11/18/2023 0 Comments Chrome battery status apiThere’s no easy way to disable certificate authorities in the UI (that I know of), but there’s an easy hack on Linux: create a file named libnssckbi.so (it might need to be a valid ELF library but doesn’t need any symbols) and stick it at the start of your $LD_LIBRARY_PATH.User_pref(“_proxies_on”, “ ”) # add other sites needed for ocsp For a secure profile for banking etc., disable unencrypted traffic:.Useful if you want to have different groups of settings applied to different profiles (use symlinks to a common location managed by git). Instead of user.js, you can put a ‘preferences’ directory in your profile and firefox will import preferences/*.js at startup.I wasn’t aware of it but have a list of several hundred similar settings I’ve been accumulating for years (not all for security some disable annoyances like animations, and one is just there to revert some of the pointless ‘transient’ changes that make ‘git diff’ difficult). Karen, thanks for mentioning the ghacks project. And because a lot of “MUST” requirements conflict with “The user agent MAY obfuscate the exposed value”. (We used to just disable Javascript when we wanted web sites to stop wasting CPU, but “modern” sites seem intent on forcing everyone to enable scripts.)īy the way, the spec papers over the idea of privacy: “The user agent SHOULD not expose high precision readouts of battery status information as that can introduce a new fingerprinting vector.” But really, you can tell they don’t care because they defined chargingTime and dischargingTime in seconds. I’d be curious to know whether anyone’s using this, and if so, is the high-battery-drain version something I’d actually want? Or should we just program our browsers to report a battery in its death throes, to get a more pleasant experience. So, they decided people should be able to query your battery level and charging/discharging times/status to make, basically, a binary decision. Given knowledge of the battery status, web developers are able to craft web content and applications which are power-efficient”. This means the battery of a device may exhaust faster than desired because web developers are unable to make decisions based on the battery status. The justification? “Without knowing the battery status of a device, a web developer must design the web application with an assumption of sufficient battery level for the task at hand. Someone thought it was a good idea for a website to be able to query my battery level? And this isn’t some forgotten decade-old thing, it was added in the last year! Privacy-invading features manage to get into browsers all the time, but this one surprises me. Tags: academic papers, browsers, Firefox, identification, Linux, privacy, tracking Here’s a battery tracker found in the wild. Our bug report for Firefox was accepted and a fix is deployed. We propose minor modifications to Battery Status API and its implementation in the Firefox browser to address the privacy issues presented in the study. The fingerprintable surface of the API could be drastically reduced without any loss in the API’s functionality by reducing the precision of the readings. Our analysis shows that the risk is much higher for old or used batteries with reduced capacities, as the battery capacity may potentially serve as a tracking identifier. The capacity of the battery, as well as its level, expose a fingerprintable surface that can be used to track web users in short time intervals. Our study shows that websites can discover the capacity of users’ batteries by exploiting the high precision readouts provided by Firefox on Linux. We put special focus on its implementation in the Firefox browser. We highlight privacy risks associated with the HTML5 Battery Status API. Here’s the paper that described those concerns:Ībstract. From Firefox 52 onwards, the Battery Status API is only available in chrome/privileged code.Firefox is removing the battery status API, citing privacy concerns. From Firefox 51, the actual precision is no more to the second, but to the nearest 15 minutes. Values for BatteryManager.chargingTime and BatteryManager.dischargingTime are always equal to Infinity. Firefox also provide support for the deprecated navigator.battery. Support for MacOS is available starting with Gecko 18.0 (Firefox 18.0 / Thunderbird 18.0 / SeaMonkey 2.15). The Battery API is currently supported on Android, Windows, and Linux with UPower installed. Starting with Firefox 11.0, mozBattery is enabled by default. Disabled by default in Firefox 10.0, but can be enabled setting the preference to true.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |