPower."
This is the quintessential theoretical hole that simply isn't significant. To have a true privacy threat, it has to be effective enough that people will bother implementing it. Please forgive me, but this tactic isn't nearly powerful enough to worry about.
Sign up for CIO Asia eNewsletters.