[heyplanet]

This probably adds a significant number of data bits for tracking people without cookies.

First of all it tells the page if you run the dev version of Chrome with a certain version.

Secondly, I would be surprised if memory behavior does not differ between certain setups.

[ulan]

Author here. Fingerprinting is a valid concern. The API explainer has a section about it: https://github.com/WICG/performance-measure-memory#fingerpri...

It is important to keep in mind that the API only accounts for the objects allocated by the web page itself and does not expose the total memory usage of the browser.

The only information that can be extracted using the API is the browser version (because an object representation may change between different versions) and the bitness of the browser (32-bit vs 64-bit). This information is already exposed by other existing APIs (e.g navigator.userAgent, navigator.deviceMemory)

Thus the API does not add _new_ data bits for tracking. The final spec of the API may include additional protection against fingerprinting. For example, adding a small amount of Gaussian noise would make browser version inference much more difficult.

[onion2k]

Secondly, I would be surprised if memory behavior does not differ between certain setups.

In my experience of profiling various web apps, memory usage will differ between sessions of the same app on the same machine in a series of automated test runs with no changes to the code or setup. Web apps are terrible at managing memory and they leave all manner of things lying around that make it hard to get a deterministic number you could use for fingerprinting a user's browser.

[srl]

Your first point surely applies to introducing any browser-specific feature -- and features are generally introduced to one or two or all browsers before becoming part of a standard.

"A website, with JS enabled, can tell what version of what browser you have" is a sailed ship, right?