On 10/26/2016 9:21 AM, Boris Zbarsky wrote:
So I decided to see what sites were doing with it. I set a breakpoint
in getBattery() and tried browsing. The first site I tried loading was
cnn.com, and it hit the breakpoint. It's hitting it because it's using
the "boomerang" library from https://github.com/yahoo/boomerang (or one
of its various clones) as far as I can tell, and
https://github.com/yahoo/boomerang/blob/b70cb237c175debf1fda31ab9ae44e1cfa7996ca/plugins/memory.js#L177-L203
pokes at the battery API. Looks like it reports the battery level as
part of its telemetry? The original commit that introduces that is
https://github.com/yahoo/boomerang/commit/b0c41b144913338ea905f03fc28f32130c5521e5
which is not terribly informative as to _why_ that data is being collected.
Thanks, Boris. That's a great analysis.
Boomerang reporting users' battery levels, hardwareConcurrency, and
maxTouchPoints sounds like active fingerprinting (what the library calls
"beaconing"). Boomerang also extracts third-party tracking IDs from
Google, Adobe, and IBM analytics cookies:
https://github.com/yahoo/boomerang/blob/b70cb237c175debf1fda31ab9ae44e1cfa7996ca/plugins/third-party-analytics.js
chris
_______________________________________________
dev-platform mailing list
dev-platform@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-platform
