[0xy]

From personal experience in my job, I've seen ad networks abusing the following APIs for privacy invasive fingerprinting:

- AudioContext API (introduced as recently as last year)

- Performance API

- Widevine DRM

- Speech Synthesis API

If you put a lot of thought into privacy and security, we certainly wouldn't be seeing this level of widespread abuse by ad networks.

Let's deep dive on AudioContext for a second.

Chrome's AudioContext API allows ad networks to pilfer latency information about the user's audio hardware (which is used in the wild for fingerprinting today) with zero user interaction, zero indication and zero approval. A web page that never plays audio (!!!) has access to this silently and without approval.

[anaganisk]

I feel dev's at Google, just turn blind eye, once a PM pitches an Idea, literally every API they build is abused by ad networks, and now they want us to believe native file system access is safe, and good enough to be allowed by default. I just want this to blow up and see how the same googlers defending this feature, come and answer again.