marcoscaceres
commented
10 years ago Elsewhere, @npdoty wrote:
I believe there are two common mitigations of this kind of privacy concern: 1) not firing events for background windows (which works for some APIs, but perhaps not this one if the background loading use case is expected to be particularly important); 2) allowing fuzzing of the event firing by the UA (which seems to be particularly amenable here, as simultaneous event firing or real-time updates of network connectivity are likely not essential).
Quick note: As the type value is shared globally across all documents, it can be used together with other bits of data to fingerprint. Need to document this somewhere.