The HTML5 specification allows websites to find out how much battery power you have left on your device. Today experts warn that such information can be used to track browsers on the Internet.

This feature is supported in many web browsers, including Firefox, Opera and Chrome, in order to help websites conserve users’ energy. It is supposed that a website or web app can detect when your battery is dying and switch to a low-power mode by disabling extraneous features. Such a feature explicitly frees sites from needing to ask your permission to discover the remaining battery life, because such information has minimal impact on privacy. Now security experts question this assertion, pointing out that the data obtained by a website is very specific: for example, it tells the estimated time that the battery will take to fully discharge and the remaining battery capacity expressed as a percentage. These figures, taken together, can serve as a potential ID number.

For example, if you visit a website in Chrome’s private browsing mode via VPN, it is supposed that the website can’t link you to a subsequent visit from non-private browsing and without VPN. But now battery level and charge/discharge times can allow the website to match these two visits and understand you are the same user, and as a result, reinstate your purposefully cleared cookies and other client side identifiers.

The security experts warn that this is not the only problem: it turns out that on some platforms, it is possible to find out the maximum battery capacity of the device with enough queries, creating a semi-permanent metric to compare devices.