[btown]

Browser fingerprinting is already pretty good if you can run arbitrary JS on a site. Add access to a FLOC, even a FLOC with 10k people, and you're basically at a place that's worse than third-party cookies were, because at least third-party cookies could be blocked. Ad networks are already using fingerprinting and this will be seen as a blessing to them.

[alkonaut]

If browsers would stop some edge case extensions such as rendering to canvas and reading the data back, it would be much more difficult. Browser JS envs just expose way way too much entropy from the user system

[dillondoyle]

You'd have to get rid of a ton of modern features and somehow backfill / update all browsers to a set of constants

- audio waveform generation - access to gpu/webgl info - have to somehow dramatically change or remove ICE/webrtc - standardize 'feature flags' e.g. somehow backfill old browser so they all show support for new JS objects - access to only a small set of fonts - somehow make rendering completely the same across browsers or remove measurement/rendering to like 5px increments or something. e.g. bounding rect of (747744.888some two character specific font or some svgcss transform etc) - testing for a ton of css extensions - supported mime types - a bunch of SVG things (i dont think this has been explored much i have a hunch there are some good targets) - a bunch of latency hacks and more...

[alkonaut]

Things like string measurement is indeed tricky. Audio generation or reading back raster data simply shouldn’t be possible by default. I’d be happy to enable that on a per site basis like pop ups.