Abstract: | Computers plugged into power outlets leak information by drawing variable amounts of power when performing different tasks. This work examines the extent to which this side channel leaks private information about web browsing. Using direct measurements of the AC power consumption with an instrumented outlet, we construct a classifier that correctly identifies unlabeled webpage-activity traces from a set of 50 candidates with 87% precision, 74% recall, and 99% accuracy. The classifier rejects samples of 441 pages outside the corpus with a false positive rate of less than 2%. It is also robust to a number of variations in webpage loading conditions, including encryption. Characterizing the AC power side channel may help lead to practical countermeasures that protect user privacy from untrusted power infrastructure. |