Data Leak - Battery Level

Talk about code development, features, specific bugs, enhancements, patches, and similar things.
Forum rules
Please keep everything here strictly on-topic.
This board is meant for Pale Moon source code development related subjects only like code snippets, patches, specific bugs, git, the repositories, etc.

This is not for tech support! Please do not post tech support questions in the "Development" board!
Please make sure not to use this board for support questions. Please post issues with specific websites, extensions, etc. in the relevant boards for those topics.

Please keep things on-topic as this forum will be used for reference for Pale Moon development. Expect topics that aren't relevant as such to be moved or deleted.
Lord_Brezel

Data Leak - Battery Level

Unread post by Lord_Brezel » 2015-09-02, 10:43

Palemoon seems to enable mozillas battery status API by default. ""dom.battery.enabled""

This seems to allow websites to read my battery level.
Why on earth should websites read my battery level?
Powermanagement is the job of the OS and not of the webdesigner.

Mozillas justification for it is: So that webapps can react to low power situations, preventing data loss or make themselves darker.

As Palemoon is a browser that seems intent on the classic web I suggest to turn it off by default.

References:
http://www.wired.co.uk/news/archive/201 ... in-firefox
https://developer.mozilla.org/en-US/doc ... Status_API


(aside from that: this is outrageous! why are there always new things that leak obviously unneccessary data to websites?)

User avatar
ketmar
Lunatic
Lunatic
Posts: 369
Joined: 2015-07-28, 11:10
Location: Earth

Re: Data Leak - Battery Level

Unread post by ketmar » 2015-09-02, 11:44

Off-topic:
Lord_Brezel wrote:aside from that: this is outrageous! why are there always new things that leak obviously unneccessary data to websites?
'cause modern "web-designers" sees web as "application platform". we lost that fight, i'm afraid.

Lord_Brezel

Re: Data Leak - Battery Level

Unread post by Lord_Brezel » 2015-09-02, 12:13

Still this particular feature is not something any "webapp" will ever miss, except it has something to do with specifically interacting with your battery-stats as its main feature. The average web user will only be tracked with it. So Palemoon may as well drop it.

We certainly have not lost this fight. Also we dont have to fight that fight. No sane person will ever stay in their crazy circus.

Extra-ranting:
I intentionally ignore sites that want to imitate an application-like experience.
I find these hip and modern webdesigners that put 7 million abstraction layers even between them and the browser and appify everything are really a bunch of huge exemplaries of a certain odd sounding musical instrument that is often metaphorically used to insult people.

Anyone who actually wants foreign web code to manage your devices should go to chrome and build with them their bizarre app garden with ugly designer couches and mediocre cocktails. Meanwhile the community around Palemoon can build their own type of internet, with blackjack and hookers.

superA

Re: Data Leak - Battery Level

Unread post by superA » 2015-09-02, 12:39


User avatar
ketmar
Lunatic
Lunatic
Posts: 369
Joined: 2015-07-28, 11:10
Location: Earth

Re: Data Leak - Battery Level

Unread post by ketmar » 2015-09-02, 12:56

i think the issue here is not about "privacy breach", but more about "how much more data you, $#^$#^# web-developers, want?! get off!"

ninaholic

Re: Data Leak - Battery Level

Unread post by ninaholic » 2015-09-02, 14:35

Lord_Brezel wrote:Mozillas justification for it is: So that webapps can react to low power situations, preventing data loss or make themselves darker.
Is there any way to trick websites into thinking you always have low battery? Maybe they'll perform better. :lol:

User avatar
ketmar
Lunatic
Lunatic
Posts: 369
Joined: 2015-07-28, 11:10
Location: Earth

Re: Data Leak - Battery Level

Unread post by ketmar » 2015-09-02, 14:52

ninaholic wrote:Is there any way to trick websites into thinking you always have low battery? Maybe they'll perform better. :lol:
sure. you can write userscript to override DOM battery API, for example, and always return "oh, dear, i'm almost dead!" ;-)

half-moon

Re: Data Leak - Battery Level

Unread post by half-moon » 2015-09-02, 21:48

I disabled the battery setting in my palemoon.

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 35478
Joined: 2011-08-28, 17:27
Location: Motala, SE
Contact:

Re: Data Leak - Battery Level

Unread post by Moonchild » 2015-09-03, 08:48

Pretty much a no-brainer.
Consider the default changed to "off" from this point forward. The API can still be useful but should only be enabled by the user if they need it.

As an aside, this will probably lower Pale Moon's "capability score" in HTML5 tests; a good example of why higher isn't always better ;)
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite

jumba

Re: Data Leak - Battery Level

Unread post by jumba » 2015-09-03, 11:37

Good move! I don't like the idea that every site will add their own instances of power save scripts. Also:
Authors should be aware, however, that a naïve implementation of this API can negatively affect the battery life.
http://www.w3.org/TR/battery-status/#introduction

User avatar
LimboSlam
Board Warrior
Board Warrior
Posts: 1029
Joined: 2014-06-09, 04:43
Location: USA

Re: Data Leak - Battery Level

Unread post by LimboSlam » 2015-09-03, 14:51

Will this have a greater effect on mobile Firefox and Pale Moon? Actually, will it have any effect?
With Pale Moon by my side, surfing the web is quite enjoyable and takes my headaches away! :)
God is not punishing you, He is preparing you. Trust His plan, not your pain.#‎TrentShelton #‎RehabTime

squarefractal

Re: Data Leak - Battery Level

Unread post by squarefractal » 2015-09-03, 17:48

LimboSlam wrote:Will this have a greater effect on mobile Firefox and Pale Moon? Actually, will it have any effect?
I don't think the battery API is meant to be exposed like that, it's meant for webapps and such.
So zero effect for Pale Moon.

User avatar
Admin
Site Admin
Site Admin
Posts: 405
Joined: 2012-05-17, 19:06

Re: Data Leak - Battery Level

Unread post by Admin » 2015-09-03, 18:13

Thanks for the tip! Disabled this now in all browsers I have access to ;)
Did you know that moral outrage triggers the pleasure centers of the brain? It's unlikely you can actually get addicted to outrage, but there is plausible evidence that you can become strongly predisposed to it.
Source: https://www.bbc.co.uk/programmes/p002w557/episodes/downloads - "The cooperative species" and "Behaving better online"
Image

intofix

Re: Data Leak - Battery Level

Unread post by intofix » 2015-09-04, 12:05

Already in my user.js with these one too.

Code: Select all

// DOM - JAVASCRIPT
// disable dom storage
user_pref("dom.storage.enabled", false);
// disable battery API - fingerprinting vector
user_pref("dom.battery.enabled", false);
// disable network API - fingerprinting vector
user_pref("dom.network.enabled", false);
// disable giving away network info - https://developer.mozilla.org/en-US/docs/Web/API/Network_Information_API
user_pref("dom.idle-observers-api.enabled", false);

dark_moon

Re: Data Leak - Battery Level

Unread post by dark_moon » 2015-09-06, 16:32

Thanks for this privacy improvement, Moonchild!
Also thanks for your tips, intofix.

intofix

Re: Data Leak - Battery Level

Unread post by intofix » 2015-09-06, 21:02

dark_moon wrote:Also thanks for your tips, intofix.
Thanks dark_moon, always for my pleasure when i can help. Probably other residues (from Firefox) i must censor, but i will be very busy from now on.

Locked