The Electronic Frontier Foundation (EFF), privacy company Disconnect and a coalition of Internet companies have announced a new “Do Not Track” policy setting for browsers.
The EFF and the Internet coalition—consisting of AdBlock, DuckDuckGo, Medium and Mixpanel—are calling the policy a standard for browsers to protect users from sites that secretly record and follow Internet activity. The Do Not Track standard is aimed at deterring advertisers and tech companies from third-party data collection, working in tandem with ad blockers and privacy software.
The Do Not Track preference can be set in Chrome, Firefox and other browsers, along with Safari on iOS and on the Firefox OS mobile operating system. The full Do Not Track policy is available here.
HTML5 feature can be used to track users’ devices
Security researchers at the International Association for Cryptologic Research (IACR) have uncovered a feature in HTML5 that allows websites to track the status of a mobile device.
The HTML5 Battery Status API, maintained by the World Wide Web Consortium, enables websites to pull device data such as battery level and charging time for users. According to the researchers, this could allow potential attackers to create a digital fingerprint of a user’s Web activities.
“Our study shows that websites can discover the capacity of users’ batteries by exploiting the high-precision readouts provided by Firefox on Linux,” the researchers stated. “The capacity of the battery, as well as its level, expose a fingerprintable surface that can be used to track Web users in short time intervals. Our analysis shows that the risk is much higher for old or used batteries with reduced capacities, as the battery capacity may potentially serve as a tracking identifier.”
The API is currently implemented in Chrome, Firefox and Opera, and is not enabled in Internet Explorer and Safari. The full report from the IACR is available here.