Browsers remove functionality due to privacy

It's 2016 and we are experiencing something unprecedented in the history of the Web.

Apparently, Web browsers (Firefox, Safari?) are removing parts of their functionality citing privacy concerns. This is a fascinating development.

Introduction

I am analysing security and privacy of modern Web for more than 8 years now. The Web is a very broad and already complex ecosystem and addition of a new feature must be analysed carefully. When a feature or functionality is known to open a security or privacy issue, it is usually amended in order to address the risk or create a suitable work around. However, it is not common to purge an entire API. This is happening to Battery Status API.

I originally wrote a note about the fascinating privacy aspects of Battery API, but recent developments justify writing another one.

Battery Status API is a W3C specification enabling websites to learn about the battery level of the visiting user's system. I was aware of the possibly sensitive functionalities of this API for a while, but I had waited until 2014 to actually dive into the issue and analyse it thoroughly. Back then, the specification did not foresee any privacy footprint o the API, this has subsequently changed and I was very happy to see the specification amended.

We're seeing something new

In 2015, we published a report summarising our privacy findings, concluding that Battery API brings consequences from privacy point of view: information leaks about the user and his system, and fingerprinting capabilities. Additionally, back then Firefox had an interesting additional information leak, that we helped fixing.

Since August 2015, I am proud to volunteer my help at W3C with privacy aspects as an Invited Expert; I am delighted that W3C is very open to my work. W3C standardising how the Web works. One of its core principles is to make sure the Web stays open and it won't end up controlled by a single entity.

In 2016, Arvind and Steven made available their report spotting that web scripts in wild are seemingly abusing the Battery API functionality.

Since this summer, I became aware that Mozilla is considering purging support for Battery API from Firefox. The motivations were that Battery API might not have an actually useful use cases in 2016, as operating systems handle battery management much better than a few years ago. On the other hand, the API brings privacy implications.

So Mozilla has been performing a cost/benefit analysis.
While benefits weren't substantial or clear, the cost (here: privacy risk) was more substantial.

This has now happened. Firefox is completely removing support for battery status readout due to privacy concerns. Mozilla is not trying any mitigation strategies. Mozilla decided to completely remove the entire API from its source code.

I checked the previous Firefox changes, and apparently there is no previous example of functionality removal due to privacy issues (you can try with a simple check here, too).

It's also interesting to note that Apple is considering to remove support for Battery Status API from WebKit's (the engine powering Safari browser) source code. Although so far Apple has not enabled Battery Status API, it is implemented in Safari's engine. At this point, I don't believe Apple will ever ship this feature.

2016 marks an unprecedented event in the Web's history. Web browser vendors are deciding to reduce browser's functionalities - remove features - due to privacy risk potential.

We went a long way since 2000s, when privacy wasn't treated that seriously.

Appendix

I have completed a PhD in 2015, so I am familiar with academic process. Although my research report on web privacy aspects of Battery API did not receive plenty of citations, I am more than happy with practical outcomes. I will cite Arvind's excellent note on security and privacy research and measuring of the impact:

(...) Explain the work to policymakers or to other researchers who are building upon it. Or even just evangelize your ideas. Some people claim that ideas should stand on their own merit and compete with other ideas on a level playing field. I find this quite silly. I lean toward the view expressed in this famous quote you’ve probably heard: “if your ideas are any good you’ll have to shove them down people’s throats.”
The upshot of this is that impact is heavily shortchanged in the publication-as-competition model. This is partly because of what I’ve talked about, we have no incentive to do any more work after getting the paper published. But an equally important reason is that the community can’t judge the impact of research at the point of publication. Deciding who “wins the prizes” at the point of publication, before the ideas have a chance to prove themselves, has disastrous consequences.