It appears to be in a browser, which really shouldn’t be providing enough info to make this possible. I take it as a commentary on how information-leaky browsers are, though I’m not sure that’s the intent.
The fact that it's not new doesn't make it less concerning. Especially considering the push in recent years to leak less data, and the change in assumptions that we trust everything and everyone in the stack not to abuse data we leak (for example, the change from HTTP to HTTPS by default, the general advice to use fewer extensions to minimize fingerprinting, and Mozilla's efforts to reduce tracking and fingerprinting by webpages).
But can we really use browser window position for fingerprinting? One time I open page in full view mode, another as tile in the left part of window or in right part. How can it be used?
I don't recall the last time I saw someone on a non-massive (>24") monitor use a browser in less than fullscreen width. That'll get you resolution, which sounds like yet another way to subdivide people viewing a website.
Or we could just discuss per-session tracking in which a user has an uncommon width remaining for all tabs
"screen.width" and "screen.height" will also get you the screen resolution without any need to estimate things based on where the window is positioned on the screen.
again, this is stuff that's been there since v1, and is table stakes for any sort of fingerprinting. it's just not useful enough to matter.
In a vacuum, you're absolutely right. But every dimension we allow users to be sub-divided along adds another potential fingerprinting point. This isn't the most important one; hell, it's barely an important one. It is simply the fact that it's another inch down the path of being able to identify every single visitor.
All that said: You're right. It's a QoL feature that's objectively helpful, and I am tilting at windmills. The current state of the web has left me dejected and morose, and I am disheartened by something that's not worth anyone's time - certainly neither of ours.
Perhaps it's not the browser leaking it, maybe there's some other native code running that's watching window movements and resizing events, then it's sending that to the JS.
I was thinking perhaps the OS has accessibility APIs that provide this info. For example, this application uses some form of accessibility APIs, if I'm not mistaken, to overlay things on screen - https://www.homerow.app/
knowing where the browser window is positioned on the screen isn't some scary new thing.