Audio APIs were released as recently as last year that are used for widespread fingerprinting via audio hardware latency information that is available with no notice to the user and without their permission, even on websites with zero audio.
This simply isn't true. That's not even the only recent API that Chrome has spearheaded that is being abused by ad networks and other nefarious actors.
> Audio APIs were released as recently as last year that are used for widespread fingerprinting via audio hardware latency information that is available with no notice to the user and without their permission, even on websites with zero audio.
That seems to be fixed, at least on firefox. The result from console.log(new AudioContext()) seems to be generic values that don't correspond to the actual values (eg. it reports the sample rate as 44.1khz, but my system sample rate is 48khz).
None of what you said is relevant to Chrome. Chrome still allows ad networks to pilfer this information as of the latest version.
Chrome is the worst browser for privacy by far. Between cookie policies, X-Client-Data backdoors for DoubleClick and APIs like this one it seems awfully convenient that this stuff continues to make it to production for ad networks to abuse with impunity.
I have a WQHD (3440x1440) main display with two old 1680x1050 panels mounted side by side above it. Even amongst those with three monitors my setup is quite unusual and thus would be incredibly useful as a fingerprint.
I see that it'll be gated behind a permission popup like many other modern browser features, but based on the number of clients I've had to clear ad networks out of their "Allow Notifications" lists for it's quite clear that a lot of people just hit "yes" to whatever they're prompted about.
I of course see the value to developers of complex web apps, but IMO this is the sort of thing that shouldn't actually happen in the browser itself. Make it exclusive to Electron or similar platforms that use a web browser style engine but can have additional capabilities beyond what's reasonable to expose to a plain old browser.
It's an old legacy mentality when you can't imagine web systems filling the role of regular applications. Please update your mental models accordingly.
That you happen to think of the web as being for this specific thing that you imagine is not a fair constraint. The web does not want to be excluded from becoming more, please stop placing it in the corner.
> The TL;DR is that we strongly value the feedback of real web developers (that means you!) during the process of designing and standardizing new features. We believe origin trials provide a good way of encouraging that feedback, while being extremely careful that the experiments aren’t used by sites in production-critical roles or as if they’re finalized features.
